Open herbbetz opened 5 years ago
I have the same finding in my windows 10 with the current master tool_01DIY85(3.3.0).exe
Yup, just had to go through a manual remove process for this virus. Lovely Chinese software. And they wonder why we are flashing the firmwares on these devices to tasmota...
No trace of virus removal in todays tool_01DIY85(3.3.0).exe Seems even worse:
Is there some hope to ever get this tool free of viruses? Or alternative software? For me, sonoff mini is to small to solder flash wires on... I regret having bought this... The DIY-mode is a real pain...
This tool was written by me, packaged into exe, and uploaded to Github.I don't know why my hard-written code was checked for a virus.And this tool's code all uploaded to Github, everyone can review my code, whether there is a virus Trojan tool, a look at it.The open source model is meant to be used by more people, and we're certainly not going to hurt our customers.
Sorry for the inconvenience.But I must find out, this is an anti-virus software false alarm, or I really have a Trojan code.
@ZZLinvec, it is always a good practice to sign a windows exe file. This will ensure that the publisher is identified and the code is not altered or corrupted since it is signed. Check out how to do Code signing for windows. Highly recommended at the earliest for this tool.
This tool was written by me, packaged into exe, and uploaded to Github.I don't know why my hard-written code was checked for a virus.And this tool's code all uploaded to Github, everyone can review my code, whether there is a virus Trojan tool, a look at it.The open source model is meant to be used by more people, and we're certainly not going to hurt our customers.
I had originally downloaded it onto an old laptop that isn't really updated or used often. Ran it there, had issues with the tool discovering the device. Then I attempted to download it on my daily driver Desktop, and Chrome, Firefox, and Windows itself, have all flagged it for containing this virus. I then checked the old laptop to see if the files that virus creates, existed, and they did. Had to update Windows Defender on the laptop, and it triggered and removed at that point as well.
I then checked the old laptop to see if the files that virus creates, existed, and they did. Had to update Windows Defender on the laptop, and it triggered and removed at that point as well.
Really? So it's not false detection? Can you please provide details - what files it created? Where did you find the info?
31.8.19 still the same Virus found by virustotal.com/Microsoft in tool_01DIY85(3.3.0).exe
I think Sonoff use Py2exe to compile Python code into exe. This is knows for false detection because Py2exe is also used to compile malware - producing similar signature.
@alexbk66
It’s been a couple weeks since I removed it. I just followed a google search result pertaining to the mentioned virus. There were a couple of registry keys and files in system32.
I also use Py2exe for a few projects (YouTubeDownload) and have never had this issue.
@alexbk66
It’s been a couple weeks since I removed it. I just followed a google search result pertaining to the mentioned virus. There were a couple of registry keys and files in system32.
So you can't provide a link to the webpage with details?
Its been ages. I'm not actively working on these projects all the time. As I said, there are multiple google results for this signature. I expect you being on GitHub, you are capable of pulling this information yourself?
Where do you see that py2exe is associated with Trojan:Win32/Tiggre!plock? Cause a google search result of "Trojan:Win32/Tiggre!plock py2exe" returns 6 items, none of which actually have anything to do with py2exe.
Has been over a month since the last comment on this thread. Does anyone know what the status is? Too bad the author of the code "ZZLinvec" is silent after his initial comments; sure doesn't instill much confidence in his code.
any news about this topic? Prove to be false detection? @ZZLinvec
I have since flashed Tasmota via JTAG and will no longer be purchasing any more of these devices. Unsubscribing as the manufacturer has clearly checked out.
Best of luck to the rest of you.
I'm buying Shelly Cloud devices - they are great!
What's your point @jslay88 ?
I just downloaded and checked and it is not detected as malware for me anyways. So I guess it was a false positive.
Trojan:Win32/Tiggre!plock today (23 Aug 2019) found in tool_01DIY85(3.3.0).exe
14 engines detected by: https://www.virustotal.com/gui/file/33c91045877dd7442b2964583e87ed30bd4d46ea69064739e1a1cf8167910b11/detection