Application with a virus!
Operrr opened this issue ยท 5 comments
There is a downloader trojan in the app. I checked it on a test Windows, not only does the application not work so it installed Marlin3DprinterTools, you never know what malware can be installed without your knowledge. The author, clarify the situation and not deleting posts, or should I ask this question in a video on Youtube?
The program is not intentionally doing anything malicious. You don't need to take my word for it. Since stl-thumb is open source, you can easily verify this yourself by looking through the source code. Stl-thumb is not a complicated program, so this would not take long. If you wish to examine the code for the Windows installer package, you can also find that here. https://github.com/unlimitedbacon/STLThumbWindows
It is possible that the published release files were unintentionally infected somehow, but this seems unlikely since the Windows builds are done through Appveyor continuous integration, which spins up a new VM for each build. Even if my local machine was infected it would not spread because the published files do not come from my machine.
Please provide documentation of the specific behaviors you have observed that indicate a trojan. Here are some examples of what would be helpful in identifying and isolating malicious code.
- A packet trace of suspicious network activity
- A comparison between a clean build from source and the published files, showing some difference
- A disassembly or hex dump showing the presence of some known virus executable
I checked with the virustotal service. he discovered the trojan TrojanDownloader.Script.iam. Windows10 is blocking boot too
That is obviously a false positive. VirusTotal is a service that aggregates the results from many other companies antivirus engines. If you look at the results on VirusTotal, 68 of the 69 antivirus tools they use report that the Windows installer package for stl-thumb is clean. An obscure Chinese antivirus called Jiangmin detects something called "TrojanDownloader.Script.iam", but I cannot find any information on a virus by that name whatsoever. There are literally no results in a Google search. It is extremely common for antivirus tools to detect false positives. You should only use antivirus programs as an indicator that a virus might be present, not as proof.
In any case, you do not need to trust me and you do not need to trust the antivirus scanners either. Stl-thumb is open source so you have everything you need to do your own audit and make your own independent conclusion about whether or not the program does anything malicious.
Seems like the license file is getting detected as a "virus".
This simple change stops it from getting detected:
--- u4-t00-virus.txt 2021-04-25 19:00:24.000000000 +0200
+++ u4-t05-clean.txt 2021-10-14 15:37:43.771242600 +0200
@@ -1,5 +1,5 @@
{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}}
-{\*\generator Riched20 10.0.17134}\viewkind4\uc1
+{\*\generator Riched20 10.0.17135}\viewkind4\uc1
\pard\sa200\sl276\slmult1\f0\fs22\lang9 MIT License\par
Copyright (c) 2018 Tyler Anderson\par
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\parWould you like to submit a PR for that at https://github.com/unlimitedbacon/STLThumbWindows?