Mirai virus

[InfoLibre]

https://www.virustotal.com/gui/file/da28fcd5f8668f3ecf38ae48161ea9c00c6a7517fd08695f7985b4e6ccdf6d34/detection
https://www.virustotal.com/gui/file/0410043931953e7805fdb747f2a25c409ad0b6ed85807e222f30e995ab7352c4/detection
https://www.virustotal.com/gui/file/76667f2a4d659ee034b17dd675b010731e7d6e921845ed195e542b0c15eab178/detection

ClamScan :

https://www.virustotal.com/gui/file/aaa6878a39788e3a385918c4e1a5cd35ab276795f2325a09e4dba2f6a8d03d17/detection

https://www.virustotal.com/gui/file/dfdbc0e785a7c8e44da626eb6cf299b3a0b34b92c21e97654ad73eb909cd3062/detection

https://www.virustotal.com/gui/file/cda64cc6c7344b6b7470de727c936479b08b313025faffdde6b9c620f0993f4a/detection

https://www.virustotal.com/gui/file/69b552d2aee1b1b622e6dffcda8f7f9a68d8c8512e508a07e53524cac9f91fcb/detection

https://www.virustotal.com/gui/file/e1b5c93d1dc30f50b2ab7e57facbcf93af709f069bbf2c057eb4868dd7650f48/detection

https://www.virustotal.com/gui/file/aaa6878a39788e3a385918c4e1a5cd35ab276795f2325a09e4dba2f6a8d03d17/detection

https://www.virustotal.com/gui/file/c2ea92a5011482a8c654df42e48dceb78cfcd4d5e4d59d68ab340e756be3d284/detection

[ventoy]

All this files are build from source which is 100% open souce. So I don't know why they report them as warning.
Take xzcat for example, let me tell you how to build it.

1. download https://www.uclibc.org/downloads/binaries/0.9.30.1/mini-native-x86_64.tar.bz2
2. download busybox source code from https://busybox.net/downloads/busybox-1.32.0.tar.bz2
3. decompress mini-native-x86_64.tar.bz2 
4. chroot mini-native-x86_64
5. decompress busybox-1.32.0.tar.bz2
6. download https://github.com/ventoy/Ventoy/blob/master/BUSYBOX/x86_64_xzcat.config to busybox-1.32.0 
7. rename x86_64_xzcat.config to .config
8. make
9. you fill get ./busybox file, rename ./busybox to xzcat
10. upload this xzcat to https://www.virustotal.com/  and many engines will report warning.

Use https://github.com/ventoy/Ventoy/blob/master/BUSYBOX/x86_64_ash.config and go through step 1-10, you will get ash
Use https://github.com/ventoy/Ventoy/blob/master/BUSYBOX/x86_64_hexdump.config and go through step 1-10, you will get hexdump

Anyway, Ventoy is 100% open source.

[InfoLibre]

In https://www.uclibc.org/downloads/binaries/0.9.30.1/mini-native-x86_64.tar.bz2 :

https://www.virustotal.com/gui/file/e3686c960bd29a830c81a5c0396638b73bb7949b3f707fe029d4fbbff9ebe1d4/detection

No virus in my own /sbin/ldconfig on my Linux Mint computer : https://www.virustotal.com/gui/file/bfd5df90c7f070feab584435f106f254ffffaa268a04de5b5c3bd61d59c092f3/detection

[ventoy]

OK, now you should report an issue to https://www.uclibc.org
But I absolutely believe that they will ignore your report.
Uclibc is a very commonly used tool.

[InfoLibre]

Done : https://bugs.busybox.net/show_bug.cgi?id=13396
For the other files (vtoytool_64, 64h, dmsetup64, ventoy.cpio), do you create them with other tools ?

[ventoy]

64h is the same as ash I noted above, they have same checksum value.
I described all the files and build instructions here:
https://github.com/ventoy/Ventoy/blob/master/DOC/BuildVentoyFromSource.txt

[InfoLibre]

I tested all. No other alerts excepted for imdiskinst and Ventoy2Disk.exe :
https://www.virustotal.com/gui/file/1e5291ad53e8b90f88882eeef791e8b5f162aef020e55a633cec4d1581acce4e/detection
https://www.virustotal.com/gui/file/da28fcd5f8668f3ecf38ae48161ea9c00c6a7517fd08695f7985b4e6ccdf6d34/detection

[ventoy]

https://github.com/ventoy/Ventoy/blob/master/DOC/BuildVentoyFromSource.txt (5.8 imdisk)

As for Ventoy2Disk.exe, I have made a advance declaration here: https://github.com/ventoy/Ventoy/releases
You can use VisualStudio to open https://github.com/ventoy/Ventoy/blob/master/Ventoy2Disk/Ventoy2Disk.sln and build it easily.

[InfoLibre]

On uClibc bugtraker, they recommand to use uClibc-ng instead of uClibc but they do not really answer about an examination of their code.

[foureight84]

Windows is now detecting this is as a threat as well. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aScript%2fForetype.A!ml&threatid=2147724345

[ventoy]

I have rebuild some binaries with musl-libc.
It seems that these files do not appear to be considered viruses.

https://github.com/ventoy/Ventoy/blob/master/INSTALL/tool/x86_64/ash
https://github.com/ventoy/Ventoy/blob/master/INSTALL/tool/x86_64/xzcat
https://github.com/ventoy/Ventoy/blob/master/INSTALL/tool/x86_64/hexdump
https://github.com/ventoy/Ventoy/tree/master/INSTALL/ventoy/ventoy.cpio
https://github.com/ventoy/Ventoy/blob/master/DMSETUP/dmsetup64
https://github.com/ventoy/Ventoy/blob/master/IMG/cpio/ventoy/busybox/64h

[InfoLibre]

Indeed. Excepted in ventoy.cpio//ventoy/ventoy/tool.cpio.xz//lz4cat64 : https://www.virustotal.com/gui/file/31fa518ddf1a2a66459670f085980339429e65039676dc4202ed289b5ddb0362/detection

And for vtoytool_64 ?

[ventoy]

I have rebuilt lz4cat64 with musl-libc

https://github.com/ventoy/Ventoy/tree/master/VtoyTool/vtoytool/01/vtoytool_64 was deleted.
This is just for experimental support for some special distro.

[fhdk]

Windows users has to be paranoid - it comes with the territory 😁

I have been servicing a client for 25 years for which I have built software for Windows where said software is blocked by Windows - simply due to the fact that Windows doesn't know about it.

I regularly help my clients employees - and my software - proprietary to the company - has no virus embedded -

[ventoy]

The latest release should have no such false positive. I will close this issue now.

[InfoLibre]

https://www.uclibc.org/downloads/binaries/0.9.30.1/mini-native-x86_64.tar.bz2: https://www.virustotal.com/gui/file/b3768ddc9d82c9ca9d313b1de1d16902b1d8fd58f886253aff961a8ade4fc6e9