I've tried to download and expand the exe for GemiNaut a couple times, and my antivirus (Vipre) pulls out the executable every time saying it's "Virus.Generic" or something. Anyone else seeing this? This is Geminaut 0.8.7 package from: https://www.marmaladefoo.com/pages/geminaut
This reminds me, I did have Malwarebytes freak out over the marmaladefoo domain but didn't care about Geminaut itself -------- Original Message -------- On 30 Aug. 2020, 4:51 pm, Pete D. wrote: > I've tried to download and expand the exe for GemiNaut a couple times, > and my antivirus (Vipre) pulls out the executable every time saying it's > "Virus.Generic" or something. Anyone else seeing this? > > This is Geminaut 0.8.7 package from: > https://www.marmaladefoo.com/pages/geminaut
Hi Jake and Pete Pete: Its likely to be a false positive, but if you can send me any further context privately I'll see if there is anything I can do. GemiNaut is compiled from source, you can do so yourself https://github.com/LukeEmmet/GemiNaut Also Jake, if there is any further context you can provide about the domain I'll take a look. But there is nothing strange going on as far as I am aware. Mutter mutter, antivirus, mutter... Best wishes - Luke On 30-Aug-2020 09:51, Jake wrote: > This reminds me, I did have Malwarebytes freak out over the > marmaladefoo domain but didn't care about Geminaut itself > > > > > > > -------- Original Message -------- > On 30 Aug. 2020, 4:51 pm, Pete D. < peteyboy at sdf.org> wrote: > > > I've tried to download and expand the exe for GemiNaut a couple times, > and my antivirus (Vipre) pulls out the executable every time > saying it's > "Virus.Generic" or something. Anyone else seeing this? > > This is Geminaut 0.8.7 package from: > https://www.marmaladefoo.com/pages/geminaut >
Here are the results for the v0.8.7 GemiNaut ZIP[1] on VirusTotal: https://www.virustotal.com/gui/file/304c7c7895843699c3c35fae961aaece2be46d6 790eda9adb9c848cbecc0e8e6/detection 15 anti-virus engines detetected the file as something malicious, mostly declaring it a Trojan or "Gen:Variant.Ursu.931094". This is likely because the ZIP contains an EXE and some DLLs, which triggers[2] many anti-viruses. Here are the results for just the GemiNaut.exe file in the ZIP: https://www.virustotal.com/gui/file/df4039fa3f7804c0035636ce0e2304a027652c0 50ecf9348f2974ef93d05538d/detection 10 engines detected it this time, almost all labelling it again as "Gen:Variant.Ursu.931094". Hope this is useful, makeworld 1: https://www.marmaladefoo.com/vanilla/marmaladefoo/uploads/geminaut/GemiNaut_v0_8_7.zip 2: https://github.com/Fody/Costura/issues/294
Thanks makeworld thats really helpful. It at least explains some of it. I guess I should crack on and build a proper installer, rather than simply circulate a zip. I've been meaning to. Also the scanners can probably detect that GemiNaut will make calls to other applications (like gemget). Of course all of that is legitimate, but perhaps that in itself also looks suspicious. sigh - Luke On 30-Aug-2020 17:21, colecmac at protonmail.com wrote: > Here are the results for the v0.8.7 GemiNaut ZIP[1] on VirusTotal: > > https://www.virustotal.com/gui/file/304c7c7895843699c3c35fae961aaece2be46 d6790eda9adb9c848cbecc0e8e6/detection > > 15 anti-virus engines detetected the file as something malicious, > mostly declaring it a Trojan or "Gen:Variant.Ursu.931094". > > This is likely because the ZIP contains an EXE and some DLLs, which > triggers[2] many anti-viruses. > > Here are the results for just the GemiNaut.exe file in the ZIP: > > https://www.virustotal.com/gui/file/df4039fa3f7804c0035636ce0e2304a027652 c050ecf9348f2974ef93d05538d/detection > > 10 engines detected it this time, almost all labelling it again as > "Gen:Variant.Ursu.931094". > > > Hope this is useful, > makeworld > > > 1: https://www.marmaladefoo.com/vanilla/marmaladefoo/uploads/geminaut/Gem iNaut_v0_8_7.zip > 2: https://github.com/Fody/Costura/issues/294 >
---