Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Build 6962 Detected as Trojan/Malicious by Virustotal #2144

Closed
5 tasks done
DougieDoodles opened this issue Apr 29, 2024 · 3 comments
Closed
5 tasks done

Windows Build 6962 Detected as Trojan/Malicious by Virustotal #2144

DougieDoodles opened this issue Apr 29, 2024 · 3 comments

Comments

@DougieDoodles
Copy link

Help us help you

  • I have checked that my issue doesn't exist yet.
  • I have tried my absolute best to reduce the problem-space and have provided the absolute smallest test-case possible.
  • I can always reproduce the issue with the provided description below.

Environment

  • Operating System version: Windows 10
  • Current SourceMod version: 1.11
  • Current SourceMod snapshot: build 6962
  • Current Metamod: Source snapshot:

Description

  • Tried updating sourcemod to latest
  • After extracting zip, Windows defender removed "sourcemod\extensions\sdktools.ext.2.bms.dll"
  • Confirmed by uploading the zip file to virus total service
  • I checked Linux version of the same build and it was fine
  • I checked latest dev build and the issue is still present

Problematic Code (or Steps to Reproduce)

1. download version 1.11 build 6962 windows
2. upload to virustotal

Logs
@Mooshua
Copy link

Mooshua commented May 8, 2024
edited

The heuristics seem to dislike L4D2/L4D sourcemod cores and the BMS edition of sdktools, and of course SourcePawn. All but SourcePawn are rarely updated and last had their prebuilts updated last decade, assuming no one force-pushed to hide any changes.

Do we sign the release binaries? This feels like something that would be solved by slapping a cert on it, especially since the linux versions come out clean (assuming that there isn't a backdoor in there somewhere)

@armanossiloko
Copy link

armanossiloko commented May 30, 2024
edited

A friend of mine noticed something similar on his version (build 6964).
image

EDIT: He tried reinstalling SourceMod and the same happened. A couple of DLLs are being removed automatically. Could we get a new build where this won't happen?

@asherkin
Copy link
Member

Could we get a new build where this won't happen?

You should report it as a false positive to your AV vendor - rebuilding won't help.

@asherkin asherkin closed this as not planned Won't fix, can't repro, duplicate, stale May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@asherkin @DougieDoodles @armanossiloko @Mooshua