search

simonsteele / pn

Programmer's Notepad
373 stars 115 forks source link

pn2421440_multilang.exe triggers Windows Defender #149

Closed nessatse closed 7 years ago

nessatse commented 7 years ago

On Windows 10, downloading pn2421440_multilang.exe is blocked by Windows Defender due to Trojan: Win32/Vigorf.A

veheluuk commented 7 years ago

I am also having this very same problem on two different computers. Both running Windows 10. This really blows, been using Programmer's Notepad for a good 10+ years :|

Scanned the files via virustotal.com and none of their scanners detect anything. Windows Defender finds Trojan:Win32/Vigorf.A. Virustotal said someone had scanned the file 3 hours ago, so I suspect many people are having this problem.

Here are the virustotal scan results: https://www.virustotal.com/fi/file/f71deb2c89c6aa622c8e47c024dd0d3805c677d4b98dc270eb5085fae5925f06/analysis/1488975691/

simonsteele commented 7 years ago

Ugh, sorry to hear this. Needless to say this build has been out for some while and all of a sudden today I'm getting multiple reports of this. As far as I'm aware, it's a false alarm.

I reported it to Microsoft here (not sure if you can see it):

https://www.microsoft.com/en-us/security/portal/submission/SubmissionHistory.aspx?SubmissionId=95daf3ba-9af4-4fee-b0c9-c664bcd6ac0c

They claim it doesn't detect a threat. I'm not sure what do to apart from this.

veheluuk commented 7 years ago

Thank you for your comment Simon.

I suspected this was a false positive since the beginning. Let's if Microsoft comes up with an answer. The link you posted is visible for everyone.

veheluuk commented 7 years ago

So the Microsoft Malware Protection Center now shows this sample being clean: https://www.microsoft.com/en-us/security/portal/submission/SubmissionHistory.aspx?SubmissionId=95daf3ba-9af4-4fee-b0c9-c664bcd6ac0c

I've redownloaded PN from your site and scanned it using virustotal: https://virustotal.com/en/file/f71deb2c89c6aa622c8e47c024dd0d3805c677d4b98dc270eb5085fae5925f06/analysis/1489070356/

This was the previous scan of the downloaded PN that triggered Windows Defender: https://www.virustotal.com/fi/file/f71deb2c89c6aa622c8e47c024dd0d3805c677d4b98dc270eb5085fae5925f06/analysis/1488975691/

Both files have same SHA256 hash, and are therefore most likely the very same file. Windows Defender is no more detecting anything. Looks like it indeed was false positive.

Nice to have this solved, thanks for your help Simon.

nessatse commented 7 years ago

Yep, I can confirm its downloading and installing successfully now.

Thanks Simon