search

InfinityGhost / TabletDriver

https://github.com/InfinityGhost/OpenTabletDriver
GNU General Public License v3.0
66 stars 14 forks source link

Antivirus Trojan Detection #16

Closed Desaje13 closed 5 years ago

Desaje13 commented 5 years ago

I know that it’s strange question but is this ok that my antivirus program writes that this driver is virus (Trojan)?

Hardware/software information

Windows Version: 10 x64bit Driver version: 0.3

whatsup1827 commented 5 years ago

I'm getting the same thing. Prob false positive.

Desaje13 commented 5 years ago

I'm getting the same thing. Prob false positive.

Don't really think that it's false positive tbh.

whatsup1827 commented 5 years ago

Ok Windows Defender and Kaspersky are both flagging it. For now I won't use the provided binary. Might try and compile from the source later and see what happens

InfinityGhost commented 5 years ago

Very odd VirusTotal results

Honestly unsure where its getting this from. I'm going to build TabletDriver on a completely clean install of windows 10 in a virtual machine and see if I get the same results. This SHOULD be a false positive due to the nature of how the driver collects input data, plus its system for detecting framework installs and such matters.

Behavior analysis of the two files that are compromised:

I can crop these up to multiple functions

  1. TabletDriverGUI.exe
    • .NET Framework detection
    • Debugger checking
  2. TabletDriverService.exe
    • Piping for console output
    • Requesting tablet inputs

I'm very certain that these are false positives, and possibly could have been used in the past in malware which would trigger these false positives. The source code is open, so you can build it yourself if you don't trust this anyway.

InfinityGhost commented 5 years ago

Can confirm safe

I installed a completely clean install of Windows 10 x64 1903 on a fresh virtual machine in VMWare, completely isolated from my main machine (i'm running linux mint 19.2)

VirusTotal Results for v0.3.1 Pre-release

For now, I'm closing this issue. Feel free to build it yourself and test it though.

BreadGit commented 4 years ago

I am still getting reports from Windows Defender for the latest build of master: ApplicationFrameHost_2019-12-07_14-48-16 firefox_2019-12-07_14-49-39

I realize that you've closed this issue along with other duplicates because you've tested this project against a clean install of windows, but these reports still seem to be happening for people despite that

I don't have any solutions to give and I'm sure finding a solution for this is probably tricky, but perhaps at least keep this issue open until people stop receiving AV reports

InfinityGhost commented 4 years ago

I don't have any solutions to give and I'm sure finding a solution for this is probably tricky, but perhaps at least keep this issue open until people stop receiving AV reports

I'm likely going to archive this repository, my latest project will make this shit obsolete.

TheTreeSee commented 4 years ago

my pc doesn't let me download the file because he thinks there is a virus...

exil0867 commented 4 years ago

image-1578

exil0867 commented 4 years ago

I'm likely going to archive this repository, my latest project will make this shit obsolete.

@InfinityGhost Is OpenTabletDriver stable enough to be used?

InfinityGhost commented 4 years ago

I'm likely going to archive this repository, my latest project will make this shit obsolete.

@InfinityGhost Is OpenTabletDriver stable enough to be used?

Absolutely, but major changes are coming in a future release

exil0867 commented 4 years ago

Just tried it, it fails to detect my Gaomon S620 tablet.

InfinityGhost commented 4 years ago

Just tried it, it fails to detect my Gaomon S620 tablet.

DM me on discord @ InfinityGhost#7843