PureBasic Trojan detected by Windows Defender
PureBasic Trojan detected by Windows Defender
A few weeks ago I downloaded the demo version of PureBasic from its official website. Now I'm getting this message on the two computers that I have it installed on.
Threat detected: Trojan:Win32/Wacatac.D!ml
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
Afffected items: .......\Temp\PureBasic_Compilation.exe
What's up with this?
Threat detected: Trojan:Win32/Wacatac.D!ml
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
Afffected items: .......\Temp\PureBasic_Compilation.exe
What's up with this?
When people are free to pursue goals unfettered by presumed limitations on what they can accomplish, they just may manage some extraordinary feats through the combined application of native talent and hard work. - David Mikkelson
Re: PureBasic Trojan detected by Windows Defender
hello
IDE PureBasic does not need to go on the Internet to function
then just go to Windows firewall and prohibit the connection and the problem is solved
bye
IDE PureBasic does not need to go on the Internet to function
then just go to Windows firewall and prohibit the connection and the problem is solved
bye
Re: PureBasic Trojan detected by Windows Defender
Preferences > Compiler > [X] Create temporary executable in the source directory
and exclude your sources directory from your virus scanner
%temp%\PureBasic_Compilation*.exe is the name of your compilation if you do not set a name.
and exclude your sources directory from your virus scanner
%temp%\PureBasic_Compilation*.exe is the name of your compilation if you do not set a name.
Re: PureBasic Trojan detected by Windows Defender
Thank you both for your replies. But my question is, why is a trojan being detected in the first place?
When people are free to pursue goals unfettered by presumed limitations on what they can accomplish, they just may manage some extraordinary feats through the combined application of native talent and hard work. - David Mikkelson
Re: PureBasic Trojan detected by Windows Defender
a Trojan can have an identical execution sequence of assembly or very close to a code compiled by PureBasic,
in case of doubt, it gives an alert
if you don't want to face this kind of trouble either you prohibit it or you give an exception for IDE PureBasic
best regard
in case of doubt, it gives an alert
if you don't want to face this kind of trouble either you prohibit it or you give an exception for IDE PureBasic
best regard
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: PureBasic Trojan detected by Windows Defender
Given that Fred (PB Developer and Owner) does not include Trojans in his code, there is nothing harmful to detect. This means that Windows Defender is giving a false-positive (rare, unlike products such as Avast that discover "threats" everywhere).
If in doubt about the safety of any exe file, you can upload it to Virus Total to see how many antivirus programs think there is an issue - but beware, many AV programs use the same engine and same database and consequently they can all report the same false result. It is mostly down to so-called heuristics code attempting to identify threats that are newer than the detection code.
You can report Windows Defender issues:
https://www.microsoft.com/en-us/wdsi/filesubmission
If in doubt about the safety of any exe file, you can upload it to Virus Total to see how many antivirus programs think there is an issue - but beware, many AV programs use the same engine and same database and consequently they can all report the same false result. It is mostly down to so-called heuristics code attempting to identify threats that are newer than the detection code.
You can report Windows Defender issues:
https://www.microsoft.com/en-us/wdsi/filesubmission
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
Re: PureBasic Trojan detected by Windows Defender
Thanks for the explanations ... and of course I never doubted Fred's honesty... God forbid... this software is proving to be a marvelous discovery for me, and pretty soon I'll be acquiring a professional licence.
Thanks all for the clarification.
Thanks all for the clarification.
When people are free to pursue goals unfettered by presumed limitations on what they can accomplish, they just may manage some extraordinary feats through the combined application of native talent and hard work. - David Mikkelson
Re: PureBasic Trojan detected by Windows Defender
Yup. A lot of more down-stream languages such as PB have this problem. You can just add an exclusion to your Windows Defender and you'll be fine. AutoIt also has this problem, but god only know what nasty stuff was made with it. Someone might've made a virus in PureBasic ages ago, thus triggering Windows Defender to detect similarities in the executable, and flag it. You can report it to Microsoft but chances are nothing will get done about it so it's just easier to add an exclusion.
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: PureBasic Trojan detected by Windows Defender
... I don't know of any programming language that is immune to false-positives. C/C++ = nightmare.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
Re: PureBasic Trojan detected by Windows Defender
False-positive alerts. Been discussed here before. Search the forums. Annoying as hell but not much we can do.cmartinez wrote:What's up with this?
Re: PureBasic Trojan detected by Windows Defender
Would be interesting to see the code you compiled/run that triggered the alert. Many av software never were really smart about it. Trigger anything unknown that call certain system apis or inet functions. It seems even worse nowadays. Any legitimate scripting is also a known case of trouble with antivirus engines. Heuristics my ass ;
Re: PureBasic Trojan detected by Windows Defender
A backup and compression too i wrote more than 5yrs ago just got flagged on Windows 10 defender. Seems like they are lowering the threshold for virus.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Re: PureBasic Trojan detected by Windows Defender
hello
Can Fred explain why the IDE uses a connection
when it compiles a code .. while IDE PureBasic
does not need a connection for this work, and why copy our source code under
the name "PB_EditorOutput.pb" in an area accessible to intruders
we have not option to prevent this
so i use windows firewall to prevent the IDE
connect without my knowledge without giving the reason for this connection.
because in portable mode can leave the source code
"PB_EditorOutput.pb"
in the client computer during the test
best regard
Can Fred explain why the IDE uses a connection
when it compiles a code .. while IDE PureBasic
does not need a connection for this work, and why copy our source code under
the name "PB_EditorOutput.pb" in an area accessible to intruders
we have not option to prevent this
so i use windows firewall to prevent the IDE
connect without my knowledge without giving the reason for this connection.
because in portable mode can leave the source code
"PB_EditorOutput.pb"
in the client computer during the test
best regard
- Vernostonos
- User
- Posts: 58
- Joined: Thu Jul 02, 2020 9:52 pm
Re: PureBasic Trojan detected by Windows Defender
I found the windows Firewall to be problematic. I've used Tinywall for years, its lite weight and very easy to use program. You have to set an exception for Firefox and it will work great. Especially in conjunction with software like Sandboxie. Other than Firefox nothing on my computer is allowed to ping the internet. I gave up years ago on Anti-virus software, its slow and by the time it catches anything its often too late. It's much better to use a Virtual machine or sandboxing software for your internet needs and when downloading. Just my 2 cents...
Re: PureBasic Trojan detected by Windows Defender
The Windows %TEMP% folder (where the source is copied by default) is designed to hold temp files like this. It's not a problem or bad practice to do that. That folder is not meant for critical or private files.kernadec wrote:why copy our source code under the name "PB_EditorOutput.pb" in an area accessible to intruders we have not option to prevent this
What do you mean? What proof have you got of this? There's an auto-update check, is that what you mean? This can be disabled.kernadec wrote:i use windows firewall to prevent the IDE connect without my knowledge without giving the reason for this connection