Taiga update detected as a trojan?

[hopelessperson]

[TheAlaine]

Same here.

[betatan]

Same here, using Nod32 Antivirus 8

[Injabie3]

8/55 detection on VirusTotal: https://www.virustotal.com/en/file/6ebd9254be96429b70d998830eabbb19cfe3d87834604a5ee968ad7b0e649cbb/analysis/1439256631/

[erengy]

It was 2/56 when I first submitted it, went ahead to 8/55 at night, and now it's 7/56... I don't understand why they're classifying TaigaSetup.exe as a trojan, but not Taiga.exe itself. Besides, I haven't changed anything in the setup in the last 5 months.

I've reported the file as a false positive to Avast, Avira, Baidu, ESET, Kaspersky and McAfee. So far, only Kaspersky replied:

Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Sincerely yours,
Chris Zachor,
Junior Malware analyst.

Still waiting to hear back from the others (it can take up to 48 hours, they say). I'm tired of doing this on every new release, though (see: #19).

For those who're rightfully skeptical about the warnings, you can try running TaigaSetup.exe in Sandboxie and see for yourself: It just copies the files to the install location, and creates shortcuts on desktop and the Start menu. You can also examine the NSIS script of the setup here.

---

All right, ESET replied too:

Dear Eren Okka,

Thank you for your submission.
It is a false positive of our scanner and this issue will be fixed in our next signature update.

Regards,

ESET Malware Response Team

[TheAlaine]

First thank you very much for this programm, it is a blast and i dont want to manage my anime without it anymore. Glad to here it was a false alarm. And thanks for the quick reply :)

[Aurielle]

Having the same problem, thanks for the false positive reports. Keep up the good work 👍

[kie8]

Having the same problem but with bitdefender. It deleted taiga.exe and I can't even re-install it.

[TheAlaine]

Btw after the new signature update on Eset nod 32 you cant even download it anymore, it just blocks the download site. Had to disable the web protection to get it. But then i could install it without problems from eset.

[erengy]

@kie8
That's weird because VirusTotal says Taiga.exe is clean according to BitDefender. In any case, I sent them an email now.

@TheAlaine
NOD32 no longer classifies TaigaSetup.exe as malicious, but now it thinks the download link is... I just sent another mail to them, requesting the domain to be whitelisted.

---

Okay, that was quick:

Dear Eren Okka,

Thank you for your submission.
The site will be unblocked in the next update.

Regards,

ESET Malware Response Team

---

BitDefender responded too, but haven't given a definitive answer:

Dear Eren Okka,

Thank you for the data provided. We have sent it to our laboratories for specialized analysis. If a false positive is found, detection will be removed in the next 72 business hours. Should you need further assistance in the future, please do not hesitate to contact us.

Thank you,
Bitdefender Customer Care Team

[betatan]

I added Taiga's folder to exceptions, it's faster. Dunno why nod detects it as this: http://www.virusradar.com/en/Win32_Spy.Zbot.AAO/description

[Injabie3]

Thanks @erengy, keep us posted 👍

[09eragera09]

@erengy I use windows defender, and so far I haven't had any problems. Well windows defender is shit, but atleast I can use taiga in peace.

[erengy]

Symantec products were detecting Taiga as "WS.Reputation.1", so I submitted an erroneous detection form and received the following response within an hour:

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

   EFD2EB2C5F2DB03772E4D64914F28FE9 - Taiga.exe

The updated detection(s) will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Please note that whitelisting can take up to 24 hours to take effect.

---

Avira, which had classified TaigaSetup.exe as "TR/Spy.ZBot.968021", responded after ~25 hours:

File ID	Filename	Size (Byte)	Result
28582352	TaigaSetup.exe	945.33 KB	FALSE POSITIVE

The file 'TaigaSetup.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

[Aurielle]

ESET has already whitelisted the domain and no longer detecting the setup as a virus. Great work 👍

[viddypiddy]

Windows Defender is detecting it for me now, on Windows 10! Darnit :')
Edit: As Trojan:Win32/Skeeyah.C!plock