louis-e
[BUG] Arnis and my antivirus
Describe the bug When I downloaded the exe of arnis my antivirus detects the file as a virus
Used bbox area NA
Arnis and Minecraft version Arnis ver: 2.1.3
Screenshots
More info: When I disabled the antivirus anyway detects the file as a virus
Hi there! As long as you downloaded Arnis from the official page (https://github.com/louis-e/arnis/releases/), there's no need to worry. Here is a virustotal scan of the latest release: https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
Virustotal its collection of 70 antivirus of that file (SHA256) my antivirus detects it depite in virustotal says other thing (says undetected)
Many AVs recognize it as a Trojan.(QD:Trojan.GenericKDQ.B6B24CFDE3) F-Secure says:
"Trojan.GenericKD.2427119 appears to be a ZIP file containing a PDF document, but when extracted, the contained file is an executable program that silently connects to remote servers to download files onto the infected machine. During the analysis, one of the downloaded files attempted to use the machine to send spam email messages."
Can we report this false-positive somewhere?
Interesting, Arnis does not contain any ZIP file nor a PDF document haha! Can you all confirm that you downloaded Arnis from this Github site?
I found these online resources regarding reporting a false-positive: Bitdefender: https://www.bitdefender.com/consumer/support/answer/29358/ F-Secure: https://www.f-secure.com/v-descs/false-positive.shtml
I will look into signing the releases with a certificate in the future!
Tiny edit for the source: https://www.f-secure.com/v-descs/trojan-generickd-2427119.shtml
Just searched for the name that pops-up on VT: https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d/detection
FYI
Hi there! As long as you downloaded Arnis from the official page (https://github.com/louis-e/arnis/releases/), there's no need to worry. Here is a virustotal scan of the latest release: https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
then why when you send file to VT then its say trojan ? link to scan of VT
Hi there! As long as you downloaded Arnis from the official page (https://github.com/louis-e/arnis/releases/), there's no need to worry. Here is a virustotal scan of the latest release: https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
then why when you send file to VT then its say trojan ? link to scan of VT
Hi my friend. I will try to explain you the best i can.
This is not a virus, it is a "false-positive". The antivirus programs share a database, if one of them says that this is a virus, others will also think so.
They think its a virus, because this program (arnis) is downloading data from openstreetmap and building a minecraft world.
The Antivirus providers (f-secure) have explained, that the Trojan (Trojan.GenericKDQ.B6B24CFDE3) is acting like a PDF. But when opened it Downloads data from the internet.
This program does also download data from the internet via a API. Thats why it is probably flagged as a Trojan.
I hope this helps you understand
Okej I need to check that’s because I get hacked and it happen the first time on day that I download this app
W dniu wt., 14 sty 2025 o 20:59 sami155 @.***> napisał(a):
Hi there! As long as you downloaded Arnis from the official page ( https://github.com/louis-e/arnis/releases/), there's no need to worry. Here is a virustotal scan of the latest release: https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
then why when you send file to VT then its say trojan ? link to scan of VT https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
Hi my friend. I will try to explain you the best i can.
This is not a virus, it is a "false-positive". The antivirus programs share a database, if one of them says that this is a virus, others will also think so.
They think its a virus, because this program (arnis) is downloading data from openstreetmap and building a minecraft world.
The Antivirus providers (f-secure) have explained, that the Trojan (Trojan.GenericKDQ.B6B24CFDE3) is acting like a PDF. But when opened it Downloads data from the internet.
This program does also download data from the internet via a API. Thats why it is probably flagged as a Trojan.
I hope this helps you understand
— Reply to this email directly, view it on GitHub https://github.com/louis-e/arnis/issues/252#issuecomment-2590991155, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJ4YOW7KDC57R5U6DWS63KD2KVUBRAVCNFSM6AAAAABU43KHCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJQHE4TCMJVGU . You are receiving this because you commented.Message ID: @.***>
Okej I need to check that’s because I get hacked and it happen the first time on day that I download this app
W dniu wt., 14 sty 2025 o 20:59 sami155 @.***> napisał(a):
Hi there! As long as you downloaded Arnis from the official page ( https://github.com/louis-e/arnis/releases/), there's no need to worry. Here is a virustotal scan of the latest release: https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
then why when you send file to VT then its say trojan ? link to scan of VT https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
Hi my friend. I will try to explain you the best i can.
