Win32/Cloxer.D!cl trojan found in 0.9.0 installer. #2057

xianglo · 2018-12-05T06:06:25Z

Please close this issue if this is a typical randomizer that Windows defender may find disagreeable. My download was hash checked.

devinbileck · 2018-12-05T07:04:25Z

Hmm. I am not encountering that. Are your definitions up to date?
I also ran it through VirusTotal and it came up clean: https://www.virustotal.com/#/file/6f3753d269f4906da664a1948cb9593b72a0bf5a033e20bd4ce9265f6e892f2b/detection

ripcurlx · 2018-12-05T08:42:55Z

AVG Anti Virus also didn't complain when I checked all files included in the release.

ManfredKarrer · 2018-12-05T10:49:57Z

Would be nice to have that check at https://www.virustotal.com be integrated in the build process (beside doing the manual check with avg).

devinbileck · 2018-12-05T17:13:38Z

They provide a free public API that can be used: https://www.virustotal.com/en/documentation/public-api/
Should be as simple as:

curl -v -F 'file=@/path/to/file' -F \
  apikey=${VT_API_KEY} https://www.virustotal.com/vtapi/v2/file/scan

ManfredKarrer · 2018-12-05T17:58:02Z

@ripcurlx Can you try it out in the 0.9.1 release?

xianglo · 2018-12-06T07:05:58Z

I had defender delete it and havent had ny problems using 0.9.0. Im only booted into Windows temporarily. Ill keep an eye.

ManfredKarrer · 2018-12-06T16:25:22Z

The probably detect tor and flag is by default as malware....

ManfredKarrer · 2018-12-06T23:30:57Z

Close it as it is a false positive

ripcurlx added re:security in:build labels Dec 5, 2018

ManfredKarrer assigned ripcurlx Dec 5, 2018

ManfredKarrer closed this as completed Dec 6, 2018

Provide feedback