The weird part is, I'm not sure whether LibsDisguises has an auto update feature (I always turn these off in general) and this wasn't flagged on any other scans of my system in the past, despite not having manually updated the plugin in months. Also, I've got a second server running the same plugin on the same machine and it wasn't ever being flagged. I tried taking the identical file out of a zipped server backup and Windows immediately quarantined it, also VirusTotal wasn't entirely happy about it either: https://www.virustotal.com/gui/file/23425245154f29cac8891bf4215bd90f4b86a3329f9529a71e374d85074ff00f
After getting rid of the file, I scanned both my server folders with Windows Defender, jNeedle, Overwolf's jar infection scanner, and MCAntiMalware, and only the latter of which turned up with a few harmless false positives that were there beforehand. I asked the author of MCAntiMalware and he didn't seem to be too concerned about it. Waiting on a full WinDefender system scan now but I can't find any more info on this.
Think this was a false positive after a recent definition update? Let me know if you need any more info, the file would have likely come from https://ci.md-5.net/job/LibsDisguises/. The MMPA's dead so I'm looking for some security advice. Thanks!
Hey there - I know I'm not a verified premium user (although I could have sworn I bought this a while ago?) but this is kind of urgent.
I run a small private server for a few friends and suddenly received an alert late last night from Windows Defender telling me to restart my system after Defender quarantined LibsDisguises-10.0.37-Free.jar for Trojan:AndroidOS/Multiverze. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:AndroidOS/Multiverze&ThreatID=2147785333
The weird part is, I'm not sure whether LibsDisguises has an auto update feature (I always turn these off in general) and this wasn't flagged on any other scans of my system in the past, despite not having manually updated the plugin in months. Also, I've got a second server running the same plugin on the same machine and it wasn't ever being flagged. I tried taking the identical file out of a zipped server backup and Windows immediately quarantined it, also VirusTotal wasn't entirely happy about it either: https://www.virustotal.com/gui/file/23425245154f29cac8891bf4215bd90f4b86a3329f9529a71e374d85074ff00f
After getting rid of the file, I scanned both my server folders with Windows Defender, jNeedle, Overwolf's jar infection scanner, and MCAntiMalware, and only the latter of which turned up with a few harmless false positives that were there beforehand. I asked the author of MCAntiMalware and he didn't seem to be too concerned about it. Waiting on a full WinDefender system scan now but I can't find any more info on this.
Think this was a false positive after a recent definition update? Let me know if you need any more info, the file would have likely come from https://ci.md-5.net/job/LibsDisguises/. The MMPA's dead so I'm looking for some security advice. Thanks!