Mod is being marked as a virus via BitDefender #25
Comments
|
|
|
k |
|
@Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47 |
|
It's probably just a false positive. I've submitted the file to the av and
let them know
…On Fri, 10 May 2024 at 18:55, VidTu ***@***.***> wrote:
@Treazul <https://github.com/Treazul> either your specific JAR is
infected, your PC is infected with something else or you're getting
man-in-the-middle-attacked:
https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
—
Reply to this email directly, view it on GitHub
<#25 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Correction, it is a false positive.
…On Fri, 10 May 2024 at 19:07, Sam ***@***.***> wrote:
It's probably just a false positive. I've submitted the file to the av and
let them know
On Fri, 10 May 2024 at 18:55, VidTu ***@***.***> wrote:
> @Treazul <https://github.com/Treazul> either your specific JAR is
> infected, your PC is infected with something else or you're getting
> man-in-the-middle-attacked:
> https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
>
> —
> Reply to this email directly, view it on GitHub
> <#25 (comment)>, or
> unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
Scratch that.
I clicked "Reanalyse" on virus total and it's reporting
[image: image.png]
…On Fri, 10 May 2024 at 19:13, Sam ***@***.***> wrote:
Correction, it is a false positive.
On Fri, 10 May 2024 at 19:07, Sam ***@***.***> wrote:
> It's probably just a false positive. I've submitted the file to the av
> and let them know
>
> On Fri, 10 May 2024 at 18:55, VidTu ***@***.***> wrote:
>
>> @Treazul <https://github.com/Treazul> either your specific JAR is
>> infected, your PC is infected with something else or you're getting
>> man-in-the-middle-attacked:
>> https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
>>
>> —
>> Reply to this email directly, view it on GitHub
>> <#25 (comment)>, or
>> unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/AAIOXSRMRFAEBGLHFFEAEB3ZBSDPLAVCNFSM6AAAAABHOJHJPKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBUGIZDAMJYGM>
>> .
>> You are receiving this because you were mentioned.Message ID:
>> ***@***.***>
>>
>
|
|
for fs sake, what they don't like |
|
maybe they don't like the way it uses a lot of method injections like here for multiversion support |
|
what's funny, the latest gh actions snapshot is not being detected (even after reanalyzing) by any vendor |
|
*got this on mod version 1.2.2, the file extension isn't .jar, it's .bNIhAX the full file my av shows is Ksyxis-1,2,2,jar.bNIhAX download method: modpack via prism launcher, downloading from modrinth. trying to download the mod again seems to end with a random string as the file extension, not just ".bNlhAX" my AV is called "Vipre". |
|
@Dorrivix it seems like your antimalware renames it |
|
it doesn't trigger with downloading version 1.2.1 |
|
well it also doesn't with 1.2.3-SNAPSHOT, you can reverse engineer 1.2.2 JAR and find nothing there. it was probably incorporated in some bigger malware (such as infected Minecraft modpack) and now antimalware flags it. i will not update JAR until I'll add 1.20.5 compat in a few days. |
|
hopefully fixed in 1.3.0. |
|
BitDefender no longer flags 1.2.2 as infected, other vendors should follow shortly |
Upon running a modpack with this mod bitdefender has marked it as infected
The file D:\ATLauncher\instances\TerraFirmaGreg\mods\Ksyxis-1.2.2.jar is infected with Trojan.GenericKD.72678267 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The text was updated successfully, but these errors were encountered: