Mod is being marked as a virus via BitDefender
Closed this issue · 15 comments
Upon running a modpack with this mod bitdefender has marked it as infected
The file D:\ATLauncher\instances\TerraFirmaGreg\mods\Ksyxis-1.2.2.jar is infected with Trojan.GenericKD.72678267 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
k
@Treazul either your specific JAR is infected, your PC is infected with something else or you're getting man-in-the-middle-attacked: https://www.virustotal.com/gui/file/8e97bb392718099d54377738a3501284eef98fbd54f6b46b4350fc9267ef4d47
for fs sake, what they don't like
maybe they don't like the way it uses a lot of method injections like here for multiversion support
what's funny, the latest gh actions snapshot is not being detected (even after reanalyzing) by any vendor
*got this on mod version 1.2.2, the file extension isn't .jar, it's .bNIhAX
the full file my av shows is Ksyxis-1,2,2,jar.bNIhAX
download method: modpack via prism launcher, downloading from modrinth.
trying to download the mod again seems to end with a random string as the file extension, not just ".bNlhAX"
my AV is called "Vipre".
it doesn't trigger with downloading version 1.2.1
well it also doesn't with 1.2.3-SNAPSHOT, you can reverse engineer 1.2.2 JAR and find nothing there. it was probably incorporated in some bigger malware (such as infected Minecraft modpack) and now antimalware flags it. i will not update JAR until I'll add 1.20.5 compat in a few days.
BitDefender no longer flags 1.2.2 as infected, other vendors should follow shortly