Virus detected in provided builds

[alelom]

Wanna perhaps have a look at your released builds? Any instance of Chrome blocks the download, and if you still manage to download it, 7Zip itself does not allow to open it.

The hell is in there?! 🤣

[dezem]

This is a false positive, you can ignore it. I have no problems to download it.

[skarton94]

windows defender finds the following (ver 0.7.4): Trojan:Win32/Zpevdo.A Trojan:Win32/Occamy.C

[DavHer]

Windows detects that the binary is trying to execute a process remotely from an amazon server. Why are you doing that? I will report this proyect

[dezem]

windows defender finds the following (ver 0.7.4): Trojan:Win32/Zpevdo.A Trojan:Win32/Occamy.C

Ya its a false positive, SAK.exe ist completely free of virus or other malware.

Windows detects that the binary is trying to execute a process remotely from an amazon server. Why are you doing that? I will report this proyect

You are joking, the only used webcall from SAK.exe is to github.com to check for updates. For new SAK.exe or the used binaries from the included tools which are under the bin dir. For the other tools im not responsible!

[Sapasss]

Hi all SAK.exe (in 64bit directory) deleted today by windows defender, Trojan:Win32/Vigorf.A detected, and it's not the only one :

[Djam808]

So this program is virus? I'm confused. I try download 3 times and when I try to extract the 7zip, windows say it a virus and soon it disappears from download folder. i guess windows delete it. can anyone confirm?

[dezem]

Which i already said -> Its a false positive. SAK.exe is completely free of virus or other malware. It nothing collect / share or do anything else. Which is not related to the Switch, like XCI / NSP or other used operations from it.

I'm a moderator aka kempa by psxtools.de a german console community. So you can trust me or not it's on your 😉

If you have problems with your AV tool. You must add it to the ignore list of your AV tool.

If you are unsure: You can also run it on a single minimal windows vm like virtualbox with nothing else installed 😄

[alelom]

Unfortunately, we can be told a hundred times that this is a false positive, but the gravity of the warning makes this program as good as garbage. Definitely too risky to try.

[ghost]

Good day everyone!

I'll explain why Occamy.C and Zpevdo.A is thrown on antiviruses.

Occamy and Zpevdo are computer trojans that would send data about your computer, hardware specs, and more to a central server. That's it. They would then push payloads to your computer via other trojans already installed. This is a typical heuristic analysis for a false positive. Any application that's unsigned or includes unsigned binaries will always tip that off if any connection to a remote server is done.

Now, to fix and rectify this, I would recommend dropping the source code for the SAK application and any other tools used within the executable.

[Aericho]

Unfortunately, we can be told a hundred times that this is a false positive, but the gravity of the warning makes this program as good as garbage. Definitely too risky to try.

Good day everyone!

I'll explain why Occamy.C and Zpevdo.A is thrown on antiviruses.

Occamy and Zpevdo are computer trojans that would send data about your computer, hardware specs, and more to a central server. That's it. They would then push payloads to your computer via other trojans already installed. This is a typical heuristic analysis for a false positive. Any application that's unsigned or includes unsigned binaries will always tip that off if any connection to a remote server is done.

Now, to fix and rectify this, I would recommend dropping the source code for the SAK application and any other tools used within the executable.

I got a virus from this.

[Djam808]

Unfortunately, we can be told a hundred times that this is a false positive, but the gravity of the warning makes this program as good as garbage. Definitely too risky to try.

Good day everyone! I'll explain why Occamy.C and Zpevdo.A is thrown on antiviruses. Occamy and Zpevdo are computer trojans that would send data about your computer, hardware specs, and more to a central server. That's it. They would then push payloads to your computer via other trojans already installed. This is a typical heuristic analysis for a false positive. Any application that's unsigned or includes unsigned binaries will always tip that off if any connection to a remote server is done. Now, to fix and rectify this, I would recommend dropping the source code for the SAK application and any other tools used within the executable.

I got a virus from this.

what did it do though. besides having your anit viurs just say it was a virus. did it slow down your computer? was there any harm?

[Aericho]

Unfortunately, we can be told a hundred times that this is a false positive, but the gravity of the warning makes this program as good as garbage. Definitely too risky to try.

Good day everyone! I'll explain why Occamy.C and Zpevdo.A is thrown on antiviruses. Occamy and Zpevdo are computer trojans that would send data about your computer, hardware specs, and more to a central server. That's it. They would then push payloads to your computer via other trojans already installed. This is a typical heuristic analysis for a false positive. Any application that's unsigned or includes unsigned binaries will always tip that off if any connection to a remote server is done. Now, to fix and rectify this, I would recommend dropping the source code for the SAK application and any other tools used within the executable.

I got a virus from this.

what did it do though. besides having your anit viurs just say it was a virus. did it slow down your computer? was there any harm?

Adware.

[muxi1]

Friends! What is this? If your virus software mistakenly classifies this tool as a virus, it's because of your virus scanners! I've been using this tool since the first hour and have never had any problems with it, nor does my virus software complain when using SAK. If somebody actually caught a virus, it is guaranteed NOT because of SAK, but either because of the reliability of the used virus software, or because of the user himself, if settings were not made correctly.

