search

EternalWraith / PalEdit

A simple tool for Editing and Generating Pals within PalWorld Saves
MIT License
472 stars 65 forks source link

PalEdit.exe contains Trojan #41

Closed KongGal closed 7 months ago

KongGal commented 7 months ago

THIS ISSUE HAS BEEN REMOVED DUE TO MISINFORMATION

EternalWraith commented 7 months ago

Can you stop spreading misinformation?

Paluto42 commented 7 months ago

Does not happen with my Windows defender(old build) , If you want to make sure the program is not harmful, pls use PyInstaller to recompile all code and check.Compiling programs with high-level languages ​​often triggers false detections in antivirus software.

KongGal commented 7 months ago

Does not happen with my Windows defender(old build) , If you want to make sure the program is not harmful, pls use PyInstaller to recompile all code and check.Compiling programs with high-level languages ​​often triggers false detections in antivirus software.

Yet why isn't there any mentions of such "false positive" on the README? why he is trying to hide the evidence provided calling it misinformation? if there wan't anything to it he wouldn' deleted the evidence, close it and just be like misinformation but he would then instead spent 2 min explains why there is a "false" positive so when others check they can't just see the creator hiding things

vSwifty commented 7 months ago

Aight I looked into the why and how Paledit was coming up flagged, seems like it's coming from tkinter and PIL. Not that it's malicious or anything, it's just the way it behaves is similar to how malware behaves(builds exe that unpacks a bunch of files on runtime)

https://www.reddit.com/r/learnpython/comments/ltvwm6/simple_python_program_that_opens_a_picture_and/ https://stackoverflow.com/questions/60892259/tkinter-executable-seen-as-virus https://stackoverflow.com/questions/54156685/virus-warnings-after-trying-to-run-py-program-converted-to-an-exe-file https://stackoverflow.com/questions/43777106/program-made-with-pyinstaller-now-seen-as-a-trojan-horse-by-avg/

Now going over which files tripped detection you can see it here under the dropped files section and you can see that it's only flagging the DLL's needed to draw the GUI of the tool. image

It's essentially a false positive based on behavior of a file that's used in a large amount of programs and not actually malicious intent, the source code is right there to look over and compile yourself.