Quarantine NitroPaint.exe

[chirikku]

Downloading the nitropaint.exe alerts anti-virus to quarantine file for Win32:MalwareX-gen[Trj]. Please see attached photo and investigate this. Thank you.

[LandonAndEmma]

I also have this issue too, I didn't have it before I think he got infected.

[LandonAndEmma]

[Garhoogin]

Not much I can do about this. The solution is to use the antivirus that sits between your ears.

[LandonAndEmma]

But it has a trojan in it... you got to fix it... also here's more proof: https://www.virustotal.com/gui/file/bc36d6154c61e9e24e963f5b1629e552dc1af98648e74eb004d2f88c08a277d8

[LandonAndEmma]

I checked and all the other versions are fine, it's just the newest one, you need to remove the newest release to protect other users.

[Garhoogin]

I will not be removing the most recent version since that won't protect anybody from a threat that isn't there. My current local build is detected by some of the same AVs as those release 2.8.5.0, but I don't write software for AV vendors. If you are paranoid, you may compile the code yourself after checking it over to make sure there are no viruses I've hidden there.

[LandonAndEmma]

And how do you compile it?

[Garhoogin]

And how do you compile it?

You'll have to create a Solution in Visual Studio and copy in the repo's files. Should be able to get a working build that way, though I haven't had much experience with getting this to compile on other peoples' machines so you may need to do some problem solving.

[LandonAndEmma]

Still infected with viruses. Even google detects it.

[Garhoogin]

It can't "still" be infected with a virus if it never was in the first place. I'm sure that Google is using some super intelligent virus detection technology that was able to pick up on code I wrote that even I thought was safe!

[LandonAndEmma]

[LandonAndEmma]

Even Malwarebytes get's it, let me compile it myself and see if it's fine.

[ravenPenfold]

Hi. Not the contributor of the project, or someone reporting an issue, but I'll be honest.

Most software which isn't generally signed formally, or really ran often (e.g. NitroPaint) don't tend to be recognized by most Anti-Malware (note I am not saying Anti-Virus software, as that is actually slightly different) as a non-threat.

I've scanned this myself with the In-Built Microsoft virus scanner (which KNOWS the operating system, and the framework used here (as it's C#, a Microsoft built product), and VirusTotal. I have also done research online, and the type of 'Trojan' it allegedly is tends to be found in a chance of it being either legit, or a false-positive.

I would say the likelihood of a false-positive to be high. Hell, even professional software can get false-positives (e.g. Visual Studio or even Firefox)

[Garhoogin]

Yeah, it's pretty common I think for software without a code signing certificate to be flagged as such. I don't particularly feel like spending all the time and money to acquire one. More recently I added support for connecting to an IS-NITRO-EMULATOR through NITRO-Viewer, which I suspect to be a potential reason that AV software could be flagging it more lately in particular. I know that AVs tend to throw a fit if they see your code looking for DLLs and calling functions from them. Due to some of the mechanics of the NITRO-Viewer preview mechanism itself, it also has to use temporary files when sending the preview data, which may also contribute potentially. This repo may be tricky to build locally, due to some aspects of the setup, but definitely possible, some people have done so on their own forks. In particular, you may need to acquire/build your own copy of msvcrt-light.lib, or not link against it at all (changes in the Project properties, in the Linker files tab).