search

stascorp / rdpwrap

RDP Wrapper Library
Apache License 2.0
14.53k stars 3.81k forks source link

v1.6.2 is showing viruses/trojans by several virus scanners #277

Open signal15 opened 7 years ago

signal15 commented 7 years ago

15/58 virus scanners are showing malware in this package. In v1.6, they also showed 5/58. Something shady is going on with this package. See virus scanning results here:

https://www.virustotal.com/en/file/fed08bd733b8e60b5805007bd01a7bf0d0b1993059bbe319d1179facc6b73361/analysis/1498759251/

Some of these look like they are specifically detecting rdpwrap, but some look like they are detecting WisdomEyes and other malware.

Also, the latest version of Chrome on Windows refuses to download v1.6.1 saying that it is "dangerous". It does download v1.6 just fine though.

ntlug commented 1 year ago

While I do not speak for Microsoft, this was a very active targeted detection by Microsoft and they raised (falsely) the detection to the highest level. So, you can try to hide, just realize that Microsoft is targeting this. With that said, they had to go "out of their way" a bit to make it so. In other words, it took some effort for Microsoft to do this work. My guess is that other AVs are merely following... (I mean, you wouldn't want to be the one AV that doesn't detect a very high level (highest) security problem).

EliezerBee commented 1 year ago

OK, let's say it's Microsoft targeting RDPWrap. But most RDPWrap users are also running AV solutions. So why not put everyone at ease by making the small change of not enabling RDP as part of the installation? If we could eliminate all the alarming AVs, RDPWrap users will be happier.

ntlug commented 1 year ago

My point is, the problem isn't necessarily going to "go away", as Microsoft has RDPWrap (specifically) in its sites. They'd love to dismantle all others as well, but the big #1, if all else fails, is to ensure that RDPWrap is stopped, by force or by "implied" force by scaring the pants off the end user. The "trickier" that RDPWrap becomes, sadly, means the more "virus like" it may appear.... but I'm not the developer. Would welcome a return to what "was"... just not sure it's possible.

jimboat63 commented 11 months ago

Malware bytes still showing virus detected. So, is this file infected or safe?

ChaseKnowlden commented 6 months ago

RDPWInst.exe: 48/72

sashaqwert commented 5 months ago

WARNING

RU: Если вы видите rdpwrap.ini, в котором в конце даты обновления стоит буква b, то этот INI активирует бекдор (требуется проверить!) Если буква a, то бекдор полностью отключается (требуется проверить).

EN: If you see rdpwrap.ini with the letter b at the end of the update date, then this INI activates the backdoor (needs to be checked!) If the letter is a, then the backdoor is completely disabled (needs to be checked).

affinityv commented 5 months ago

WARNING

RU: Если вы видите rdpwrap.ini, в котором в конце даты обновления стоит буква b, то этот INI активирует бекдор (требуется проверить!) Если буква a, то бекдор полностью отключается (требуется проверить).

EN: If you see rdpwrap.ini with the letter b at the end of the update date, then this INI activates the backdoor (needs to be checked!) If the letter is a, then the backdoor is completely disabled (needs to be checked).

What absolute nonsense!