[Djam808]

Friends! What is this? If your virus software mistakenly classifies this tool as a virus, it's because of your virus scanners! I've been using this tool since the first hour and have never had any problems with it, nor does my virus software complain when using SAK. If somebody actually caught a virus, it is guaranteed NOT because of SAK, but either because of the reliability of the used virus software, or because of the user himself, if settings were not made correctly.

well Im only using windows defender and it deletes the zip file when trying to open it saying its a virus.. I think that's enough to say its dodgy.

[ghost]

@dezem Please provide the source code behind SAK, so that we can see and verify what is going on behind the scenes.

[muxi1]

well Im only using windows defender and it deletes the zip file when trying to open it saying its a virus.. I think that's enough to say its dodgy.

Especially the Windows Defender is known for issuing unauthorized virus messages. This is repeatedly highlighted as a point of criticism in numerous tests! I repeat myself when I say that SAK is clean!

[dezem]

Unfortunately, we can be told a hundred times that this is a false positive, but the gravity of the warning makes this program as good as garbage. Definitely too risky to try.

Good day everyone! I'll explain why Occamy.C and Zpevdo.A is thrown on antiviruses. Occamy and Zpevdo are computer trojans that would send data about your computer, hardware specs, and more to a central server. That's it. They would then push payloads to your computer via other trojans already installed. This is a typical heuristic analysis for a false positive. Any application that's unsigned or includes unsigned binaries will always tip that off if any connection to a remote server is done. Now, to fix and rectify this, I would recommend dropping the source code for the SAK application and any other tools used within the executable.

I got a virus from this.

what did it do though. besides having your anit viurs just say it was a virus. did it slow down your computer? was there any harm?

Adware.

You are joking, SAK is 100% clean. The adware is from other sources and not from my tool "SAK" You can easily browse through the internet to get adware... 😉

@dezem Please provide the source code behind SAK, so that we can see and verify what is going on behind the scenes.

No, SAK will remain closed source, its a one man project. So its my private free time for the development. And don't like clones from my tools.

SAK is only a gui for the binary commandline tools, which are inlcuded in the bin dir. So multi progress is possible, for looping through nsp xci files. And own functions from SAK e.g. splitting / merging or update feature. That the tool needs specific rights to access system functions for that and nothing else.

You can monitor with ProcessExplorer or ProcessMonitor which access / modification.. and so on SAK does. And you will see, there is nothing bad. And also check the "download_count" -> https://api.github.com/repos/dezem/SAK/releases If there had ever been a problem, it gave to thousands of comments. SAK 0.7.4 hast the highest download count with 2937 downloads.

So i repead again: SAK is truely be safe and its a false positiv generated through the needed system access. It nothing collects / tracks, installs, shares or what ever in an malicious way - 100% clean

[ghost]

No, SAK will remain closed source, its a one man project. So its my private free time for the development. And don't like clones from my tools.

The way I see it, half your tool is just redistributed software (which is allowed under their licenses and I won't fault you for it) under an AIO executable for simplicity, again I'm not faulting you for that.

What I do fault you for is the fact that this software triggers AV's (even your VirusTotal hits it as a virus ~32% of the time) and all you say is that it's a "false positive" which I would believe if it was something that does DLL injection or manual mapping in memory. I can't take your word for it if I don't know what is going on behind the scenes.

Now, if you don't want to do open source, that's your perspective, but don't expect people to take your word for something not being dangerous if you won't provide source code.

[dezem]

Ya i respect the credits of the others and many thanks for them. Therefore all source codes are linked to their creators. I only call the included tools over CMD args over my external exe. So that i can keep my tool closed source 😉 Inside SAK its only my own created code. I use autoit to easy generate my code, you can fast write down new tools.

Firstly i created it for myself, to easy handle my switch content. After them i recognized, it would be e good idea to publish it for the community. So i published it at psxtools.de a german console community. There you can find me as kempa, dezem is my synonym on github.

In conclusion: If you don't like it or you don't trust me. The easiest thing is not to use it 😃

Everyone is free to use SAK or just not...so long

[xf1424]

Even though you are using the GPL licensed tools over "CMD args" your program would be useless without them so it could be considered a "Derivative work" and legally required to be licensed under the GPL terms.

[dezem]

Do you want a candy?

[xf1424]

I want you to behave like an adult and give respect to the open source community by releasing the source code.

[dezem]

I already said, i dont publish my code.

The code will die with me... 😉

[alelom]

I want you to behave like an adult and give respect to the open source community by releasing the source code.

You can't really ask for something like this. Plus, he is not infringing any copyright agreement, as noted by someone above.

@dezem I'd still leave this issue open or reference the discussion in your main Readme. Your Readme already informs about the "false positive", but you do not mention that it is triggered by a part of code that is closed source and can't be analysed. Whatever you say, this can be worrysome. You actually ask for a leap of faith from your users. This must be really, really clear from the Readme, and mentioned as a first thing, with a link to this conversation.

Thank you for your work anyway, but do take our concerns seriously please.

[dezem]

@dezem I'd still leave this issue open or reference the discussion in your main Readme. Your Readme already informs about the "false positive", but you do not mention that it is triggered by a part of code that is closed source and can't be analysed. Whatever you say, this can be worrysome. You actually ask for a leap of faith from your users. This must be really, really clear from the Readme, and mentioned as a first thing, with a link to this conversation.

Yes right i forget that 👍