search

juanitogan / rbxit

Really Basic sÍerra Tools - Sierra game patches and install wiki!
https://namethattech.wordpress.com/2016/01/18/fixing-up-old-computer-games
48 stars 3 forks source link

Trojan:Win32/Vigorf.A detected by Windows Defender #20

Open mootootwo opened 5 years ago

mootootwo commented 5 years ago

file: CyberStorm-10-11-Win7fix.r7.exe

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fVigorf.A&threatid=2147714384&enterprise=0

mootootwo commented 5 years ago

not detected on r6, seems to only be an issue on r7

juanitogan commented 5 years ago

Oh, excellent!, thank you for testing r6 for me. 👍 I've had 3 or 4 reports of this over the last several months -- all with Defender as far as I could tell. I use NOD32 (which reports no issues) and haven't had time to revert to Defender for testing.

I hadn't considered what was new in r7 since I was guessing xdelta3.exe (the patch tool) was the most likely suspect. But, no, this info tells me MVIEWER2.exe is the most likely suspect. This is a BAT file built with Bat_To_Exe_Converter. I use this to translate calls to the old 16-bit help system to my new CHM help file. Anyhow, Bat_To_Exe_Converter includes this notice, which I had forgotten:

Some antivirus programs automatically flag the exe files that this application creates as malware. If you encounter a false positive, in which a converted exe is erroneously recognized as malware, please contact the offending antivirus vendor for further assistance.

There is also this:

https://github.com/99fk/Bat-To-Exe-Converter-Downloader/issues/1

I would have hoped Defender would have cleared this by now but I suppose they haven't gotten enough reports to bother looking at it yet.

Anyhow, use r6 if you don't need to access the help file from in-game (the rest of the patch is the same). Then, unzip MANUAL\METALSTO.chm out of r7 and I'm sure that scans fine.

Regardless, I can't recommend using anything until it scans clean for you. AVG (avg.com) is my go-to tool when looking for free AV software to install (but I haven't tested my patch with it). Anyhow, I'll consider building MVIEWER2 with something else but can't say if or when I'll get to it. I have some help call fixes I need to add to it as well.

juanitogan commented 4 years ago

Just a quick note to self that I plan on rewriting my MVIEWER2 shim in another tool. I need to add a subtopic lookup feature to it anyhow to fix #17.