Virus 3/69 detected malware is it something to worry about

Question

Virus 3/69 detected malware is it something to worry about

Closed this issue 2 years ago · 12 comments

the exe file provided in the repo should:
not be included in the repo itself, but as a release
not weigh 20MB, the author's excuse being "additional libraries"
not show up on virustotal, as shown here
not have a TCP call to a VPS owned by akamai on launch

it seems pretty suspicious, i would honestly use other downloaders on GitHub.

Answer 1 · 2022-04-03T13:18:57.000Z

another thing is that both of the creators insist to friend request me on discord to talk and disprove their point, instead of coming on GitHub.

Answer 2 · 2022-04-03T13:44:03.000Z

Virus total flagging 3/69 can be a false positive tho. Happens with plenty of programs.

Answer 3 · 2022-04-03T14:11:06.000Z

Virus total flagging 3/69 can be a false positive tho. Happens with plenty of programs.

still doesn't make sense, why would they upload the exe to the repo like that? why would they be this scummy and not try to defend themselves on here?
why would the exe dump this stuff in the temp folder?

Answer 4 · 2022-04-03T15:54:06.000Z

The ip address that belongs to Akamai is used by spotify and my program uses the spotify api

also its being flagged unsafe only by 3 antiviruses these are probably false positives

Answer 5 · 2022-04-03T15:57:33.000Z

The files written you are seeing are time zone data which is utilised by the time module in the program

Answer 6 · 2022-04-03T16:07:46.000Z

you are very naive if you think 3/69 on virustotal immediately proves that its a virus.

Answer 7 · 2022-04-03T16:13:38.000Z

you are very naive if you think 3/69 on virustotal immediately proves that its a virus.

not to mention the three antiviruses that flagged it are completely unheard of. This is what a real virus looks like on virust total.

Also the reason we added the .exe was for the sake of ease of use.

Answer 8 · 2022-04-03T16:33:19.000Z

why would the exe dump this stuff in the temp folder?
like the author said, that is time zone data. Its not us. we believe its being done by the time module we have in the python script.

Answer 9 · 2022-04-03T16:36:15.000Z

the author's excuse being "additional libraries"

These are the modules/libraries used in the script

downloader.py

from os import remove,rename
from unicodedata import name
from urllib import request
from mutagen.mp4 import MP4,MP4Cover
from mutagen.id3 import ID3,TIT2,APIC,TALB,TPE1,TPE2,TYER,TRCK
from pytube import YouTube
from spotipy import Spotify
from spotipy.oauth2 import SpotifyClientCredentials
from youtube_search import YoutubeSearch
from threading import Thread
from datetime import datetime
from pydub import AudioSegment
from tkinter import messagebox
from mysql.connector import connect

gui.py

from PIL import Image,ImageTk #Python(PIL) image library for inserting images into the user interface
from tkinter.filedialog import askdirectory
from tkinter.ttk import Progressbar
import sys
from os import path as ospath
import downloader
from webbrowser import

Answer 10 · 2022-04-03T16:38:49.000Z

the author's excuse being "additional libraries"

These are the modules/libraries used in the script

downloader.py

from os import remove,rename
from unicodedata import name
from urllib import request
from mutagen.mp4 import MP4,MP4Cover
from mutagen.id3 import ID3,TIT2,APIC,TALB,TPE1,TPE2,TYER,TRCK
from pytube import YouTube
from spotipy import Spotify
from spotipy.oauth2 import SpotifyClientCredentials
from youtube_search import YoutubeSearch
from threading import Thread
from datetime import datetime
from pydub import AudioSegment
from tkinter import messagebox
from mysql.connector import connect

gui.py

from PIL import Image,ImageTk #Python(PIL) image library for inserting images into the user interface
from tkinter.filedialog import askdirectory
from tkinter.ttk import Progressbar
import sys
from os import path as ospath
import downloader
from webbrowser import

All these together make the exe come upto around 20 MB or so. BTW the exe is compilled using pyinstaller. Let us personally know if you would like to try to compile it.

Answer 11 · 2022-04-03T16:51:05.000Z

another thing is that both of the creators insist to friend request me on discord to talk and disprove their point, instead of coming on GitHub.

So firstly I do not get in app notification for issues I only get mail notifications for issues and i rarely see my mail which should explain why i did not talk on github and tried to dm you but instead you werent willing to listen and thats why i told my friend to dm you and try to make you understand that our program isnt malware

Answer 12 · 2022-04-04T16:48:39.000Z

Virus total flagging 3/69 can be a false positive tho. Happens with plenty of programs.

still doesn't make sense, why would they upload the exe to the repo like that? why would they be this scummy and not try to defend themselves on here? why would the exe dump this stuff in the temp folder?

just because they upload a binary to the git tree does not mean it is scummy, by that logic every file uploaded to a git remote should be considered just as scummy.

You should also realize that antivirus programs are not perfect, and occasionally when i write Go applications on Windows it wrongly flags it as a trojan virus, which it is not.