Virus detected in latest release (1.17.0-beta)

Question

Virus detected in latest release (1.17.0-beta)

Closed this issue a year ago · 4 comments

Windows detects this as a virus as of the latest update to windows defender. It was running with no issues until today.

Answer 1 · 2023-10-22T17:41:19.000Z

The changes in the last version were fairly minor (only in stylesheet and one line in settings).

From what i can gather is that "!ml" in the virus indicates that it's some sort of machine learning based virus detection method that can often produce false negatives -- https://www.reddit.com/r/cemu/comments/15s6d95/what_about_a_trojanwin32bearfoosaml/

I ran it through a few other virus scanners. Malwarebytes, windows defender on win10 and online scan from kaspersky -- https://opentip.kaspersky.com/EE0125F0AFC4019E299AA110F647E1B36C3B37368D635D8639099CF95834B528/results?tab=upload

Got no results, no viruses found.

"This threat can perform a number of actions of a malicious hacker's choice on your PC." -- https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Bearfoos.A!ml&ThreatID=2147731250

The description is vague and describes just about every executable that you can download from the internet and run on your computer.

If it's a false negative then i don't know what exactly is the triggering factor or if im compromised then i have no idea how to remove the virus from my system because it's not showing up.

I guess the only way to really assure a clean build is to build from the source.

Answer 2 · 2023-10-22T19:45:09.000Z

Thanks for checking. It worked fine for me for about a week and then all of a sudden it got detected as a virus.

Answer 3 · 2023-10-23T17:37:03.000Z

Yep, if anything the fact that it was running fine for a week before the virus was detected could indicate there's some sort of behavioral pattern triggering the virus alert.

Technically, if you maybe changed between highlight profiles it would have had to write all the new default settings for link colors into the settings files, which i guess could be considered an abnormal behavior if the settings had not been updated for a while and previously existing files were being overwritten. Which honestly seems a bit far fetched considering loggers are already very disk I/O heavy, or loading maps etc.

Another fix in the last version involved moving the text cursor before running links but i have no idea in what world would that be considered in any way malicious against your PC.

Answer 4 · 2023-10-28T22:43:52.000Z

It might be because I used the command to copy the layout from my other installation and save it to the new download.
I was able to download it today without any issue though so I'm going to go ahead and close this.

Thanks for checking into it!