Page 1 of 3

Windows Defender Detects Trojan

Posted: Thu Aug 03, 2017 11:37 pm
by sotokage
When I try to install the new Windows client, Windows Defender flags the install package as containing a trojan:

Trojan:Win32/Sprisky.U!cl

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.

Items:
containerfile:C:\Users\USER\Downloads\tukui-windows-3020.zip
file:C:\Users\USER\Downloads\tukui-windows-3020.zip->setup.exe
webfile:C:\Users\Steve\Downloads\tukui-windows-3020.zip|https://www.tukui.org/client/windows/tu ... broker.exe

Just a heads up...

Windows Defender Detects Trojan  [Accepted Answer]

Posted: Thu Aug 03, 2017 11:41 pm
by Blazeflack
False positive. Feel free to scan it on virustotal.com. You may want to submit the file to microsoft to get it whitelisted or simply whitelist it yourself.

Windows Defender Detects Trojan

Posted: Wed Sep 13, 2017 2:26 am
by Skkittlebomb
Same thing has happened to me on 2 different pc's this week =(

Windows Defender Detects Trojan

Posted: Wed Sep 13, 2017 2:42 am
by Tukz
It’s false positive but next update should not display this warning anymore, which should be available tonight.

Windows Defender Detects Trojan

Posted: Wed Sep 13, 2017 11:27 am
by Elv
Let me know if it happens on v3.0.5.

Windows Defender Detects Trojan

Posted: Thu Sep 14, 2017 11:09 pm
by Elv
If you are getting a message, are you updating via the prompt the client gives or by downloading directly from the website. If you get a detection from the client prompt could you try to download directly from the website and tell me if it still happens?

AVG Detects Malware

Posted: Fri Sep 15, 2017 8:13 pm
by Kytak
Ok, I did originally post a comment here about AVG also reporting an issue for v3.0.5 ( and the previous version, and the subsequent one ) but as this was really about Windows Defender I removed my comment and created a new post specific to AVG but was then asked to use this thread anyway. So, to recap, I got the same problem with the updated client from yesterday. I originally downloaded from the new client from the new Tukui website ( after it was rebuilt ) and since then the updates have been automatically detected by the client and so presumably that is getting it from the Tukui site. With each new update ( well the last 3 anyway, but not the original for sure ) AVG has complained. I've created an exception in AVG each time.

Windows Defender Detects Trojan

Posted: Fri Sep 15, 2017 8:56 pm
by Castalia
Does this still occur if you uninstall the client and do a clean install after downloading the latest client from the site directly?

Windows Defender Detects Trojan

Posted: Sat Sep 16, 2017 12:57 am
by Kytak
I'll try that and get back to you. Awaiting a big download to complete so will be over the weekend.

AVG Detects Trojan

Posted: Sat Sep 16, 2017 3:54 pm
by Kytak
I uninstalled it and reinstalled again from the Tukui website. So far no warning from AVG during the installation.
I didn't get one when I installed it previously after the Tukui website rebuild. I'd have reported it otherwise.
The warnings only started appearing with very recent client initiated updates. I'll let you know what happens next time there is a Tukui Client initiated update.

History: Originally I had the Tukui Client from the previous Tukui website that got hacked, then that client got replaced by a new one from the new rebuilt Tukui website. No warnings were reported by AVG for any of those installs. IIRC there were a couple of updates to the new client in the first day or so of the new Tukui rebuilt website coming online and none of those new tukui client initiated updates caused any problems for AVG. Its only been the last 3 ( so the last week or so ??) of tukui client initiated updates that caused AVG to complain.

I have to ask what is it that you have modified in the clients source tree to introduce/remove this false positive?