Hofknecht
systemTrayMenu v1.3.5.0, VirusTotal.com reports, Trojan.Win64.MSIL_Heur.A
Please advise
systemTrayMenu 1.3.5.0 downloaded from https://github.com/Hofknecht/SystemTrayMenu/releases (direct download link = https://github.com/Hofknecht/SystemTrayMenu/releases/download/v1.3.5.0/SystemTrayMenu-1.3.5.0.zip)
Scanned by VirusTotal.com https://www.virustotal.com/gui/file/3a2590df848b8e691dbd4bf2df5e893ff5b68b5a75226e88eeddd0e08be21bd3
claims to test positive for Trojan.Win64.MSIL_Heur.A
Hello @DrHariSeldon
Thank you for reaching out to issues here that i can see it. i wrote them that it is flagged false positive,
Your request has been received and is being reviewed by our staff, it has been assigned the following identifier: 324831.
If
you do not hear from us within a reasonable time please follow up
making use of this thread, it could well be that our response ended up
in your spam folder. If you did not use our web form to submit your
request please make use of it in your follow up, this is also something
you can do to expedite your request:
https://www.virustotal.com/gui/contact-us
To add additional comments, reply to this email.
Your request has been received and is being reviewed by our staff, it has been assigned the following identifier: 324831.
If you do not hear from us within a reasonable time please follow up making use of this thread, it could well be that our response ended up in your spam folder. If you did not use our web form to submit your request please make use of it in your follow up, this is also something you can do to expedite your request: https://www.virustotal.com/gui/contact-us
To add additional comments, reply to this email.
Markus
Aug 14, 2025, 11:39 PM GMT+2
Subject: false-positive Email: [email protected] Text:
Hello i am the owner of the open source software SystemTrayMenu a user reported that flagged as false positive here at www.virustotal.com see
Please advise
systemTrayMenu 1.3.5.0 downloaded from https://github.com/Hofknecht/SystemTrayMenu/releases (direct download link = https://github.com/Hofknecht/SystemTrayMenu/releases/download/v1.3.5.0/SystemTrayMenu-1.3.5.0.zip)
Scanned by VirusTotal.com https://www.virustotal.com/gui/file/3a2590df848b8e691dbd4bf2df5e893ff5b68b5a75226e88eeddd0e08be21bd3
claims to test positive for Trojan.Win64.MSIL_Heur.A
== supportTarget === Others
i got an answer from VirusTotal
| Javier Ramirez (VirusTotal) Aug 18, 2025, 7:29 AM GMT+2 Hello, VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. 1/60 and even 5/60 doesn’t automatically mean “Bad”, and 0/60 doesn't always mean good. Each decision on whether something is malicious ultimately the responsibility of users or the security vendors who use the data to improve their services. Below are the steps to take if you want to fix a false positive report. If the false positive is for a File or a URL try re-scanning first.If the false positive persists please reach out to the vendor that is producing it providing a link to the Virustotal report. List of vendor contacts can be found at the table below.If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans.We cache some URL results. If vendors have confirmed removal but a URL is still detecting, please reach out to us along with evidence that the vendor has removed your URL from the blacklist, as we may be able to speed up propagation. You can find a list of false positives contacts in the following link:https://docs.virustotal.com/docs/false-positive-contacts Best Regards, Javier Ramirez - VirusTotal - www.virustotal.com -- | -- Javier Ramirez (VirusTotal)
Aug 18, 2025, 7:29 AM GMT+2 Hello,
VirusTotal only aggregates data from a variety of vendors. We produce no verdicts of our own and as such, we can’t modify these results. We are not intended to be an authoritative reputation engine, but rather provide intelligence and context to users so that they can make the best decision. 1/60 and even 5/60 doesn’t automatically mean “Bad”, and 0/60 doesn't always mean good. Each decision on whether something is malicious ultimately the responsibility of users or the security vendors who use the data to improve their services.
Below are the steps to take if you want to fix a false positive report.
If the false positive is for a File or a URL try re-scanning first.
