Safe to download latest release - identified as Trojan

[scottc439]

Attempt to download latest release (v2.3.10) triggers security warnings from Chrome and Windows 10. It may be a false-positive issue for a part/segment of code or the EXE package has been compromised. Windows identifies threat as Trojan:MSIL/Masslogger.VN!MTB. Seems reasonable to expect that classification for software designed to perform similar functions. Any help in determining if downloadable EXE is safe, please reply.

[damienhaynes]

Hey @scottc439, I will investigate why this happens but rest assured there is no trojan waiting for you.

[cereyanli]

Same here

Wİndows 10 recognize as trojan with classification "Severe"

[damienhaynes]

I think I will have to contact Microsoft to manually check my exe.

[damienhaynes]

I have submitted the file for review so we'll see what comes from this. I will, however, look into it more to see if there is something I can do on my side.

[cereyanli]

See screen capture

[damienhaynes]

Can you all try the recommendations from the analysis comments if issue still persists,

[RobotManager]

I'm curious about this too. The Windows virus scan picked it up first. I came here and read this thread, thought it might be a false positive in the Windows virus scan. So then I took it to VirusTotal and it lit up. 18 out of 71 Virus scanners flagged it. Can anyone verify this is safe?

[ghost]

Bitdefender hasn't allowed me to download this since it all started. I sent in a false positive report for the file and the link, multiple times, over the past few months.

I can't download any of the links here. Even if I turn off online scanning (Which prevents the downloads form even starting), it still gets caught up in the Antivirus protection. The older ones are called, "Gen:Variant.Bulz.20" and the newer ones are called, "Trojan.GenericKD.35145255."

They clearly aren't paying attention to my submissions. Maybe @damienhaynes wouldn't mind submitting everything directly to them. Thank you.

[damienhaynes]

Hi @AllRoCol, I will investigate what more I can do to get this resolved. I'm not sure why all of a sudden this is an issue, but if there is any doubt it is easy to compile an executable from the source code using Visual Studio.

Just out of curiousity, did anyone attempt to run through the recommendations suggested above from the submission analysis?

[ghost]

This isn't about doubt for me. The product, which is one of the most popular and highest performing ones on the market, has full on decided that your product is dangerous. Any link I click on the github, that leads to a release, is blocked. The downloads are instantly blocked if I override that. If I got it downloaded, it would trigger some other response on execution.

I only wrote here because of others that may come along. Sure, I can use it (I have no reason to myself (At this current time.), though I recommend your program often when I am helping others), but others coming along may not have the ability to figure out how to fight off their security program. This place seems to have gone mostly dead silent since this all started. I am wondering how many people have been running into problems and not posting.

Something in your code triggered this massive response to the new and even old ones. I understand completely that any program that modifies accounts or other software can lead to this and it is often false, but that the security programs don't know this.

All I am saying is that I have been trying to clear it for months with BitDefender. They won't clear the program or the download links on the site. I don't have access to as much as you do or the ability to figure out what is causing it in the code. Maybe they can tell you. I just keep submitting different things hoping that they will eventually clear it.

I'm just reporting for other people. I hope this all clears up some day, for all security software. It's great software if you need it (A lot of people do).

[RobotManager]

Hi @AllRoCol, I will investigate what more I can do to get this resolved. I'm not sure why all of a sudden this is an issue, but if there is any doubt it is easy to compile an executable from the source code using Visual Studio.

Just out of curiousity, did anyone attempt to run through the recommendations suggested above from the submission analysis?

I did not.

First, it did not seem productive. The recommendations seemed to be keeping the file and generating logs of the security reports. I understand this might be beneficial in eventually fixing this error in one specific place (Microsoft Security), it provides no immediate solution to the problem and might not be effective in the 17 other scans that flag this as a virus.

Second, I'm no longer intending to use the program. As soon as I received a security notice I wanted it off of my PC. I isolated the file and sent it for the virus check I posted above to make sure it wasn't just a false positive in Windows. When that came back with so many negatives I made sure to get it off my PC. I tried a previous version of the program which worked without raising any security issues. It did what I wanted it to do. I was still uncomfortable with running the program as I'm unsure why the latest version was flagged. I made a feature request which was dismissed and without that feature, I didn't have any further need for the program, so I moved on.

I think users who are already uncomfortable getting these security warnings are not very likely to be comfortable troubleshooting what is potentially a security risk. Even though I'm not planning on using the program in the future, I might be comfortable doing this. Can I ask, why aren't you able to generate these logs yourself? Is Windows Security not flagging the file on your machine?

