search

rkapl123 / DatePicker

A Datepicker independent of MSCOMCT2, also for 64bit Excel
MIT License
3 stars 1 forks source link

Trojan Detected #2

Open DevDesk opened 1 year ago

DevDesk commented 1 year ago

Upon downloading the ZIP folder; Windows Security detected:

Trojan:Win32/Wacatac.H!ml containerfile: C:\Users_\Downloads\DatePicker-main.zip file: C:\Users_\Downloads\DatePicker-main.zip->DatePicker-main/Distribution/DatePicker32.xll webfile: C:\Users___\Downloads\DatePicker-main.zip|https://codeload.github.com/rkapl123/DatePicker/zip/refs/heads/main|pid:17972,ProcessStart:133183605089372705

rkapl123 commented 1 year ago

Hi Steve! Well, this is a quite far-spread problem with Excel-DNA based add-ins, as 1) some malware authors use Excel-DNA for their excel viruses and 2) virus scanners have sometimes too broad heuristics and exclude other add-ins that are not viruses. I've checked downloading the zip packages in the tags and discovered that for me only edge came up with a virus warning. No warnings in firefox and chrome. I'll put a correction to https://www.microsoft.com/en-us/wdsi/filesubmission...

rkapl123 commented 1 year ago

I have put the false positive into MS Defenders submission site, they couldn't reproduce the malware scan anymore and advised me to update the signatures to the latest version:

  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run MpCmdRun.exe -removedefinitions -dynamicsignatures
  3. Run MpCmdRun.exe -SignatureUpdate After doing that the download of the tag zip package worked again without showing a virus.
ascattolini commented 1 month ago

Hi, I have similar issues by Palo Alto Cortex XDR antivirus, the following is an extrapolation from my event viewer: "Suspicious DLL detected" for: DatePicker-main\Distribution\DatePicker64.xll DatePicker-main\Distribution\DatePicker32.xll AppData\Roaming\Microsoft\AddIns\DatePicker.xll "Suspicious process creation detected" for: DatePicker-main\Distribution\enableAddin.vbs Can you help me? Thanks Antonio

rkapl123 commented 1 month ago

Hi, the only way to resolve this is to make a false positive request at https://live.paloaltonetworks.com/t5/virustotal/virustotal-verdict-change-request-for-false-positive/td-p/287364 , they have a template that you can fill and report it as false positive.

-regards, Roland