My Roon core running on my Win10 computer just disappeared, and then my Kaspersky antivirus is telling me the rooninstaller is infected with a trojan.
I then downloaded from the Roon Labs website and again Kaspersky is telling me the download is infected.
Any comment from Roon Labs? Has their site been hacked?
I tried to update my clients to the latest version. Both of them have Kaspersky Antivirus Free installed.
On both clients the install fails and KAF reports a ransom trojan in the Roon installer:
After using Roon for some months now Kaspersky Internet Security (Version 18) today decided that Uninstall.exe in file location - C:\Users\Name\AppData\local\Roon\Application\100400310\ was a virus which contained the above and has quarantined it. I donāt know why it has suddenly decided this and am unsure if itās a false Positive? I am obviously reluctant to restore the file to itās original location just in case it has been infected.
I am running Windows 10 64bit and this is the first time since installing it that any virus has been flagged. My Core/Library is installed on my QNAP. The Roon interface still runs okay on my laptop which is not surprising as itās the Uninstall.exe thatās been quarantined.
Any help with this would be greatly appreciated. Hope Iāve posted this in the right place. @support
My Win 10 with Kaspersky also removed the Uninstall.exe was i a virus and removed it. Now you say it is a false positive, so I tried to restore the file, but as soon it is restored Kaspersky removes it again. How do I stop Kaspersky from removing it again?
Hi Martin, thanks for your response, itās a bit more reassuring but a pity that we have to basically carry out a work around. I appreciate that the issue is likely to be a false positive by Kaspersky but it would be better if it could be resolved.
It can be difficult to find answers on the forums as they obviously grow longer by the day but itās great to know so many people are contributing.
Antivirus programs look for a virus signature not the whole virus program. Sometimes antivirus software will find a signature in legitimate programsāthis is a false positive. Moreover, because viruses are getting more elaborate (polymorphic and metamorphic) heuristic (self-learning) techniques are used to identify viruses. This tends to have more false positives.
So, thereās very little Roon Labs can do other than ensure their code is clean and safe at the point of download. You may find Windows Defender is more effective and less resource hungry than add-on antivirus packages.
Iām personally wary of Kaspersky in view of itās Russian connections. I have been very happy with WebRoot, which probably just means my data gets routed through the NSA before getting to the FSB. WebRoot gets excited every time I upgrade to a new build in Roon, but hasnāt identified anything in Roon as a virus.
bearFNF, as a lifetime member I agree that I am extremely unlikely to leave Roon and therefore need to use the uninstall facility. However, there are times that a program needs to be uninstalled then reinstalled due to software conflicts with other programs etc. For this reason I would prefer that the file is not removed from the program.
Iād like to add that āGen.hryā at the end of the āvirusā name means Generic Heuristic, that is Kaspersky didnāt even find any virus signature in this file but its heuristic engine thought that this file had some functions or was constructed like other Trojan Ransom viruses. This heuristic engine was designed to catch new viruses before the virus signature is available. So, on the assumption that we trust Roon itās false positive. My Kaspersky also quarantined this file.
Or maybe this file is responsible for the membership fees we pay to Roon.