Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trojan Horse #429

Open
Ruyeex opened this issue Jan 13, 2025 · 9 comments
Open

Trojan Horse #429

Ruyeex opened this issue Jan 13, 2025 · 9 comments

Comments

@Ruyeex
Copy link

Ruyeex commented Jan 13, 2025
edited
Loading

I got a Trojan horse because of the website the redirects to another one.
I can't tell why since I don't know what happened, but it's ridiculous despite being the official website.
On mobile, it works fine, but on PC I don't know why.
Link: https://sourceforge.net/projects/pysolfc/files/
OS: Windows 11 Home
Version: 3.2.0
@Ruyeex
Copy link
Author

Ruyeex commented Jan 13, 2025

image

@joeraz
Copy link
Collaborator

joeraz commented Jan 14, 2025
edited
Loading

There is a recurring issue with Python apps falsely being recognized as containing malware. See https://pysolfc.sourceforge.io/faq.html for more info.

@Ruyeex
Copy link
Author

Ruyeex commented Jan 14, 2025

That's strange behaviour.
What can we do to fix it?

@joeraz
Copy link
Collaborator

joeraz commented Jan 14, 2025

All we really can do is report it to the antivirus app as a false positive. Or you can run from source.

I've been trying to come up with a proper solution for years, but haven't got anywhere. It seems to be a problem inherent in compiled Python apps, and probably has to be fixed somewhere higher up.

@THEtomaso
Copy link

I reported this as a false positive to Avast five days ago.
..but so far; no response.

@joeraz
Copy link
Collaborator

joeraz commented Jan 23, 2025

Just to confirm, I reported it to Windows Defender the other day, and they cleared it as safe.

@MidnightStallion
Copy link

Just to confirm, I reported it to Windows Defender the other day, and they cleared it as safe.

I just got the latest virus definition updates for Windows Defender, and it is still reporting it as being infected with Trojan:Win32/Wacatac.B!ml

@joeraz
Copy link
Collaborator

joeraz commented Jan 26, 2025

I just got the latest virus definition updates for Windows Defender, and it is still reporting it as being infected with Trojan:Win32/Wacatac.B!ml

Here's what Microsoft told me:

Please follow the steps below to clear cached detections and obtain the latest malware definitions.

 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
 3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus

Thank you for contacting Microsoft.

If that doesn't work, you should probably try submitting the file yourself at https://www.microsoft.com/en-us/wdsi/filesubmission

@MidnightStallion
Copy link

Thanks, joeraz. Following the command line instructions you gave worked. It is not being reported as infected anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joeraz @THEtomaso @Ruyeex @MidnightStallion