If the false positive persists please reach out to the vendor that is producing it providing a link to the Virustotal report. List of vendor contacts can be found at the table below.
If you do reach out to us, we will tell you to reach out to the vendors, as we will not be able to modify any results of scans.
We cache some URL results. If vendors have confirmed removal but a URL is still detecting, please reach out to us along with evidence that the vendor has removed your URL from the blacklist, as we may be able to speed up propagation.
You can find a list of false positives contacts in the following link: https://docs.virustotal.com/docs/false-positive-contacts
Best Regards,
Javier Ramirez - VirusTotal - www.virustotal.com
so i need to write to: Acronis (Static ML)
i wrote to Acronis | [email protected]
Hello i am the owner of the open source software SystemTrayMenu a user reported that flagged as false positive here at www.virustotal.com see
Please advise
systemTrayMenu 1.3.5.0 downloaded from https://github.com/Hofknecht/SystemTrayMenu/releases (direct download link = https://github.com/Hofknecht/SystemTrayMenu/releases/download/v1.3.5.0/SystemTrayMenu-1.3.5.0.zip)
Scanned by VirusTotal.com https://www.virustotal.com/gui/file/3a2590df848b8e691dbd4bf2df5e893ff5b68b5a75226e88eeddd0e08be21bd3
claims to test positive for Trojan.Win64.MSIL_Heur.A
https://github.com/Hofknecht/SystemTrayMenu/issues/555
Best Regards
Markus
Acronis answered they don't have any detection, so i wrote VirusTotal and Acronis again:
Hello VirusTotal, Hello Acronis,
when i scan again (today, now)
(direct download link = https://github.com/Hofknecht/SystemTrayMenu/releases/download/v1.3.5.0/SystemTrayMenu-1.3.5.0.zip)
it still shows:
Trojan.Win64.MSIL_Heur.A Acronis (Static ML)
VirusTotal wrote me (see 250818 [VirusTotal] Re My site_file has been improperly flagged as harmful (fals...ht.eu).eml) that i should contact their vendor which is Acronis
contact from VirusTotal from here https://docs.virustotal.com/docs/false-positive-contacts
Acronis wrote today (see mail below) that they don't have any detection on
Please, Acronis and VirusTotal, advice me how to solve
https://www.virustotal.com/gui/file/3a2590df848b8e691dbd4bf2df5e893ff5b68b5a75226e88eeddd0e08be21bd3
Please, can you both clarify and delete this wrong assumption?
The whole code is open source (https://github.com/Hofknecht/SystemTrayMenu/tree/master) and does not contain any Trojan or similar virus!
https://github.com/Hofknecht/SystemTrayMenu/issues/555
The incorrect detection is damaging the reputation of my open-source project SystemTrayMenu, as it causes users to lose trust. I therefore urge you to review and resolve this issue promptly. If no action is taken, we reserve the right to pursue legal measures.
Best Regards
Markus Am 25.08.2025 um 13:18 schrieb Acronis Cyber Security Lab:
Hello,
We don’t have any detection on your sample.
Regards,
Acronis Cyber Security Lab
@Hofknecht
You seem to have misread the malware report from VirusTotal.com, and you're going in the wrong direction for any corrections. The link provided above, as well as the report generated when I resubmitted the "SystemTrayMenu-1.3.5.0.zip" file, shows detection of malware named "Trojan.Win64.MSIL_Heur.A" by VirIT, an Italian antivirus software vendor, not Acronis.
So now we're dealing with a much lesser-known company that is probably only included because of VirusTotal's "everything but the kitchen sink" approach to their extremely wide selection of data points for the compiled malware reports. I then pursued this one step further, asking Google's AI interface this question... "Does VirIT have a good reputation for malware detection accuracy? Does it often report false positives?"
After reading Google's response to that question below, you might agree with me that further action to correct this malware false positive is neither necessary nor productive. In my mind, you have a higher reputation than VirIT does. I captured the Google response as an image because it was already so nicely formatted...
I appreciate the effort and hard work responding to my initial post.
Thank you for your responsiveness!