mpurses / Sonder

Rainmeter skin
https://www.deviantart.com/michaelpurses/art/Sonder-Rainmeter-skin-838147223
253 stars 12 forks source link

Flagged for Virus #11

Open MacaroniDuck opened 3 years ago

MacaroniDuck commented 3 years ago

Hello, I've been using your skin on my desktop for a couple of weeks and enjoy it, Thank you! I decided to place it on my laptop as well. I transferred the same files over and received a warning about a virus. Scanning it at VirusTotal.com, threw the following flags: DrWeb

Tool.NirCmd.2 Jiangmin

RiskTool.HideExec.ak Sophos

NirCmd (PUA) Ad-Aware

Undetected

It mentioned "3 flags" but only showed these 2 in red. I downloaded the file from DeviantArt as I'm not a programmer and it had the actual Rainmaker installer file. (I do not see one here at GitHub). Do I need to be concerned about these flags? Are the files at Deviant the same, just in the installer? Thank you!

mpurses commented 3 years ago

It's connected to using Nircmd for part of the Color Picker (click a color name text in the settings to use it). Which gets/sends data from/to the cursor for color data on your screen for the Eyedropper. So some scanners flag that as it could be used for nefarious purposes if used by the wrong people. But you are safe, I'm not evil.

https://www.bleepingcomputer.com/forums/t/640360/nircmd-should-i-be-concerned/

nircmd.exe Location: https://github.com/mpurses/Sonder/tree/master/Skins/Sonder/Settings/ColorPicker/Extra Used in these two places: https://github.com/mpurses/Sonder/blob/master/Skins/Sonder/Settings/ColorPicker/ColorPicker.ini#L221 https://github.com/mpurses/Sonder/blob/master/Skins/Sonder/Settings/ColorPicker/Eyedropper/Eyedropper.ini#L72

rmskin file here on github is the same as on deviantart.

MacaroniDuck commented 3 years ago

But that's exactly what someone evil would say!!! Seriously though, I suspected it was this but wanted to be sure as well as let you know Google was flagging things. Thank you again!