liteide gotools - trojan - windows version

trafficstars

Apr 29 '20 18:04 bellagio

Can you post the SHA256 of the file?

Or maybe have you tried to submit this to i.e. virustotal? Could be false positive.

May 01 '20 03:05 rusq

please download liteidex37.1-1.windows-qt5.9.5.zip (build for Go1.14.1)
build gotools self go get -u github.com/visualfc/gotools go get -u github.com/visualfc/gocode

Windows/Linux: copy GOPATH/bin gotools and gocode to liteide/bin

May 01 '20 10:05 visualfc

Bump up, I got same issue here. Checked in virustotal, liteidex37.1.windows-qt5.9.5. got 9 from 72 scan and liteidex37.1-1.windows-qt5.9.5 got 13 issue

liteidex37.1.windows-qt5.9.5 liteidex37.1-1.windows-qt5.9.5

Its contacting 192.168.122.104 ,

192.168.122.104

but I think, no severed case from that ip. Maybe google just collecting data. Any one with same experience?

(edit) https://www.virustotal.com/gui/file/ad27cc8fa1ccce84d03ffd1bd3f4843e188f398f6536819d19e8f48013322a31/detection

May 01 '20 17:05 behindthecodex

nice. all .exe files are infected Annotation 2020-05-06 003452

May 05 '20 21:05 stvoidit

virus delete by mcafee

May 06 '20 06:05 westfly

I have a feeling that this is a false positive based on signature match that spooks the antivirus software. There is a discussion on Google Groups where people are facing the same detection when checking the "Windows/386 binaries built with -ldflags -s -w"

@visualfc can you please provide the exact steps that are used to build the windows version of gocode and gotools files that are bundled in this archive so we could try and replicate this?

Probably these:

environment used to build it, i.e. linux container or windows vm with version
go toolset used
command line flags
script that executes the build

Is the script to build it somewhere in this repo?

May 06 '20 06:05 rusq

@rusq https://github.com/visualfc/liteide/blob/x37.1/build/build_windows_386_mingw32.cmd https://github.com/visualfc/liteide/blob/x37.1/build/build_windows_mingw32.cmd go install -ldflags "-s" -v github.com/visualfc/gotools ...

May 06 '20 11:05 visualfc

remove -ldflags "-s" and rebuild. https://github.com/visualfc/liteide/releases/download/x37.1/liteidex37.1-2.windows-qt5.9.5.zip

May 06 '20 11:05 visualfc

remove -ldflags "-s" and rebuild. https://github.com/visualfc/liteide/releases/download/x37.1/liteidex37.1-2.windows-qt5.9.5.zip

I downloaded and it looks good.

May 06 '20 17:05 bellagio

remove -ldflags "-s" and rebuild. https://github.com/visualfc/liteide/releases/download/x37.1/liteidex37.1-2.windows-qt5.9.5.zip

Does not look good to me, still have the same threat warning

update: building those 2 works, its also mentioned above already: go get -u github.com/visualfc/gotools go get -u github.com/visualfc/gocode

May 07 '20 17:05 marang

the problem is still not solved https://www.virustotal.com/gui/file/0ac4acfdcdc2bbafbf500fe594603a6fc369cd6369e1da39ef66a7c34ef01963/detection please build new working version without virus detection Thank you!

Jul 06 '20 08:07 rghenciu

the problem is still not solved https://www.virustotal.com/gui/file/0ac4acfdcdc2bbafbf500fe594603a6fc369cd6369e1da39ef66a7c34ef01963/detection please build new working version without virus detection Thank you!

did you try to build gotools an gocode by yourself? go get -u github.com/visualfc/gotools go get -u github.com/visualfc/gocode

Jul 06 '20 15:07 marang

For me its gomodifytags.exe

Jul 16 '20 21:07 balakrishnangithub

For me its gomodifytags.exe

can confirm, getting the same warning. by downloading, extracting and scanning. run: go get -u -v github.com/fatih/gomodifytags and go install github.com/fatih/gomodifytags go to your build directory and scan it there, no trojan found -> copy gomodifytags.exe to your liteide\bin\ directory

Jul 16 '20 21:07 marang

https://github.com/visualfc/liteide/releases/download/x37.1/liteidex37.1-3.windows-qt5.9.5.zip

Jul 25 '20 14:07 visualfc

liteide liteide copied to clipboard

gotools - trojan - windows version

liteide
liteide copied to clipboard