Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows Defender quarantined nicotine+ because of "Trojan:Win32/Zpevdo.B" #1417

Closed
theherolink opened this issue Jun 8, 2021 · 8 comments · Fixed by #1421
Closed

Windows Defender quarantined nicotine+ because of "Trojan:Win32/Zpevdo.B" #1417

theherolink opened this issue Jun 8, 2021 · 8 comments · Fixed by #1421

Comments

@theherolink
Copy link

So as said in the title, Windows Defender found a trojan in Nicotine+.exe
I doubt this is real but want to make sure before I allow it in Defender.
Can software from github be compromised or is this false alarm?
I've been able to open it just 3 days ago

@jp-coetzee
Copy link

+1

This is mentioned several times on https://githubmemory.com/@Nicotine-Plus

@mathiascode
Copy link
Member

mathiascode commented Jun 8, 2021

See #1414 (comment)

To clear up the situation: We package Nicotine+ for Windows using PyInstaller, which essentially bundles required Python files and Nicotine+ into a package. There's also a bootloader included that launches the program, common for all programs using PyInstaller. When someone uses PyInstaller to spread malware, anti-virus vendors flag the whole bootloader as malicious, causing trouble for us and others using PyInstaller.

I'm not sure what to do about the situation in the long run, but AV-vendors have repeatedly shown us that they don't care about improving the situation. Signing the Windows builds would help the situation somewhat, but it's expensive for a small FOSS project like this.

In the meantime, the unstable Nicotine+ builds should yield less false positives.

@jp-coetzee
Copy link

Thanks for responding with such a clear explanation. I'll just add nicotine+.exe to my Defender exclusions.

@mathiascode
Copy link
Member

The stable 3.0.6 Windows packages/installers have been replaced. Let's hope they last this time.

@majkinetor
Copy link
Contributor

majkinetor commented Sep 6, 2021

Its not the last time. I created a package for chocolatey and x32 bit version got flagged by 6 antiviruses, while x64 version with 0.

See "Virus Scan Results" section or use direct link to VirusTotal:

@mathiascode mathiascode reopened this Sep 6, 2021
@slook
Copy link
Member

slook commented Sep 18, 2021

@majkinetor The incorrect Closed Issue #1012 is mentioned on https://community.chocolatey.org/packages/nicotine-plus

The Chocolatey package page should link to this Open Issue #1417 if possible.

@mathiascode
Copy link
Member

Closing as unresolvable with our current PyInstaller-based setup. I'll check if cx_Freeze gives us better results soon.

@mathiascode
Copy link
Member

Related: #1639

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging a pull request may close this issue.

5 participants