Closed Butterfly-Dragon closed 3 years ago
pls run from source code if you are not sure, no changes will be provided on the exe (or rather I cannot do anything).
Oh, i know you did nothing and that your program does nothing wrong.
I am just warning you that as of this morning it gets recognized as such, so you can take steps to avoid it.
Fyi, I tried to scan locally and it didn't detect anything.
Also I tried to download the file in https://github.com/Nandaka/PixivUtil2/releases/tag/v20210702 = it didn't detect anything.
that contrasts my experience this morning (a couple of hours ago)
Virus Total confirms Microsoft detects it, along with eight other antiviruses.
Weird, what is the SHA256?
10FAB3245175FCE17D6D15C6E766AD6027F74F49BC9FEF78FB2AA5AAF0C28F58
Here is the result from virus total, but I don't see Zpevdo.B
EDIT: ah, you only scan for the exe. Somehow it got different result.
The scan I linked was of PixivUtil.exe, not the release zip. EDIT: Yup, not sure why it comes out different sometimes.
Also the SHA256 of the zip is the same as yours.
10fab3245175fce17d6d15c6e766ad6027f74f49bc9fef78fb2aa5aaf0c28f58
I guess if you want to avoid this, you can run it from source code, which have better compat, see https://github.com/Nandaka/PixivUtil2/wiki/IDE-Enviroment-(Windows)
i get a virus sresult from MSE
so do this mean the windows version is harmfull if i set it to exclude?
Same problem. Switched to previous version.
run from source is recommended: https://github.com/Nandaka/PixivUtil2/wiki/IDE-Enviroment-(Windows)
it says you need to "download the required library:" but does not say which. Will try later if there actually is anything to add or if it is all handled by the "requirements.txt" once i have time to exist.
pip install -r c:\pixivutil\requirements.txt
This will add the required library.
i tried that... all i got was to get pixivutil2.py removed by windows as "being remotely controlled by an agent"
the heck, then I have no idea anymore...
probably misidentifies some component as a "remote agent" and actions are taken to prevent it taking control.
That said for now i went under:
settings>update and security>windows security>virus and threat protection>virus and threat protection settings>exclusions>add exclusions
and added PixivUtil2.exe and .py as exclusions
Was PyInstaller used for the exe? Apparently it causes a bunch of false positives
it uses py2exe 0.10.4.0
from https://pypi.org/project/py2exe/
Do you use the precompiled bootloader? If you do, recompiling your own might get the false positive detections to go down, but after that there's not much else to do other than reporting it to the companies.
I went ahead and submitted it to microsoft, so hopefully they'll clear it and windows defender doesn't keep quarantining it.
Do you use the precompiled bootloader? If you do, recompiling your own might get the false positive detections to go down, but after that there's not much else to do other than reporting it to the companies.
I'm using pip to install/update the library, so I don't think it re-compile anything. I assume it just use the packaged whl
file.
I went ahead and submitted it to microsoft, so hopefully they'll clear it and windows defender doesn't keep quarantining it.
Thanks 😄
Alright Microsoft got back and said it was cleared, just checked virustotal, it's no longer showing it as detected under Microsoft-
If someone can test if defender still quarantining that'd be great
@Nandaka Looks like this is happening again with v20210822, but it's detecting Trojan:Win32/Wacatac.B!ml instead. Didn't want to open a new issue because it's basically the same thing as this one.
It seems to flag the zip but nothing inside the zip. I unpacked it and had no further detections from it.
weird. I also try to compress it as 7z and it still show as virus in virustotal...
recompile with py3.8.10 got slightly different result.
Windows Defender decided it's something new today.
3 detections in 1 day
run from source is recommended: https://github.com/Nandaka/PixivUtil2/wiki/IDE-Enviroment-(Windows)
This is my first time I'm running it from source. Is this going to detect the old database file, settings, etc. or do I need to do something to else to restore them?
Never mind. I managed to do it by copy and pasting the config.ini
and db.sqlite
files to the source folder.
Avast recognizes 'PixivUtil2.exe' in 'pixivutil20220924-64bit.zip' as malware. Even if an exception is handled, the command prompt window is immediately closed.
Prerequisites
Description
Windows security recognizes pixivutil2 as Zpevdo.B
Steps to Reproduce
Expected behavior:
normal execution
Actual behavior:
windows security blocked internet access and i had to "unquarantine" the "severe" threat
Versions
2021-07-02