This is not a virus, it is a "false-positive". The antivirus programs share a database, if one of them says that this is a virus, others will also think so.
They think its a virus, because this program (arnis) is downloading data from openstreetmap and building a minecraft world.
The Antivirus providers (f-secure) have explained, that the Trojan (Trojan.GenericKDQ.B6B24CFDE3) is acting like a PDF. But when opened it Downloads data from the internet.
This program does also download data from the internet via a API. Thats why it is probably flagged as a Trojan.
I hope this helps you understand
— Reply to this email directly, view it on GitHub https://github.com/louis-e/arnis/issues/252#issuecomment-2590991155, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJ4YOW7KDC57R5U6DWS63KD2KVUBRAVCNFSM6AAAAABU43KHCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJQHE4TCMJVGU . You are receiving this because you commented.Message ID: @.***>
What exactly did happen? How are you sure that you got hacked?
Probably when its downloading from an API its the moment when the antivirus detects it and block the "threat" specifically overpass Api from OSM (open street map)
On the day when I downloaded software I get logged to my accounts like steam Ubisoft and change passwords and I can’t login to it
W dniu wt., 14 sty 2025 o 23:04 sami155 @.***> napisał(a):
Okej I need to check that’s because I get hacked and it happen the first time on day that I download this app
W dniu wt., 14 sty 2025 o 20:59 sami155 @.***> napisał(a):
Hi there! As long as you downloaded Arnis from the official page ( https://github.com/louis-e/arnis/releases/), there's no need to worry. Here is a virustotal scan of the latest release:
https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
then why when you send file to VT then its say trojan ? link to scan of VT
https://www.virustotal.com/gui/file/a2f8ad419ce27d3109e9f955cc26c6131f6b70f2946bdb93119170fc6af3b82d
Hi my friend. I will try to explain you the best i can.
This is not a virus, it is a "false-positive". The antivirus programs share a database, if one of them says that this is a virus, others will also think so.
They think its a virus, because this program (arnis) is downloading data from openstreetmap and building a minecraft world.
The Antivirus providers (f-secure) have explained, that the Trojan (Trojan.GenericKDQ.B6B24CFDE3) is acting like a PDF. But when opened it Downloads data from the internet.
This program does also download data from the internet via a API. Thats why it is probably flagged as a Trojan.
I hope this helps you understand
— Reply to this email directly, view it on GitHub #252 (comment) https://github.com/louis-e/arnis/issues/252#issuecomment-2590991155, or unsubscribe
https://github.com/notifications/unsubscribe-auth/BJ4YOW7KDC57R5U6DWS63KD2KVUBRAVCNFSM6AAAAABU43KHCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJQHE4TCMJVGU . You are receiving this because you commented.Message ID: @.***>
What exactly did happen? How are you sure that you got hacked?
— Reply to this email directly, view it on GitHub https://github.com/louis-e/arnis/issues/252#issuecomment-2591196435, or unsubscribe https://github.com/notifications/unsubscribe-auth/BJ4YOW4DVEVUG5OFV6PIWKT2KWCXDAVCNFSM6AAAAABU43KHCWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJRGE4TMNBTGU . You are receiving this because you commented.Message ID: @.***>
I just got a warning from windows defender and then i uploaded it to triage and triage gave it a score of 6/10 https://tria.ge/250119-vywteaxqay/behavioral1 also, why would it scan my local network?
I just got a warning from windows defender and then i uploaded it to triage and triage gave it a score of 6/10 https://tria.ge/250119-vywteaxqay/behavioral1 also, why would it scan my local network?
Ein unerwünschtes Programm ist kein Virus. Keine Ahnung wieso es das locale Netz scannt. Schau mal mit dem microsoft process Explorer oder wireshark drüber.
At least for my AV (Bitdefender) wont detect arnis as a virus but if you have this AVs Antiy-AVL Arcabit Cylance DeepInstinct Fortinet Google Gridinsoft (no cloud) Ikarus MaxSecure Microsoft (Windows defender) Skyhigh (SWG) Trellix (ENS) Its probably that antivirus detects arnis as an virus (false positive)
Like already discusses here, unfortunately the last release was marked as a false-positive by a few anti virus softwares like mentioned before in this issue. We are discussing it in https://github.com/louis-e/arnis/issues/292. However, I'll release a new version in a few hours / days which hopefully fixes this! :)