Windows Defender reports Trojan virus in freshly downloaded release

niXman / mingw-builds-binaries

MinGW-W64 compiler binaries

GNU General Public License v3.0

2.63k stars 152 forks source link

Windows Defender reports Trojan virus in freshly downloaded release #69

Open LogixTheDev opened 7 months ago

LogixTheDev commented 7 months ago

Windows Defender is reporting a Trojan:Win32/ScarletFlash!MSR threat in padlock.dll within the files downloaded from your x86_64-13.2.0-release-win32-seh-msvcrt-rt_v11-rev0.7z release package.

This could be a false positive but since I'm no expert, I'm reporting it to you either way.

starg2 commented 7 months ago

This is a duplicate of #56.

LogixTheDev commented 7 months ago

This is a duplicate of #56.

Thanks, I had looked at that report, however they're talking about Trojan.Gen.MBT, and this is reporting Trojan:Win32/ScarletFlash!MSR. These would appear to be different.

Either way, I've done my part in due diligence... if you're confident that this is the same issue then by all means feel free to close this issue, but please do verify that this is either a false positive, or the different programs are reporting the same virus under different names (though I would think this would be unlikely, it's more likely that they are separate).

( I also don't know what's up with @sfhacker trying to downvote the issue report... I'm literally just reiterating the facts as they're presented to me. If there's a problem with the report, you need to tell me what it is. Are you unhappy because you're the one who put a virus in the file and you didn't want people to notice? That's the only reason I can think of for you to downvote a virus report! )

ericLemanissier commented 5 months ago

Same thing happened for me: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FScarletFlash!MSR&threatid=2147894063 @niXman do you know what this padlock.dll is used for ? Can we simply remove it ?

niXman commented 2 months ago

do you know what this padlock.dll is used for ? Can we simply remove it ?

i dont know. could you please research for this?

starg2 commented 2 months ago

padlock.dll is part of OpenSSL. It accelerates AES encryption and SHA calculation by utilizing VIA PadLock instructions supported by VIA x86 processors.

niXman commented 2 months ago

Can we find out WHO placed that infamous DLL in this installer?

sure, - Github-Actions =)

@starg2 are these processors still being produced? I'll paraphrase: does it make sense to supply padlock.dll as part of the builds?

starg2 commented 1 month ago

@starg2 are these processors still being produced?

At least, the company is still in operation...

I'll paraphrase: does it make sense to supply padlock.dll as part of the builds?

Actually no, but msys2 has been distributing it without issues.