[damienhaynes]

I was getting the threat detected as described above using Windows Defender which lead me to sending the submission request. Since that date, I have re-scanned and I'm no longer detecting a threat. I have not tried any other programs as of yet.

Having said, that I'm aware there is still a problem as VirusTotal is reporting a problem from 12 apps:

I will download one of these and report problem as a developer. Hopefully they can give me details which allows me to resolve it rather than me getting it whitelisted from every app.

[RobotManager]

Odd.

As soon as I downloaded TraktRater_v2.3.10 I had problems. Edge flagged it automatically as a virus and wouldn't download it. I used Firefox and downloaded it, but a scan with Windows Defender immediately flagged it and quarantined it. I don't know if your settings are letting it through or if it's region based (I'm in the US) but it's definitely still an issue.

Also, I noticed that on your VirusTotal the number of positives dropped from 17 to 12. I ran it again and on my end it jumped to up 19.

I don't know if that helps. Anyways, I followed their instructions to get the log files if you still think you need them. I don't think they indicate anything other than that it is detecting the file (for example "2021-01-27T00:57:13.966Z DETECTION Trojan:MSIL/Masslogger.VN!MTB file:D:\Documents\My Downloads\TraktRater_v2.3.10.exe") I don't want to post them publicly so I'd just need to know where to send them. I noticed in your submission the file is traktrater.exe which is different from the default download of TraktRater_v2.3.10.exe. Are you certain you uploaded the current version? I only have had issues with 2.3.10.

[damienhaynes]

99% sure, I normally rename the file with a fileversion before uploading.

I have uploaded my local one again as a new name: TraktRater_v2.3.10.2.exe.7z. So you can try that to see if it detects 12 engines vs 19.

NB: I used 7zip to compress as it might help avoid threat detection on download. Presumably a threat may be detected on extraction.

[RobotManager]

So... I downloaded the 7z. It only shows up with 8 positives.

I think you're on to something with the 7zip hiding the detections, BUT I extracted the zip and manually scanned it. Windows didn't flag it at all. Neither the 7z or the extracted exe were flagged. FWIW I was only downloading the exe before this.

-edit to add the VT results

[ghost]

Bitdefender has your whole download section flagged, but I overrode it and yeah, 7zip does hide it, sort of. I assume if you have scan within archives on it wouldn't allow it, but that is why people are able to download it. That should be off, by default, for most (All?) programs, due to how it will slow down folder opening quite a bit and up the resource usage. I don't know how Virus Total handles that, with each engine.

As soon as I attempted extraction it caught it.

Since your program edits data and moves it around, like a Trojan would, I would suspect you will have to manually submit it around the web and see if they will clear it. This probably isn't really any different than say a game crack would be. Safe to people that know of it, but red flagged all over as a trojan, because of the type of approach that has to be used. There are usually enough people using something from that community, so they would take it and submit it on their own to get clearance eventually pushed through.

It's down to either find the specific code and remove it (Which still won't easily undo any companies that have flagged you at this point) or submit the full file until they get the point and they should leave you alone in the future if you don't change that specific code too much. I tried, but my submissions never changed anything on the Bitdefender front.

I mean at this point you have Microsoft (Installed by default on many, many computers out there), Bitdefender (Usually one of the top two in most ratings categories), McAfee (A very popular choice by vendors to install for people), and among others, Cylance which has a decent market share. I am assuming a lot of people coming this way have been turned away, which is a shame because you have such a great program.

[damienhaynes]

I have submitted a few reports for false positives, just waiting to hear back.

In the background, when I have some more time I will partition the program into smaller chunks and attempt to narrow down where it might think there will be trojans. For now, I will leave the file compressed as it seems to be safe from Windows Defenders perspective (even when extracted).

[ghost]

Looks like you are almost in the clear. Bitdefender is backing off now, site, file, and opening... On Virus Total there are only 4 left. 3 are probably irrelevant. It is a badge of honor for any good software to have a few idiotic places that think it is something bad. It punishes the fools that use those products that keep them in business. The other is TrendMicro, which is at least a little popular.

Edit: Down to two. SecureAge and TrendMicro.

[helmasaur]

For now, I will leave the file compressed as it seems to be safe from Windows Defenders perspective (even when extracted).

I tried downloading it today, but Windows Defender detected the trojan Oneeva. Is it safe?

[damienhaynes]

I tried downloading it today, but Windows Defender detected the trojan Oneeva. Is it safe?

Yes.