ChocoButler icon indicating copy to clipboard operation
ChocoButler copied to clipboard
verified publisher icon cokelid

Kaspersky reports trojan during ChocoButler install

Open FlyMyPG opened this issue 3 years ago • 1 comments

Environment: Fully updated Win10, Chocolately, ChocolatelyGUI image

ChocoButler: image

Threat: https://threats.kaspersky.com/en/threat/Trojan.Win32.Sdum/

image

FlyMyPG avatar May 17 '22 15:05 FlyMyPG

"C:\ProgramData\chocolatey\bin\chocobutler.bat.exe" appears to be some kind of executable wrapping one or more scripts.

Given that I know nothing about Chocolatey internals or ChocoButler scripting, my guess is that this is generated as part of the ChocoButler packaging process or the Chocolatey installation process.

It may not be due to any of the ChocoButler scripts, but I don't know enough to tell for sure.

FlyMyPG avatar May 18 '22 18:05 FlyMyPG