57k
commented
5 years ago I have the same finding in my windows 10 with the current master tool_01DIY85(3.3.0).exe
Open herbbetz opened 5 years ago
57k
commented
5 years ago I have the same finding in my windows 10 with the current master tool_01DIY85(3.3.0).exe
jslay88
commented
5 years ago Yup, just had to go through a manual remove process for this virus. Lovely Chinese software. And they wonder why we are flashing the firmwares on these devices to tasmota...
herbbetz
commented
5 years ago No trace of virus removal in todays tool_01DIY85(3.3.0).exe
Seems even worse:
herbbetz
commented
5 years ago Is there some hope to ever get this tool free of viruses? Or alternative software? For me, sonoff mini is to small to solder flash wires on... I regret having bought this... The DIY-mode is a real pain...
ZZLinvec
commented
5 years ago This tool was written by me, packaged into exe, and uploaded to Github.I don't know why my hard-written code was checked for a virus.And this tool's code all uploaded to Github, everyone can review my code, whether there is a virus Trojan tool, a look at it.The open source model is meant to be used by more people, and we're certainly not going to hurt our customers.
ZZLinvec
commented
5 years ago Sorry for the inconvenience.But I must find out, this is an anti-virus software false alarm, or I really have a Trojan code.
d-sudhakar
commented
5 years ago @ZZLinvec, it is always a good practice to sign a windows exe file. This will ensure that the publisher is identified and the code is not altered or corrupted since it is signed. Check out how to do Code signing for windows. Highly recommended at the earliest for this tool.
jslay88
commented
5 years ago This tool was written by me, packaged into exe, and uploaded to Github.I don't know why my hard-written code was checked for a virus.And this tool's code all uploaded to Github, everyone can review my code, whether there is a virus Trojan tool, a look at it.The open source model is meant to be used by more people, and we're certainly not going to hurt our customers.
I had originally downloaded it onto an old laptop that isn't really updated or used often. Ran it there, had issues with the tool discovering the device. Then I attempted to download it on my daily driver Desktop, and Chrome, Firefox, and Windows itself, have all flagged it for containing this virus. I then checked the old laptop to see if the files that virus creates, existed, and they did. Had to update Windows Defender on the laptop, and it triggered and removed at that point as well.
alexbk66
commented
5 years ago I then checked the old laptop to see if the files that virus creates, existed, and they did. Had to update Windows Defender on the laptop, and it triggered and removed at that point as well.
Really? So it's not false detection? Can you please provide details - what files it created? Where did you find the info?
herbbetz
commented
5 years ago 31.8.19 still the same Virus found by virustotal.com/Microsoft in tool_01DIY85(3.3.0).exe
alexbk66
commented
5 years ago I think Sonoff use Py2exe to compile Python code into exe. This is knows for false detection because Py2exe is also used to compile malware - producing similar signature.
jslay88
commented
5 years ago @alexbk66
It’s been a couple weeks since I removed it. I just followed a google search result pertaining to the mentioned virus. There were a couple of registry keys and files in system32.
I also use Py2exe for a few projects (YouTubeDownload) and have never had this issue.
alexbk66
commented
5 years ago @alexbk66
It’s been a couple weeks since I removed it. I just followed a google search result pertaining to the mentioned virus. There were a couple of registry keys and files in system32.
So you can't provide a link to the webpage with details?
jslay88
commented
4 years ago Its been ages. I'm not actively working on these projects all the time. As I said, there are multiple google results for this signature. I expect you being on GitHub, you are capable of pulling this information yourself?
Where do you see that py2exe is associated with Trojan:Win32/Tiggre!plock? Cause a google search result of "Trojan:Win32/Tiggre!plock py2exe" returns 6 items, none of which actually have anything to do with py2exe.
ptmoy2
commented
4 years ago Has been over a month since the last comment on this thread. Does anyone know what the status is? Too bad the author of the code "ZZLinvec" is silent after his initial comments; sure doesn't instill much confidence in his code.
Panoru84
commented
4 years ago any news about this topic? Prove to be false detection? @ZZLinvec
jslay88
commented
4 years ago I have since flashed Tasmota via JTAG and will no longer be purchasing any more of these devices. Unsubscribing as the manufacturer has clearly checked out.
Best of luck to the rest of you.
alexbk66
commented
4 years ago I'm buying Shelly Cloud devices - they are great!
Panoru84
commented
4 years ago What's your point @jslay88 ?
johhenrik
commented
4 years ago I just downloaded and checked and it is not detected as malware for me anyways. So I guess it was a false positive.
Trojan:Win32/Tiggre!plock today (23 Aug 2019) found in tool_01DIY85(3.3.0).exe
14 engines detected by: https://www.virustotal.com/gui/file/33c91045877dd7442b2964583e87ed30bd4d46ea69064739e1a1cf8167910b11/detection