Closed Treazul closed 2 months ago
k
@Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
It's probably just a false positive. I've submitted the file to the av and let them know
On Fri, 10 May 2024 at 18:55, VidTu @.***> wrote:
@Treazul https://github.com/Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
— Reply to this email directly, view it on GitHub https://github.com/VidTu/Ksyxis/issues/25#issuecomment-2104220183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM . You are receiving this because you were mentioned.Message ID: @.***>
Correction, it is a false positive.
On Fri, 10 May 2024 at 19:07, Sam @.***> wrote:
It's probably just a false positive. I've submitted the file to the av and let them know
On Fri, 10 May 2024 at 18:55, VidTu @.***> wrote:
@Treazul https://github.com/Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
— Reply to this email directly, view it on GitHub https://github.com/VidTu/Ksyxis/issues/25#issuecomment-2104220183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM . You are receiving this because you were mentioned.Message ID: @.***>
Scratch that. I clicked "Reanalyse" on virus total and it's reporting [image: image.png]
On Fri, 10 May 2024 at 19:13, Sam @.***> wrote:
Correction, it is a false positive.
On Fri, 10 May 2024 at 19:07, Sam @.***> wrote:
It's probably just a false positive. I've submitted the file to the av and let them know
On Fri, 10 May 2024 at 18:55, VidTu @.***> wrote:
@Treazul https://github.com/Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
— Reply to this email directly, view it on GitHub https://github.com/VidTu/Ksyxis/issues/25#issuecomment-2104220183, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM . You are receiving this because you were mentioned.Message ID: @.***>
for fs sake, what they don't like
maybe they don't like the way it uses a lot of method injections like here for multiversion support
what's funny, the latest gh actions snapshot is not being detected (even after reanalyzing) by any vendor
*got this on mod version 1.2.2, the file extension isn't .jar, it's .bNIhAX
the full file my av shows is Ksyxis-1,2,2,jar.bNIhAX
download method: modpack via prism launcher, downloading from modrinth.
trying to download the mod again seems to end with a random string as the file extension, not just ".bNlhAX"
my AV is called "Vipre".
@Dorrivix it seems like your antimalware renames it
it doesn't trigger with downloading version 1.2.1
well it also doesn't with 1.2.3-SNAPSHOT, you can reverse engineer 1.2.2 JAR and find nothing there. it was probably incorporated in some bigger malware (such as infected Minecraft modpack) and now antimalware flags it. i will not update JAR until I'll add 1.20.5 compat in a few days.
BitDefender no longer flags 1.2.2 as infected, other vendors should follow shortly
Upon running a modpack with this mod bitdefender has marked it as infected The file D:\ATLauncher\instances\TerraFirmaGreg\mods\Ksyxis-1.2.2.jar is infected with Trojan.GenericKD.72678267 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.