Open AYasinAkalin opened 3 years ago
Virustotal.com's scan revealed that security vendor Jiangmin detecting Trojan.PSW.Python.cu in quickIniEditor.exe
.
62 other security vendors don't report any security issues. So it is a mystery why this is happening.
quickIniEditor.exe
is created with python setup.py py2exe
command.
Additionally, Windows Defender triggers a machine learning trojan detection if cloud detection is enabled. This is all false positives as some trojans, cryptominers and ransomware used py2exe or PyInstaller for a build.
There are two known ways around it. One is to code sign the executable - not free, the other less reliable is to use a cleanly built PyInstaller (not their executable from site) or use Nuitka which also builds the bootloader from scratch - these will less likely match against the original build and get flagged.
Current builds uploaded to Nexusmods.com are tagged as 'some suspicious files'. This also disables mod downloads until site moderation manually allows it for download after an e-mail.
Since there are no malicious code or insecure dependencies used I've four suspects:
Lines calling powershell scripts fromcli.bat
Bundled 7zip extra. It has one.reg
file.Bundled LECoal's binary file.Shipped
.exe
since it is not digitally signed.