-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
McAfee reported trojan Artemis with klink.exe within build v0.73.2.2 zip #105
Comments
Same here using Windows Security |
Also happens with v0.73.2.3 of the kitty.exe file. |
3 out of 70 engines at VirusTotal.com detect it as malicious, the others don't: |
Thanks @bersbersbers but I prefer to use the original release file links for the check instead of file upload. See latest files has no issues. I confirm I've updated to latest release https://github.com/cyd01/KiTTY/releases/tag/v0.73.2.3 and |
@kecskemethy Interesting, it is still marked by Windows here. The uncompressed version is not marked as unsafe, just as the locally build version. |
|
The latest file still has issues, you just have to make sure you look in the right place: When I visit this URL, and click Details, and click the SHA-256 body value, which is
I arrive at
Microsoft Trapmine I don't believe this is fixed yet. I rather think your URL scanner scans the URL, but not the body, so you think the body is fine while it's not. By the way, now Chrome starts nagging about the security of |
I can confirm that kitty.exe (release 0.73.2.3) is declared as malware (trojan) by "McAfee Endpoint Security" a few minutes ago. |
"Windows Defender" kicks the 0.73.2.3 kitty.exe now as a "Trojan_Win32/Wacatac.C!ml" |
Yes I stand corrected @bersbersbers Thanks for taking time and fixing me. Also I have the same issue now as reported above cannot use Kitty anymore. :( |
There are 17 now and the /url/ links are not that helpful, because this checks only if the URL itself is in a blacklist and not if the file itself is detected as a virus. |
I downloaded and extracted kitty-bin-0.73.2.2.zip from the following git page:
https://github.com/cyd01/KiTTY/releases
After the file was extracted, I received the following warning by McAfee Endpoint Security:
Below is from the McAfee log Please let me know if I can provide more details.
Analyzer / Detector
Analyzer content creation date | 1/30/2020 8:21 AM
Product name | McAfee Endpoint Security
Product version | 10.6.1
McAfee GTI query | Yes
Task name | On-Access Scan
Feature name | On-Access Scan
Threat
Action taken | Delete
Threat category | Malware detected
Threat detected on creation | Yes
Threat event ID | 1027
Threat handled | Yes
Threat name | Artemis!DA8C95003384
Threat severity | Critical
Threat timestamp | 1/31/2020 1:50 PM
Threat type | Trojan
Source
Source hostName | xxx
Source process name | C:\Windows\explorer.exe
Target
Target access time | 1/31/2020 1:49 PM
Target create time | 1/29/2020 8:45 AM
Target file size (bytes) | 310784
Target hash | da8c950033845dadbe3dd68e0c8c8e92
Target host name | xxx
Target modify time | 1/31/2020 1:49 PM
Target name | klink.exe
Target path | D:\Downloads\KiTTY\v0.73.2.2
Target user name | xxx\xxx
Other
Vector type | Local System
Cleanable | Yes
Detection message | McAfee Endpoint Security detected a threat.
Detection quarantine ID | {246A86AA-3933-4039-BA3F-2B725B9BCFCD}
Duration before detection (days) | 0
Description | xxx\xxxran C:\Windows\explorer.exe, which attempted to access D:\Downloads\KiTTY\v0.73.2.2\klink.exe. The Trojan named Artemis!DA8C95003384 was detected and deleted.
First action status | Succeeded
First attempted action | Clean
Second action status | Failed
Second attempted action | Delete
The text was updated successfully, but these errors were encountered: