Go Down

Topic: VIRUS DETECTED in Arduino IDE 1.9 beta.zip Download (Read 310 times) previous topic - next topic

Justdidit

While attempting to compile Marlin 2.0 firmware on a 32-bit board I had to download Arduino IDE 1.9.  While extracting the zip file Comodo Internet Security tripped on the serial-discovery.exe and detected a trojan.  I disabled the anti-virus and extracted the serial-discovery.exe with 7-zip and uploaded the file to VirusTotal and 14 engines detected this file as being infected.

DEVS might want to scan your computers for viruses

https://www.virustotal.com/#/file/3377af91c133e0d3130eed960261ae8cfd72c673d306df619c0965a81935745c/detection


Justdidit

I re-ran the file analyzer on the serial-discovery.exe and now 18 anti-viruses are detecting it as infected.

Justdidit

#2
Feb 12, 2019, 02:00 am Last Edit: Feb 12, 2019, 02:06 am by Justdidit
Now 24 virus scanning engines are reporting this file as infected.  I just downloaded the 1.9 beta and ran a scan and Comodo Internet Security again flagged the serial-discovery.exe as a trojan.

It's been over a week since I reported this to the devs and this forum.

This file will be taken down or I will report this to the FBI Internet Crime Complaint Center.




https://www.virustotal.com/#/file/3377af91c133e0d3130eed960261ae8cfd72c673d306df619c0965a81935745c/detection

pert

It's been over a week since I reported this to the devs
How did you report it to the devs? If you did so publicly, please add a link here so that we can access all the relevant information.

This file will be taken down or I will report this to the FBI Internet Crime Complaint Center.
Keep in mind that it's very common for antivirus programs to generate false positives. They use similar algorithms so when one has a false positive, others are likely to as well. It can be difficult for a small software company to get the antivirus software companies to act quickly on requests to investigate and fix false positives.

I'm not saying I'm absolutely sure that this is a false positive, but it certainly wouldn't be the first time.

It would be nice if someone from Arduino took a look at this and gave an official statement. However, you should be aware that Arduino employees never read this section of the forum. The people who do read this section of the forum have no power to do anything about what you've reported. So you shouldn't get upset about a lack of official response if this is the only place you've reported the issue.

DrAzzy

Are you sure it's not a false positive, or a positive due to a heuristics? Both are quite common. McAfee is known to get false positives from the Arduino IDE and processes related to it (as well as many other legitimate programs)

Nobody else has complained about it, which makes me suspect it isn't a legitimate positive.
ATtiny core for 841+1634+828 and x313/x4/x5/x61/x7/x8 series Board Manager:
http://drazzy.com/package_drazzy.com_index.json
ATtiny breakouts (some assembled), mosfets and awesome prototyping board in my store http://tindie.com/stores/DrAzzy

westfw

FWIW, I downloaded 1.9 to a sandbox, and:
1) Windows Defender doesn't complain about the install, or about running serial-discovery.exe
2) It appears to do what it is supposed to do when run - responds to the commands in the source code with meaningful results.

So if it's actually a virus, it'd have to be a pretty "deep" virus, built into the GO compiler or one of its libraries or something.  That seems to stretch credibility; I'm pretty sure this is a false positive.


Go Up