Always get reconized as a Virus #20
Comments
|
You could use a different AV. Kaspersky is extremely hypersensitive. |
|
Fefeland was having the same issue with this version, and I believe it might be because I'm bundling the new Here is the exact same release, but with the For reference here is the MaterialSkin package I'm using. I've verified the MaterialSkin.dll it downloads from the package manager is safe And here is the version of ILMerge that I'm using as well. Straight from Microsoft's own website |
|
The files from this Zip doesn´t trigger the scanner.. |
|
Yeah, like I said, I suspect it's triggering the antivirus because it somehow detects that the I might start making releases as zip files from now on, but I was trying to stay with the previous convention of having a single |
|
Being a single |
|
Maybe release both..? |
|
Releasing both would be a good solution, I think |
|
I've updated the release with zip file to the unbundled version. |
|
AutoUpdater.Net Could be used to update for the people who choose to use the zip file. This would basically require a one time unzip and then the program would check for and install updates on launch. It requires an xml and zip file that the program can access on a server (you can grab them straight from the github repo). This works great other than the fact that it doesn't really have a great way for initial install. If we found a good way to unzip the files the first time and create a desktop shortcut I think this would work great. Otherwise it does still work well, but it does break away from having the single exe launch. I have a POC here, it has some changes that wouldn't carry over to the final but I didn't feel like making em better in case you guys didn't wanna go that route (I deleted the install button just to make an obvious change when you run the updater) |
|
In Bitdefender, BeatSaberModInstaller is detected as a virus that "Gen: Heur.Zatk.Jn0@buS!". |
|
But when I execute the file that separates MaterialSkin.dll separately, Window10 warning window appears once, but it is no longer detected as a virus. Thank you. |
|
Windows "built-in" virus/trojan detector |
|
Yeah, as far as I'm aware it's just detecting that an additional file (the MaterialSkin.dll) has been added into the Here is the post build event that I'm using to create the release, if anyone is interested. Moon has suggested I try https://github.com/Fody/Costura to merge the two files, and I might give that a shot. I'm also considering just moving to zip file releases instead, but I'd have to change the updater logic. If anyone has any other suggestions for getting these two files into a single |
|
Could someone having this issue please test this build? |
Hey, megalon I was having the issue of windows anti-virus "recognizing" a trojan virus, I gave your build you just posted and it worked fine, windows warning me about it still came up but did not stop it so this build you wanted tested works fine. |
|
For me it's not just recognized as a trojan but a full blown swedish ransomware by G DATA referred to as Trojan.GenericKD.3016333 (google it and see) which to me is very worrying |
|
So, looking into the source code myself, I'm raising quite a few red flags here. I was planning on writing my own version anyway, but I strongly suggest that there'll be a good look at the dependencies used, and why they're even there in the first place. Additionally, if multiple anti-virus solutions are flagging this with a trojan warning, I'd rather trust those than ignore them, since its highly alarming in the first place. And simply bundeling materialskin.dll with the exe, doesn't cause this, as the exe itself is flagged even when not bundled. |
|
What are you using to decompile it? Where are you seeing the RegHelper.cs? Where are you seeing this encryption module? Were you able to build from source and get a drastically different executable than the one I've released? The previous version (v0.3.1) was made using ILMerge, because it was simply the first working solution I found to bundle the MaterialSkin.dll in with the BeatSaberModManager.exe. I decided to bundle the two together because if you tried launching the executable without the MaterialSkin.dll present, it simply wouldn't launch. All of the external resources used are taken from the NuGet package manager within Visual Studio, if you're interested in taking a look I'm considering releasing a "classic" version of the Mod Manager with the Material Skin removed, because there are many people unable to use it. |
|
Also, Beat Drop 2 has soft launched, and now has the ability to download and install mods It is also open source now |
I'm not decompiling anything, I'm just opening the .sln and taking a look at the "dependencies" folder which contains RegHelper, which, to my eye looks into the registry. As well as ICSharpCode.SharpZipLib, which, I'm assuming is used for extracting zip files, but has an odd encryption module
Also, I was talking about the exe still being flagged as maleware even when using the unbundled version, which is most likely due to it having weird dependencies. Like I said, just looking at the code from the https://github.com/beat-saber-modding-group/BeatSaberModInstaller.git download, shows me there's a lot that is just bad practice. And as I noted before, take a good look at everything and consider starting over from square one. This isn't a personal attack by the way. It's just me looking at the code and going "why is this even here?..." Just poking around I can see quite a few things that would trigger normal AV solutions since they're not required to be there. |
|
Looks like RegHelper.cs was added back on Aug 1st last year when Umbranox rewrote the Mod Manager for ModSaber support. It actually looks like it's not being used for anything. I'm not able to find references to any of the functions outside of the class itself. He likely added it while working on Steam and Oculus path detection path detection, which uses registry keys. The ICSharpCode.SharpZipLib dependency is used for unzipping the files downloaded from BeatMods (and previously ModSaber). The encryption functionalities of that lib are just a part of that library, but they aren't used in this project as far as I can tell. |
|
I imagine the encryption functions are for working with encrypted zips |
|
Malwarebytes is also detecting the latest version (3.2.0) as malware ( |
|
We did some tests using builds without the originally offending code, rebuilding old versions that were scanned as clean previously, etc, and they are all getting hits on VirusTotal now. We believe that AVs added the program to their databases and see our attempts to clean up the offending code as trying to bypass their detection. |
|
The newest release of this didn't provide the courtesy release with the dll separated and that again flamed this fire. Can we either give up on including the skin or include it as a separate file? If people move the exe away from the dll, that's a problem of their own making, whereas bundling them together inside the exe is a problem forced upon folks by design. |
|
AVs are detecting it even without the dll now, since it seems they added the program to their databases. |
|
I've added an unbundled zip to the release However, I ran that exe through VirusTotal and got similar results to the bundled version. As Assistant said, it seems that BitDefender and others have add the app to their database and it doesn't care anymore if it's bundled or not. If you'd like to try yourself, download the source, build a new release, upload it to VirusTotal, and see if it flags it. I'm going to try and remove some of the unused "red flags" that harleyknd1 pointed out, but we may need to just start over with a new application, considering that it's flagging new builds of old (previously "clean") releases. If you are still experiencing this issue and don't want to disable your AV, I'd again suggest you use Beat Drop instead. |
|
To anyone still having this issue, I've release a "Classic" edition of the Mod Manager that does not include the MaterialSkin.dll, and a few other tweaks as well. See the branch here |
|
To be honest the best thing to do would probably be to start from scratch with coding and documentation guidelines. |
|
I am working on something |
and others
Hello at everyone.
The ModInstaller gets reconized as an Trojan from Kaspersky Security Suite eevry time i try to strat it.
I won´t disable my anti virus for this so is there anything i could do against this?
The text was updated successfully, but these errors were encountered: