Trojan:Script/Oneeva.A!ml

[gyetger]

Windows Security reports Trojan:Script/Oneeva.A!ml in MicMute.zip v0.0.7 on download. It doesn't happen with v0.0.6.

[Anc813]

@gyetger https://www.virustotal.com/gui/url/1293f6714d695aff2748228fa7b91c04523f017703c5dc51d406537c0f76b2ed/detection https://www.virustotal.com/gui/file/200ef7d4a11b4bb72eac5e5ff32605fe3a4ab6a885aa147bdacf554b56187abb/detection

It probably doesn't like global keyboard shortcuts (ability to add 2 more shortcuts was added in v0.0.7)

[roughnecks]

True. The strange thing is that I already have v0.0.7 running and Defender doesn't say a thing, but downloading the zip triggers it.

[Anc813]

I tried to recompile project. Still have the same situation on virustotal (3/69 still flagged exe file as malicious)

[roughnecks]

True. The strange thing is that I already have v0.0.7 running and Defender doesn't say a thing, but downloading the zip triggers it.

Oh, I believe that's because I have whitelisted my "Portable" folder.

@gyetger https://www.virustotal.com/gui/url/1293f6714d695aff2748228fa7b91c04523f017703c5dc51d406537c0f76b2ed/detection

I'm sure it's a false positive, but in VirusTotal I can't seem to find Windows Defender..

[Anc813]

I have submitted request to microsoft, need wait up to 30 days for answer

[Anc813]

I received answer

Analyst comments:

We have removed the detection.  Please follow the steps below to clear cached detection and obtain the latest malware definitions.

 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
 3. Run "MpCmdRun.exe -SignatureUpdate"

 Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

 Thank you for contacting Microsoft.

[gyetger]

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

These commands didn't work for me... it removed then re-downloaded version 1.341.574.0. Using the GUI, it updated to 1.341.612.0 https://www.microsoft.com/en-us/wdsi/defenderupdates says that the latest version is 1.341.601.0. Microsoft... -.- But.. it still "founds" the Trojan. I will try again tomorrow.

[roughnecks]

Sadly I'm still getting warned about it..

[Anc813]

@roughnecks sadly I don't know what to do.

My fried told me, that is takes week or two to update and deliver windows defender definition updates. But from the microsoft email it follows that it should be much faster (I initially thought that windows defender definition were updated at that moment)

I have submitted request here: https://www.microsoft.com/en-us/wdsi/filesubmission

[roughnecks]

I see, well, we can wait :)

[Anc813]

@roughnecks could You please try to submit "Incorrectly detected as malware/malicious" with Your exact file version? I tried "MicMute.exe" (0.0.7), unarchived

[roughnecks]

@roughnecks could You please try to submit "Incorrectly detected as malware/malicious" with Your exact file version? I tried "MicMute.exe" (0.0.7), unarchived

I tried just now and the form asks for malware name but when I downloaded the zip again, Defender sent a toast message about it being malicious and to click the toast for more details.. When I did that, Defender told me there were no threats.

Will try again tomorrow because right now I'm exausted.

[roughnecks]

Just tried again, same result, Defender blocks the download but doesn't tell me which malware is supposed to be.

[roughnecks]

Alright, I was able to find the history of malware and get the malware name, download the zip after adding an exception to it and submit my report to MS.

Hope this will help.

[roughnecks]

https://i.imgur.com/wv5MRMN.jpeg

[roughnecks]

Hey guys, MS fixed this at last.. It doesn't trigger for me anymore.

[Anc813]

@roughnecks it's an excellent news! Thank You!

[dwettstein]

This issue could be closed. 😇