AndersMalmgren
commented
2 years ago Open russjeffcoat opened 2 years ago
AndersMalmgren
commented
2 years ago 
Doomguy13
commented
2 years ago yeah, i noticed something similar a week or so back and posted an issue about it. it seems to just be false positives (at least that seems to be the main belief of those to responded to my post!), but i agree that it's still a worrisome thing when it pops up and "better safe than sorry" is always my go-to thought process.
i understand that false positives are very frequent, but since the reports seem to be so varied in quantity, what's getting detected seems to vary, and that the earlier versions don't come up with the same detections, i've personally deleted it for now for peace of mind.
Virustotal found this
https://www.virustotal.com/gui/file/b793c4e7a1f79aa7019e4c04c657da4d991ba515dc9503ac947613dfe4e324a0
interesting, when i ran it through virustotal last week, it only came up with 8 detections. wonder what would cause the number to go up.
dbass81
commented
2 years ago I'm also getting this virus detected from Microsoft Defender. I don't like running software that is a potential virus on my computer.
AndersMalmgren
commented
2 years ago When it has so many detections on virustotal then I'm reluctant too.
zeropointo
commented
2 years ago In addition to the above, BitDefender reports Gen:Variant.Lazy.163906
The release before this, 1.0.2, does not trip BitDefender. If you desperately want to give this a try you might download that version instead.
dbass81
commented
2 years ago Why isn't this being addressed by the project leader? It seems like so many viruses being detected isn't just a false positive.
leeadama
commented
2 years ago Same here. Either one of the 1.0.3 pre-release binaries are still being detected with 13 hits on VirusTotal and still on Windows Defender. Don't know what the deal is but 1.0.3 should be pulled until the issue has been resolved.
databoose
commented
2 years ago Same here. Either one of the 1.0.3 pre-release binaries are still being detected with 13 hits on VirusTotal and still on Windows Defender. Don't know what the deal is but 1.0.3 should be pulled until the issue has been resolved.
It is not the project leader's responsibility to make sure that antiviruses won't have false positives, if you're blindly trusting an AV detection without doing any actual investigation of your own through heuristics and sandboxing then that is your fault, not the project leader's fault.
databoose
commented
2 years ago Why isn't this being addressed by the project leader? It seems like so many viruses being detected isn't just a false positive.
Why would the project leader have to address something that is not his fault and out of his control? This is such a stupid question.
zeropointo
commented
2 years ago ad·dress /əˈdres,ˈaˌdres/
"Think about and begin to deal with (an issue or problem)."
In this case provide some feedback, perhaps a possible cause, perhaps some observations.
Perfectly valid question on a forum intended for communicating with a project owner about problems with a repository.
leeadama
commented
2 years ago The newest release 1.0.5 still triggers multiple (11) hits on VirusTotal and the developer has not responded to this issue at all as far as I am aware.
https://www.virustotal.com/gui/file/8cfb4bf83a330aae487e3346eab766d9f866e66edd7531ea197555b314be5951
It does not Trigger Windows Defender though (on my system at least). YMMV.
Also, don't feed the trolls.
databoose
commented
2 years ago The newest release 1.0.5 still triggers multiple (11) hits on VirusTotal and the developer has not responded to this issue at all as far as I am aware.
https://www.virustotal.com/gui/file/8cfb4bf83a330aae487e3346eab766d9f866e66edd7531ea197555b314be5951
It does not Trigger Windows Defender though (on my system at least). YMMV.
Also, don't feed the trolls.
Have you actually provided any heuristics to suggest that the program is malicious or are you just going to keep spamming pointless virustotal detections that indicate pretty much nothing at all?
If you're not even going to do the bare minimum, don't bother opening up a github issue, this place is not for you, you are the end user and obviously not someone who is technically inclined.
leeadama
commented
2 years ago The latest version (1.0.7) tests clean on Virustotal, Defender & F-Secure. https://www.virustotal.com/gui/file/56b8a6325dfa7c944cd66f227cb85ba0cc6e95504e13fbff146ab39a5145c7bf?nocache=1
It is deeply disturbing however that the only response this issue ever got is from a Troll, the developer never so much as commented.
AndersMalmgren
commented
2 years ago The latest version (1.0.7) tests clean on Virustotal, Defender & F-Secure. https://www.virustotal.com/gui/file/56b8a6325dfa7c944cd66f227cb85ba0cc6e95504e13fbff146ab39a5145c7bf?nocache=1
It is deeply disturbing however that the only response this issue ever got is from a Troll, the developer never so much as commented.
