Poser 13 - Software-Update blocked because of TR/AD.Amadey.nvgep in sqlite_x64Release.dll
Ladies and Gentlemen,
one week ago, I installed the Poser 13-Update (Software from Renderosity) successfully on my Computer and was able to start it and use it. Some days later F-Secure blocked th program with the remark : "blocked because of TR/AD.Amadey.nvgep in sqlite_x64Release.dll". The dll was sent to the quarentine. I failed to extract the suspicious file with fsdumpqrt.exe, because this app will not run on my Computer, although I tried to start it as administrator in cmd (Win 11 Pro actual update) to send it to analysts.
A new download of the Poser - software did not help to install Poser 13 successfully again.
Is the file dangerous or is there a wrong identification?
Could You please help me?
with thanks in advance and regards
Michael Hold
😒
Accepted Answer
-
Hello,
Sorry for my reply. I am also only an F-Secure user.
One option is to contact their direct official support channel via that page: Contact support | F-Secure (for example, web-chat widget is in the bottom right corner). Maybe Support Agents with enough tools to safely get quarantined item.
Poser 13-Update (Software from Renderosity)
I do not know a lot about this software, but based on Googling..
So, this is Poser 13 software (application), which is available on their own website too. And Renderosity is another web-resource, where possible to buy or download additions to; or just this software as such.
Is there any possibility that received copy is altered?
// by the way, I downloaded Poser 13 installer from the official website (as I think) and managed to reproduce a detection. I will try to play more about it.
The dll was sent to the quarentine. I failed to extract the suspicious file with fsdumpqrt.exe, because this app will not run on my Computer, although I tried to start it as administrator in cmd (Win 11 Pro actual update) to send it to analysts.
Is it possible to run it as in Compatibility mode (or something like that) - by right click (then inspect context menu options). Because with Windows 10 - it was possible to run tool. However, what is the failed result of your attempt? Just .zip-file with no content or any 'error'-output?
Is the file dangerous or is there a wrong identification?
As I see, Renderosity Community also with a discussion topic about this subject (F-Secure claims Poser 13 contains Trojan - False Positive?). Based on it:
- "TR/AD.Amadey.nvgep"-detection is released 01.04.2023 (for a certain engine as a part of core using in F-Secure products, currently).
- Other AVs solutions also with detection about Poser 13 (however, I did not find this).
There is a way to install Poser 13 by adding folders in Exclusions before that (from where to run and so on). Or to restore quarantined file manually.
But I will recommend to reach and contact F-Secure Labs before any action about installing or using.
Answers
-
Hello Ukko,
thank You for Your extensive answer. I wrote an E-Mail to the F-Secure team. I am curious, what they will say.
I reported the suspicion to Renderosity support , but the answer did not help.
But I copied the old sqlite_x64Release.dll from Poser 12 to the Poser 13 directory and Poser 13 is complete functional, without any warning of F-Secure. I think that is remarkable.
So I wait for the reply of the F-Secure support team.
with regards
Mike
-
Hello @MMike
Thank you for your post.
We have received your submission. Our Malware Analyst is currently inspecting it, and we'll let you know as soon as we have any updates.
If you have any other questions or concerns, please don't hesitate to ask. We're here to help!
Have a great day!
Firmy
Community Manager | F-Secure Community
🔐 Strengthening digital security through knowledge and collaboration
🌐 Explore our User Guides | Knowledge Base for self-help resources
💻 Empower yourself with Cybersecurity Insights and protect what matters
📢 Help Shape Our New Homepage! Share your input in our design survey. -
I think, detection is already gone. False positive, perhaps.
And, by the way, when you tried to use "fsdumpqrt.exe" - you can send the single file for analysis by using the report feature in the product instead (reference guide: Reporting a quarantined item | Total | Latest | F-Secure User Guides). Of course, if you did not so at the end.
It was not possible for my check - because installer detected itself and just re-named to be 'safe'. But since your experience was already about certain .dll-item in Quarantine, probably mentioned functionality was a way to report false positive / request re-rating.
Thanks!
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!