Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trojan:Win32/Tiggre!plock in tool_01DIY85(3.3.0).exe by defender & confirmed by virustotal #36

Open
herbbetz opened this issue Aug 23, 2019 · 16 comments

Comments

@herbbetz
Copy link

@herbbetz herbbetz commented Aug 23, 2019

Trojan:Win32/Tiggre!plock today (23 Aug 2019) found in tool_01DIY85(3.3.0).exe

tooltrojan

14 engines detected by:
https://www.virustotal.com/gui/file/33c91045877dd7442b2964583e87ed30bd4d46ea69064739e1a1cf8167910b11/detection

@57k

This comment has been minimized.

Copy link

@57k 57k commented Aug 23, 2019

I have the same finding in my windows 10 with the current master tool_01DIY85(3.3.0).exe

@jslay88

This comment has been minimized.

Copy link

@jslay88 jslay88 commented Aug 24, 2019

Yup, just had to go through a manual remove process for this virus. Lovely Chinese software. And they wonder why we are flashing the firmwares on these devices to tasmota...

@herbbetz

This comment has been minimized.

Copy link
Author

@herbbetz herbbetz commented Aug 24, 2019

No trace of virus removal in todays tool_01DIY85(3.3.0).exe
Seems even worse:
tooltrojan2

@herbbetz

This comment has been minimized.

Copy link
Author

@herbbetz herbbetz commented Aug 24, 2019

Is there some hope to ever get this tool free of viruses? Or alternative software? For me, sonoff mini is to small to solder flash wires on... I regret having bought this... The DIY-mode is a real pain...

@ZZLinvec

This comment has been minimized.

Copy link
Contributor

@ZZLinvec ZZLinvec commented Aug 24, 2019

This tool was written by me, packaged into exe, and uploaded to Github.I don't know why my hard-written code was checked for a virus.And this tool's code all uploaded to Github, everyone can review my code, whether there is a virus Trojan tool, a look at it.The open source model is meant to be used by more people, and we're certainly not going to hurt our customers.

@ZZLinvec

This comment has been minimized.

Copy link
Contributor

@ZZLinvec ZZLinvec commented Aug 24, 2019

Sorry for the inconvenience.But I must find out, this is an anti-virus software false alarm, or I really have a Trojan code.

@d-sudhakar

This comment has been minimized.

Copy link

@d-sudhakar d-sudhakar commented Aug 24, 2019

@ZZLinvec, it is always a good practice to sign a windows exe file. This will ensure that the publisher is identified and the code is not altered or corrupted since it is signed. Check out how to do Code signing for windows. Highly recommended at the earliest for this tool.

@jslay88

This comment has been minimized.

Copy link

@jslay88 jslay88 commented Aug 24, 2019

This tool was written by me, packaged into exe, and uploaded to Github.I don't know why my hard-written code was checked for a virus.And this tool's code all uploaded to Github, everyone can review my code, whether there is a virus Trojan tool, a look at it.The open source model is meant to be used by more people, and we're certainly not going to hurt our customers.

I had originally downloaded it onto an old laptop that isn't really updated or used often. Ran it there, had issues with the tool discovering the device. Then I attempted to download it on my daily driver Desktop, and Chrome, Firefox, and Windows itself, have all flagged it for containing this virus. I then checked the old laptop to see if the files that virus creates, existed, and they did. Had to update Windows Defender on the laptop, and it triggered and removed at that point as well.

@alexbk66

This comment has been minimized.

Copy link

@alexbk66 alexbk66 commented Aug 31, 2019

I then checked the old laptop to see if the files that virus creates, existed, and they did. Had to update Windows Defender on the laptop, and it triggered and removed at that point as well.

Really? So it's not false detection? Can you please provide details - what files it created? Where did you find the info?

@herbbetz

This comment has been minimized.

Copy link
Author

@herbbetz herbbetz commented Aug 31, 2019

31.8.19 still the same Virus found by virustotal.com/Microsoft in tool_01DIY85(3.3.0).exe

@alexbk66

This comment has been minimized.

Copy link

@alexbk66 alexbk66 commented Aug 31, 2019

I think Sonoff use Py2exe to compile Python code into exe. This is knows for false detection because Py2exe is also used to compile malware - producing similar signature.

@jslay88

This comment has been minimized.

Copy link

@jslay88 jslay88 commented Sep 5, 2019

@alexbk66

It’s been a couple weeks since I removed it. I just followed a google search result pertaining to the mentioned virus. There were a couple of registry keys and files in system32.

I also use Py2exe for a few projects (YouTubeDownload) and have never had this issue.

@alexbk66

This comment has been minimized.

Copy link

@alexbk66 alexbk66 commented Sep 6, 2019

@alexbk66

It’s been a couple weeks since I removed it. I just followed a google search result pertaining to the mentioned virus. There were a couple of registry keys and files in system32.

So you can't provide a link to the webpage with details?

@jslay88

This comment has been minimized.

Copy link

@jslay88 jslay88 commented Oct 16, 2019

Its been ages. I'm not actively working on these projects all the time. As I said, there are multiple google results for this signature. I expect you being on GitHub, you are capable of pulling this information yourself?

Where do you see that py2exe is associated with Trojan:Win32/Tiggre!plock? Cause a google search result of "Trojan:Win32/Tiggre!plock py2exe" returns 6 items, none of which actually have anything to do with py2exe.

https://www.google.com/search?q=Trojan:Win32/Tiggre!plock+py2exe&newwindow=1&sxsrf=ACYBGNQNfTG8bTq7DQ2Rk8WciVMbUW02fQ:1571211976101&filter=0&biw=1920&bih=983

@ptmoy2

This comment has been minimized.

Copy link

@ptmoy2 ptmoy2 commented Nov 22, 2019

Has been over a month since the last comment on this thread. Does anyone know what the status is? Too bad the author of the code "ZZLinvec" is silent after his initial comments; sure doesn't instill much confidence in his code.

@Panoru84

This comment has been minimized.

Copy link

@Panoru84 Panoru84 commented Jan 19, 2020

any news about this topic? Prove to be false detection? @ZZLinvec

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.