Trojan detected by Windows Defender

eneam / mboxviewer

A small but powerfull app for viewing MBOX files

Other

430 stars 24 forks source link

Trojan detected by Windows Defender #32

Closed maltem-za closed 2 years ago

maltem-za commented 2 years ago

Detected as Trojan:Win32/Casur.A!cl by Windows Defender

VirusTotal report: https://www.virustotal.com/gui/file/df7dc9b130265bc40bfc3db9af888f4c31503145ed81211c72020d549280753e

I'm guessing these are false positives, but probably something you want to sort out.

zigm commented 2 years ago

Sounds you downloaded MBox Viewer package but Windows Defender prevented you from running MBox Viewer , right?

That is a bit surprising after the package was published more than a week ago. I believe MBox Viewer package is scanned and verified by Microsoft few days after the release of the package. I had a similar case once only, see the link below. Do you still have a problem running the latest v1,0,3,32 ? If that is the case I may need to submit the package to Microsoft for verification. I believe it is done automatically few days after the package release. Last time I submitted MBox Viewer for verification, I didn't not received official email from Microsoft but the problem disappeared after several scans by Microsoft.

https://sourceforge.net/p/mbox-viewer/discussion/516066/thread/ce7a093975/

maltem-za commented 2 years ago

Actually Windows Defender interfered as soon as I tried to open/extract the zip file using 7-Zip, even before running. This was with the latest version 1.0.3.32 on Windows 10. (I just noticed that I have two updates queued for installation, one of which is "Windows Malicious Software Removal Tool x64 - v5.103 (KB890830)". I'll check to see if the problem persists after that update is installed.)

Edit: No change after installing the latest updates.

zigm commented 2 years ago

I downloaded v1.0.3.32 on June 239 2022 and it worked fine. Today I tried to unzip the same file and Windows Defender complains about virus. It is false positive result but it looks I have no choice but submit the package to Microsoft for verification and fix to Windows Defender. I will provide an update.

zigm commented 2 years ago

When I scan v1.0.3.32 zip file with Windows Defender, it reports problem as Trojan: Script/Wacatac.Blml which differs what you are seeing, iteresting. I submitted zip file to Microsoft Security site and hope for quick fix.

zigm commented 2 years ago

I received response from Microsoft with regard to my submission of v1.0.3.32 zip file to Microsoft Security, see attachment.

It contains instruction how to clear some cached data. I decided to unzip the latest release first without trying to execute the provided instructions and it worked, no complain about potential malware.

I appreciate if you just try to unzip the latest file again. I suggest you run Windows Update first.

MicrosoftSecuirityResponse.pdf MicrosoftSecuirityResponse.pdf

zigm commented 2 years ago

I did the test on a separate computer and it works now. To make sure, I did run Windows Update first.

maltem-za commented 2 years ago

Thanks, I can confirm it's no longer an issue on my side as well 👍