Its not clean on virtual total
https://www.virustotal.com/gui/file/173513c6b6bb93988c63d71322c51dcae03cefbe3133c80df90ea7548797c9e9
leeadama
commented
2 years ago The latest version (1.0.7) tests clean on Virustotal, Defender & F-Secure. https://www.virustotal.com/gui/file/56b8a6325dfa7c944cd66f227cb85ba0cc6e95504e13fbff146ab39a5145c7bf?nocache=1 It is deeply disturbing however that the only response this issue ever got is from a Troll, the developer never so much as commented.
Its not clean on virtual total
https://www.virustotal.com/gui/file/173513c6b6bb93988c63d71322c51dcae03cefbe3133c80df90ea7548797c9e9
Yeah, but that's just the .zip file. Since it's an archive and not executable it couldn't possibly be a trojan. That one has to be a false positive. Extract the .zip file and test the actual executable.
AndersMalmgren
commented
2 years ago The latest version (1.0.7) tests clean on Virustotal, Defender & F-Secure. https://www.virustotal.com/gui/file/56b8a6325dfa7c944cd66f227cb85ba0cc6e95504e13fbff146ab39a5145c7bf?nocache=1 It is deeply disturbing however that the only response this issue ever got is from a Troll, the developer never so much as commented.
Its not clean on virtual total https://www.virustotal.com/gui/file/173513c6b6bb93988c63d71322c51dcae03cefbe3133c80df90ea7548797c9e9
Yeah, but that's just the .zip file. Since it's an archive and not executable it couldn't possibly be a trojan. That one has to be a false positive. Extract the .zip file and test the actual executable.
Did you test the dlls too?
leeadama
commented
2 years ago The latest version (1.0.7) tests clean on Virustotal, Defender & F-Secure. https://www.virustotal.com/gui/file/56b8a6325dfa7c944cd66f227cb85ba0cc6e95504e13fbff146ab39a5145c7bf?nocache=1 It is deeply disturbing however that the only response this issue ever got is from a Troll, the developer never so much as commented.
Its not clean on virtual total https://www.virustotal.com/gui/file/173513c6b6bb93988c63d71322c51dcae03cefbe3133c80df90ea7548797c9e9
Yeah, but that's just the .zip file. Since it's an archive and not executable it couldn't possibly be a trojan. That one has to be a false positive. Extract the .zip file and test the actual executable.
Did you test the dlls too?
Not with VirusTotal but they were scanned by F-Secure & Defender. Feel free to scan them and post your results.
Andrew-Cottrell
commented
2 years ago Yeah, but that's just the .zip file. Since it's an archive and not executable it couldn't possibly be a trojan. That one has to be a false positive. Extract the .zip file and test the actual executable.
Switch to the RELATIONS tab in VirusTotal to see the detections made within the ZIP file. In this case, MaxSecure detected "Trojan.Malware.300983.susgen" in libogg.dll.
Given only a single security vendor detected an issue, it's probably safe to assume it is a false-positive.
FYI, this compiled version of the "libogg.dll" library is from https://github.com/sultim-t/prboom-plus-rt/releases/download/v2.6.1-rt1.0.2/prboom-rt-windows-dependencies.zip and VirusTotal reports the same detection.
I have reported this to MaxSecure as a false-positive using the https://maxsecureantivirus.com/submit_aFalse_Positive.htm form.
The same detection has occurred for some other repositories during the last two years
Update (2022-05-11): I have received the following message from the Max Secure Support Team
We have forwarded your details to our Research Team and they will provide fix in the next updates.
Update (2022-05-16): VirusTotal now has an updated version of MaxSecure that no longer detects "Trojan.Malware.300983.susgen" in libogg.dll, prboom-rt-windows-dependencies.zip, or prboom-rt-1.0.7.zip.
leeadama
commented
2 years ago ...
Switch to the RELATIONS tab in VirusTotal to see the detections made within the ZIP file. ...
I didn't know that was a thing. Thank you for pointing that out. It'll save me a fair amount of time actually.
databoose
commented
2 years ago The latest version (1.0.7) tests clean on Virustotal, Defender & F-Secure. https://www.virustotal.com/gui/file/56b8a6325dfa7c944cd66f227cb85ba0cc6e95504e13fbff146ab39a5145c7bf?nocache=1
It is deeply disturbing however that the only response this issue ever got is from a Troll, the developer never so much as commented.
Please do not make accusations if you have no idea what you are talking about when it comes to malware analysis.
After extracting prboom-rt-1.0.3-nvidia.zip I performed a right click [Scan with Microsoft Defender...] on the extracted directory. This detected Program:Win32/Uwamson.A!ml in the prboom-plus.exe file. Microsoft Defender was able to quarantine the threat. I deleted the extracted directory and zip and downloaded the zip again, same result. This still may be a false positive but I thought I should still let you know. A little search soon revealed that this has occurred in other github projects, Example: [https://github.com/clangen/musikcube/issues/436]
Attached is an image of the Windows Security report:
.