Ransonware Potential?

[Bernard46]

Last night I downloaded CumulusMX and the WeatherCloud software (I was thinking of upgrading my Cumulus to be able to use WeatherCloud) - immediately I received a warning from Windows Defender (I'm running Windows 10 Pro and its bang up to date) about an alleged threat to my system from potentially unwanted software. This threat relates to software which apparently facilitates the insertion of ransomware on my machine

The details provided by Windows Defender were :
Threat Detected: Program:Win32/Wacapew.C!ml
Affected Items: C:\Cumulus\Weathercloud\cumulus-weathercloud\weathercloud.exe

Needless to say I immediately told Windows Defender to quarantine and remove the problem.

I have contacted Weathercloud about this and they immediately came back and said it wasn't their software but rather the add-on from CumulusMX.

I've looked on the web and there are a number of entries (including one on the Microsoft site) relating to Wacapew.C!ml - I'm also particularly suspicious of a file which uses an exclamation mark as one of the letters in its name - this seems to me to be completely unnecessary and the sort of thing that would only be used if someone wanted to deceive people into thinking a file name was something else - a typical malware trick.

What is the CumulusMX developers view on this?

[water01]

There is no such file in either the CumulusMX release or the Cumulus 1 release. I do not understand why you downloaded software for Weathercloud when CumulusMx just talks to their API when you have signed up for an account on there system.

It would appear that this is some sort of adware program that have you inadvertently downloaded from another site https://howtofix.guide/wacapew-removal/ and from what you have said it suggests the site you got the "WeatherCloud software" from whatever that is.

[PaulMy]

That program was by Adrian H to allow Cumulus1 to upload to Weathercloud. This is in from the Readme:
"Note: Some antivirus programs may have issue with the language this program is written in (autoit3). If your AV program flags the program as a possible virus please add an exception to your antivirus program. The program is checked clean by my own AV program (Kaspersky)."
And as discussed here viewtopic.php?f=4&t=11998&p=111006&hili ... ud#p111006

I downloaded and installed on more than one occasion, just had to add it to allow in the my virus protection. It is still being used every day on my old Windows8 PC/Cumulus1 setup.

With WC upload built-in CumulusMX this utility is not needed.

Enjoy,
Paul

[BrunswickWeather]

Every time I update Cumulus MX exe the Microsoft Defender warns me, but I make it ignore the "problem".

[sfws]

Every time I update Cumulus MX exe the Microsoft Defender warns me

There is no way to know what is in a file that has not been run yet, even if the file you want to run has same name as a file you have run before, the update is not the file you have run before.


Microsoft defender like many other virus checkers will always warn about an updated version of any software, just in case someone has hacked that update to contain something unwanted.

[HansR]

Microsoft defender like many other virus checkers will always warn about an updated version of any software, just in case someone has hacked that update to contain something unwanted.

Is assume there is more intelligence in those checkers that what you are implying now.
Thinking about checksums, pattern checks etc...

[sfws]

Thinking about checksums, pattern checks etc.

Agreed, these exist, and can detect some unsafe modifications, but the checker can't be sure until it has learnt that the new release of MX or whatever with its new checksum and new pattern is safe. MX does generate a web server and update databases, both areas where there is scope for malicious activity.

[water01]

That program was by Adrian H to allow Cumulus1 to upload to Weathercloud. This is in from the Readme:
"Note: Some antivirus programs may have issue with the language this program is written in (autoit3). If your AV program flags the program as a possible virus please add an exception to your antivirus program. The program is checked clean by my own AV program (Kaspersky)."
And as discussed here viewtopic.php?f=4&t=11998&p=111006&hili ... ud#p111006

I downloaded and installed on more than one occasion, just had to add it to allow in the my virus protection. It is still being used every day on my old Windows8 PC/Cumulus1 setup.

With WC upload built-in CumulusMX this utility is not needed.

Enjoy,
Paul

I get that Paul but he says he downloaded CumulusMX so why did he download the other software because as you say it is not needed? Best way to proceed for him if he is using CumulusMX is to delete the Download completely.