Windows Defender quarantined nicotine+ because of "Trojan:Win32/Zpevdo.B"

[theherolink]

So as said in the title, Windows Defender found a trojan in Nicotine+.exe
I doubt this is real but want to make sure before I allow it in Defender.
Can software from github be compromised or is this false alarm?
I've been able to open it just 3 days ago

[jp-coetzee]

+1

This is mentioned several times on https://githubmemory.com/@Nicotine-Plus

[mathiascode]

See #1414 (comment)

To clear up the situation: We package Nicotine+ for Windows using PyInstaller, which essentially bundles required Python files and Nicotine+ into a package. There's also a bootloader included that launches the program, common for all programs using PyInstaller. When someone uses PyInstaller to spread malware, anti-virus vendors flag the whole bootloader as malicious, causing trouble for us and others using PyInstaller.

I'm not sure what to do about the situation in the long run, but AV-vendors have repeatedly shown us that they don't care about improving the situation. Signing the Windows builds would help the situation somewhat, but it's expensive for a small FOSS project like this.

In the meantime, the unstable Nicotine+ builds should yield less false positives.

[jp-coetzee]

Thanks for responding with such a clear explanation. I'll just add nicotine+.exe to my Defender exclusions.

[mathiascode]

The stable 3.0.6 Windows packages/installers have been replaced. Let's hope they last this time.

[majkinetor]

Its not the last time. I created a package for chocolatey and x32 bit version got flagged by 6 antiviruses, while x64 version with 0.

• https://community.chocolatey.org/packages/nicotine-plus#virus

See "Virus Scan Results" section or use direct link to VirusTotal:

• https://www.virustotal.com/gui/file/166dbbb841ba34c349f9ebf556f4175d423a5fd29fd5c80b4c4a28a17aa71396/detection/f-166dbbb841ba34c349f9ebf556f4175d423a5fd29fd5c80b4c4a28a17aa71396-1630930029

[slook]

@majkinetor The incorrect Closed Issue #1012 is mentioned on https://community.chocolatey.org/packages/nicotine-plus

The Chocolatey package page should link to this Open Issue #1417 if possible.

[mathiascode]

Closing as unresolvable with our current PyInstaller-based setup. I'll check if cx_Freeze gives us better results soon.

[mathiascode]

Related: #1639