search

zynerd / RevertSteam

Reverts Steam back to the version prior to the Library UI update.
The Unlicense
34 stars 5 forks source link

Windows Defender detects as trojan horse #2

Open steelstring94 opened 4 years ago

steelstring94 commented 4 years ago

Windows 10 Home. Downloaded on Chrome. The .exe is erased instantly as a virus. I downloaded and ran this a couple times yesterday (it didn't do anything), but today when I tried to re-run it (I tried running as administrator), it was detected as a trojan and deleted. Re-downloading, same thing, detected as trojan.

cae1136 commented 4 years ago

Download URL detected as suspicious, if downloaded file is flagged as infected with Gen:Suspicious.Cloud.1.xm0@aymldLk.

mintopia commented 4 years ago

Same with McAfee.

LeeC2202 commented 4 years ago

Deleted by Microsoft Security Essentials here too, says it's "Trojan:Win32/Zpevdo.B"... that was the downloaded exe file.

However, building the solution on my own PC causes no problems. Copying the built exe onto the desktop didn't cause MSE to delete it and scanning the exe directly said no threats were detected.

FamilyGuy0395 commented 4 years ago

Detected as virus and auto-deleted for me to

Would love a fix for this

zynerd commented 4 years ago

I'll look into it asap, sorry for the delay

LeeC2202 commented 4 years ago

Maybe they are all detecting all the URLs inside the exe with the code that downloads things and are over-reacting based on that.

As I said in my comment, the project builds fine and the exe is left intact, so it might be something related to how the file is checked when it is downloaded. If that's the case, then it's not something you can fix, it's up to the AV people to mark the exe as safe. If people submit the file as a false positive, that can help things along.

Mrpfn commented 4 years ago

This is Virus Total report for Revert Steam tool and this Jotti malware scan report.

steelstring94 commented 4 years ago

Maybe they are all detecting all the URLs inside the exe with the code that downloads things and are over-reacting based on that.

As I said in my comment, the project builds fine and the exe is left intact, so it might be something related to how the file is checked when it is downloaded. If that's the case, then it's not something you can fix, it's up to the AV people to mark the exe as safe. If people submit the file as a false positive, that can help things along.

Did you checksum the exe you compiled versus the release version?

zynerd commented 4 years ago

I'm currently working on getting a Publisher’s Digital Certificate for the program. This will hopefully help with the program getting picked up as malware.