Home

Reason Core Security marks query_xxxxx.dll as Potentially Unwanted Extension

aidanwhitehallaidanwhitehall
Reason Core Security has flagged a handful of query_xxxxx.dll files in the directory C:\Users\username\appdata\local\temp\linqpad5\_xxxxx\ as a Dealply Potentially Unwanted Extension, and describes them as "A potentially unwanted browser extension that displays coupon offers, ads, pop-ups and prices from various merchants based on the underlying web page."

Am I okay to mark all of these as false positives? Presumably they are part of LINQPad's normal operation...

Thanks.
· Share on FacebookShare on Twitter

Comments

  • nescafenescafe
    edited April 2016
    Seems unlikely as these files are part of the regular query execution of LINQPad.

    UserQueries are first compiled to %TEMP%\LINQPad5\_xxxxx\query_xxxxx.dll and then executed.

    However, there's always a possibility the generated files are infected by another process afterwards.. There is no way to be absolutely sure about this, but you could examine the file using a decompiler like ILSpy or .NET Reflector.

    If these files are the only files detected by your scanner on your system, I'd assume they are false positives and would report them accordingly.
    · Share on FacebookShare on Twitter
  • aidanwhitehallaidanwhitehall
    Just taken a closer look, and the 8 DLL files it reported are all 0 bytes. There are few non-0 byte files, but a directory scan using Reason Core Security hasn't flagged those.

    Have submitted a false positive report via their web site.

    Thanks for your help.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.