Page 1 of 1

What does the file i4jdel.exe do? Antiviruses saying Trojan?

PostPosted: Mon Mar 30, 2015 10:35 pm
by MikeWB
What does the file i4jdel.exe do? It is located in two temp directories and multiple antiviruses on Virus Total https://www.virustotal.com/ have identified it as a trojan over the months that I have used Serviio, now only one out of 57 antivirus engines say its Trojan-Downloader.win32.Agent.gen.103 . I have been forced to run Serviio in a sandbox program out of caution because some how I my computer gets infected once in a while from nowhere, but I've change antivirus to Bitdefender and it doesn't have a sandbox that you can manually use, and Serviio doesn't stream right in Sandboxie http://forums.sandboxie.com/phpBB3/viewtopic.php?f=17&t=20961#p108299. I know it's put there by Serviio because you can't delete it unless you stop Serviio from running. I've searched on Google and it says its a downloader. What does it download? I have installed Serviio back on my computer without sandboxing it, but would feel safer knowing what this file does, because so many antiviruses have detected it over the last couple of months.

Re: What does the file i4jdel.exe do? Antiviruses saying Tro

PostPosted: Mon Mar 30, 2015 10:40 pm
by zip
It's a file generated by the wrapper that runs Serviio as a Windows service. Definitely no virus.

Re: What does the file i4jdel.exe do? Antiviruses saying Tro

PostPosted: Tue Mar 31, 2015 3:36 am
by MikeWB
Thanks, but you guys should report it as a false positive to antivirus vendors. I mean look at this.
i4jdel.exe
The executable i4jdel.exe has been detected as malware by 43 anti-virus scanners. This is an installer that is downloaded through a bootstrap executable and launched via the local user's temporary directory. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. That is on HerdProtect http://www.herdprotect.com/ a program which I use. I'm not sure if it's detecting it that way now but it has in the past on my computer. On herd-protect it's easy enough to report false positives. Then they will update the program to ignore its detection by the antivirus engines used, but on virus total it tells you to report false positives to each antivirus vendor separately.

It's also listed as a Trojan on many other legitimate antivirus sites along with plenty of bogus sites.

It's probably a pain in the behind to do, but to protect your brand you might want to report false positives. I mean it almost spooked me off, if it wasn't a program I use all the time, I would have just deleted it to be safe.