Minecraft-Console-Client icon indicating copy to clipboard operation
Minecraft-Console-Client copied to clipboard

Published 20 hours ago verified publisher icon MCCTeam

[BUG] MCC executable is deleted by Windows Defender as it thinks it contains a Trojan Virus

Open dissemin8 opened this issue 1 year ago • 4 comments

Prerequisites

  • [X] I made sure I am running the latest development build
  • [X] I tried to look for similar issues before opening a new one
  • [X] I have set debugmessages=true in config to diagnose my issue
  • [X] I have redacted session tokens and passwords before attaching screenshots

Minecraft Version

1.20.2

Console Client Version

MinecraftClient-20231215-238-win-x64.exe (Latest)

Expected Behavior

I did not expect Windows Defender to detect a virus in MinecraftClient-20231215-238-win-x64.exe It should be noted that I always rename MCC executables to MinecraftClient.exe after download so that is the name that Windows Defender is reporting on in the screenshot.

Actual Behavior

Detected: Trojan:Win32/Znyonm Status: Quarantined Date: 25/12/2023 16:23 Details: This program is dangerous and executes commands from an attacker.

Steps to Reproduce the bug

  1. Run MCC latest 64 bit version for windows
  2. Let Windows Defender run
  3. Windows Defender Quarantines the executable

Attach screenshot here (If applicable)

mccvirus

Anythings that could help diagnosing the bug

I attempted to re-download the latest windows 64 bit executable and Windows Defender immediately quarantined it.  
I then downloaded the latest 32bit version and that works fine. 

I didn't do either of these but am required to tick the boxes in order to be able to submit the issue

" I have set debugmessages=true in config to diagnose my issue *
  I have redacted session tokens and passwords before attaching screenshots * "

Device

Desktop

Operating System

Windows

Server Address (If applicable)

Not Applicable

dissemin8 avatar Dec 26 '23 13:12 dissemin8

Exact same here, windows x64. Defender deleted it yesterday, so I tried redownloading a fresh .exe and it instantly deleted that too. Malwarebytes didn't detect anything.

DreamPhreak avatar Dec 27 '23 01:12 DreamPhreak

Seems like Windows thinks that the Web Socket chat bot is a Remote Code Execution Exploit. I guess I'll have to remove it and who ever wants to use it will have to download it manually. For now you can turn off the live protection and then add the mcc exe as an exception in Windows defender, and then turn the live protection back on.

PS: Make sure you download the MCC binaries only from our Github repository releases section

milutinke avatar Dec 27 '23 13:12 milutinke

The workaround of using MinecraftClient-20231215-238-win-x86.exe is now unusable as this is also now also being flagged by Windows Defender as containing a virus. This time it is
Trojan:Win32/Wacatac.B!ml
but when attempting to download again it is flagged as Trojan:Win32/Znyonm

dissemin8 avatar Jan 01 '24 03:01 dissemin8

I finally will have some free time tomorrow, so I'll deal with this.

milutinke avatar Jan 12 '24 23:01 milutinke