Closed Epik-B0mber closed 8 months ago
JustRed23
commented
8 months ago Seems like a false flag, if you really want to be safe, you can always build from the source. I also noticed that you are using the server jars, no need for those, just download kettinglauncher and follow the steps provided in the README
JustRed23
commented
8 months ago Ah nvm, read your question wrong
JustRed23
commented
8 months ago It does look like a false flag, but if you want to be sure, here is the sample uploaded to virustotal: https://www.virustotal.com/gui/file/3f61cde62e6e95b2efdfbb1985f0fe33363fe65b561508785d87857d3ee89860?nocache=1
C0D3-M4513R
commented
8 months ago Well, what antivirus detects this? Edit: from what I've seen, it might be Windows Defender? How up-to-date are your windows defender antivirus signatures (e.g. do you have any updates regarding this in windows update?)
Also I've personally looked at all lines in the launchers and wrote like 90% from scratch and refactored another 5%. There should be no line that does something malicious.
Epik-B0mber
commented
8 months ago Wow you guys were so fast to respond I was surprised to get up and sit back down to responses.
I just found out about this project about 2 months ago so I was initially using the server .jar until I checked earlier this week and noticed updates were coming through. So I went ahead and got the latest and greatest, and, oddly enough, my computer didn't do jack when I made two test servers with the jar. One Microsoft update later the Windows Defender (so it's up to date) is now whining about a trojan virus; I've never cared much for what it says before but it's the first time it's straight deleted files off of my computer so I wanted to voice my concern.
Thank you very much for checking!
C0D3-M4513R
commented
8 months ago The easiest would be to just submit the sample to Microsoft as a false positive. Those can happen. But it is odd, that Microsoft does not detect this in Virustotal.
JustRed23
commented
8 months ago Update: https://www.spigotmc.org/threads/windows-defender-false-positives.639507/ This seems to be a general issue, it also just happened to me with the curios mod, still a false positive though ;)
So I've been trying to set up a server with the 1.3.3 launcher, and uhhh... well, it keeps saying that a trojan virus is detected, and that just deletes it. This doesn't happen with the ketting-1.20.2-48.1.0-5ab73d26-server.jar file, so, this seems pretty exclusive aand, I kinda don't want to have a virus on my old clanker. Hope somebody resolves where this is in the code and yeah, thanks.