GithubHelp home page GithubHelp logo

Comments (17)

PELock avatar PELock commented on May 18, 2024 3

Whitelist where possible, ignore elsewhere. Those AV bastard employees get to pay for every detection they can put in a database, so they are more than happy to put any hacking tool on their lists. Especially if they use it themselves, that's the case with most of the system or hacking tools even with highly popular tools like Process Hacker.

Some engines and signatures are licensed to other companies and if one of them puts you in their lists it's then spread to other AV products as well. No easy way out of false-positive detection hellhole, there is always some AV jerk who will think it's important to put your tool in Win64!HackingTool category or some other shit.

from die-engine.

horsicq avatar horsicq commented on May 18, 2024 1

Thanks for the info. The only thing that can be done is to wait until I have saved up enough money from donations to digitally sign the application. :)

from die-engine.

PELock avatar PELock commented on May 18, 2024 1

That won't help you anyway, don't waste your money.

from die-engine.

halamix2 avatar halamix2 commented on May 18, 2024 1

die_win32_portable_noloader_3.00.zip is not reported by Firefox or Windows defender
VT zip: https://www.virustotal.com/gui/file/6a84c5605b7274ba0a1f31ee5af8d145da8838d9e69adbc7ede83bf736d05af1/detection
VT exe: https://www.virustotal.com/gui/file/75ba2c92fc956e3eccce48de56f7f221469f0c531e550cc59a1c785243080082/detection

from die-engine.

RedDragonWebDesign avatar RedDragonWebDesign commented on May 18, 2024 1

I just downloaded die_win32_portable_3.00.zip.

  1. Google Chrome is blocking it and there's no whitelist. To bypass, you have to google the message, then go into your settings and completely turn off Safe Browsing.

  2. Webroot Antivirus is detecting it as a virus and is quarantining it as soon as the user navigates to the unzipped folder in Windows Explorer.

I strongly dislike antivirus false positives. I'm sorry your project has to deal with this.

image

image

from die-engine.

horsicq avatar horsicq commented on May 18, 2024 1

https://github.com/horsicq/DIE-engine/releases/tag/3.01

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

Hello! Thanks a lot for the information!

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

I sent the information to Microsoft: https://www.microsoft.com/en-us/wdsi/submission/f24af0e1-727f-47c4-a6c0-85af3fdc6a70

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
  3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.

from die-engine.

halamix2 avatar halamix2 commented on May 18, 2024

Windows no longer reports trojan, however Firefox 79.0 reports this file as malicious

Virustotal for die.exe file, 22 engines reported file as malicious ("invalid-rich-pe-linker-version" note is here but not on 2.05): https://www.virustotal.com/gui/file/cf5a19f0611de377178ca54d2ece443a4203f18d6de55fa9e9969a38fb53ca55/detection

In comparison 2.05 was only reported as malware by 4 engines (usually lesser known ones are more likely to report false positive): https://www.virustotal.com/gui/file/6e802a66da626c456961577881ade3a9869e88e8051bc3a4a6955508aa4f5430/detection

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

hmm. Did you tested: die_winxp_portable_3.00.zip ?

from die-engine.

halamix2 avatar halamix2 commented on May 18, 2024

die_winxp_portable_3.00.zip doesn't trigger neither Windows Defender nor Firefox, and is clean according to Virustotal: https://www.virustotal.com/gui/file/64eb30cba9e6ab4f3c7b72c4d34e39ede91ac30d97d6975e4670921500be4ff6/detection

Virustotal for die.exe from die_winxp_portable_3.00.zip: https://www.virustotal.com/gui/file/7bcc028ac392ae642da90eaf1b47f9977fdeca383ee1d97c67d70e99f34a3092/detection

Windows Defender doesn't report the file (I have to reboot for testing on Windows, so it takes some time)

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

That won't help you anyway, don't waste your money.

Do you know another solution? Just ignore the false detects?

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

@halamix2 Could you please try this? https://github.com/horsicq/DIE-engine/releases/download/3.00/die_win32_portable_noloader_3.00.zip

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

@halamix2 Thanks a lot!

from die-engine.

horsicq avatar horsicq commented on May 18, 2024

Hello @RedDragonWebDesign Just try this file: https://github.com/horsicq/DIE-engine/releases/download/3.00/die_win32_portable_noloader_3.00.zip

from die-engine.

graysuit avatar graysuit commented on May 18, 2024

Thanks for the info. The only thing that can be done is to wait until I have saved up enough money from donations to digitally sign the application. :)

As like PElock suggested, "Don't waste money in buying expensive signatures". It won't help.

Proof:
See, these all files are digitally signed and have valid certs. But see how much they are detectable.
https://github.com/tresacton/PasswordStealer
https://www.virustotal.com/gui/file/96a74d742c4cc761d1807f263844ad6c152f54b248362d2a2dc832d030dc29d8/details

Give some time to anti's to make your files recognizable.
lol !

from die-engine.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.