HandyScan triggers Virus Detection on Windows 10

Windows 10 virus scan detects the install as a PUA:Win32/Presenoker. Which is low risk since it is adware. This is both on the current version (HandyScan_Setup2.4.7_20210430.R) and the one on the USB stick (HandyScan_Setup2.4.3_20210408.R).

When I go to run it, it runs with Administrative privileges. Why? I am not going to run software that has adware and requires admin privileges. Anybody else seeing this problem?

1 Like

I notice on the net that there are tons of Windows Defender detections of this PUA: Win32 / Presenoker, especially when it comes to recent software that the Microsoft lab has not yet analyzed.

Personally I have AVG Premium and Malwarebytes pro and even if I scan This file, they do not detect anything, neither Trend, nor before do not detect anything on the file in remote scanning.

I think Windows Defender recognizes part of the malware signature in the software code and creates a false detection.
In any case, since the installation of HandyScan I have no more suspicious processes.

I can assure you that this must only be a false detection, I do not see the point of Revopoint in putting adware in their products.

In any case, I will send the information back to the Revopoint developers.

Thank you for your report

My Win10 laptop does not let HandyScan run for more than 5 seconds. I get this very detailed entry in event viewer. Running in admin mode did not help in my case. Did you disable Defender?

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DESKTOP-IFDG29M\marti SID (S-1-5-21-2061739710-710912525-3254598935-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool."

More digging in event viewer produced this in “Administrative Events”:

Faulting application name: HandyScan.exe, version: 0.0.0.0, time stamp: 0x6062caf3
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff
Exception code: 0xc000041d
Fault offset: 0x000000000003c380
Faulting process id: 0x160c
Faulting application start time: 0x01d74baa79bccb23
Faulting application path: C:\Program Files\HandyScan\HandyScan\HandyScan.exe
Faulting module path: C:\Program Files\HandyScan\HandyScan\MSVCR120.dll
Report Id: 772cb084-b18c-48a1-a950-005e7e0cd9c9
Faulting package full name:
Faulting package-relative application ID:

What I did was install it, then I ran a virus scan again and found the file it didn’t like. That file didn’t seem important so I deleted it. Then I was able to run a scan with no issues.

I have not had a problem with the software stopping. I have had problems with the scanner not getting enough power from the USB port I was plugged into. The port it is in now seems to be okay, but I’m considering a powered hub.

Sorry I couldn’t help more.

I had the same issue. Windows defender quarantined the software. My detection was basically for unknown software. Had to keep the the file and install. later scans, no issues found. Not 100% what is going on, But I assume my Windows machine is infected… Kind of sad.

1 Like

It’s strange to see than only Windows Defender don’t love the software.

We don’t have any complaint from any other antivirus… Need to investigate.
I will try myself with defender

Brilliant! Thank you. I shall try the same.

why not just add the file in question to the exceptions? or to whitelist the software

I have HandyScan 2.4.7 installed on my Win10 Pro x64 system version 20H2. It did not trigger any virus warnings from either Windows Security (it’s not called Defender anymore) or Malwarebytes when installed, both of which are always running on my machine. I just did a deep scan to double check (which takes 30+ minutes, I’ve got a few terabytes of files but thankfully, all SSD). No issues reported by either. And I just fired up HandyScan again for the sake of completeness and it is working fine…

1 Like

@RocketSled Thanks for this confirmation.
I will do the same test

I’m will definitely try again to whitelist HandyScan, though WIN10 seems to hide much of that functionality these days. So I am thinking of a conjugate experiment based on the presence of this message in my event viewer:

Faulting application name: HandyScan.exe, version: 0.0.0.0, time stamp: 0x6062caf3
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff

There is a legitimate, but complex, procedure to take ownership of all the modules as Administrator and grant them permission to operate. Requires numerous registry edits that I, apparently, did not perform correctly on my first attempt.