New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malware alert for the latest update (v 1.9.2.1 (01 apr 2024)) #675
Comments
Good morning, Since the last signature update on bitdefender, files are quarantined. Immediately after unzipping the package, the following files are quarantined due to the presence of "Gen:variant.tedy.563328" and "Trojan.GenericKD.72190921": kntLauncher This does not necessarily concern the latest version of Keynote NF Thank you for resolving this blocking problem when using Keynote NF. Good day |
Could you indicate which BitDefender product you have, so I can report it as a false positive? For example, if I look at virustotal, as @uzzer123 indicates, BitDefender marks it as malware. However, Bitdefender itself marks it as clean when it analyzes the same file by reading it through the URL published on GitHub... https://github.com/dpradov/keynote-nf/releases/download/v1.9.2.1/KeyNote.NF_1.9.2.1.zip https://github.com/dpradov/keynote-nf/releases/download/v1.9.2.1/kntSetup_1.9.2.1.exe This has already been happening with other versions and it is very tiring. As I indicate yesterday to other user by email, when I prepared the files I uploaded, the only more or less "serious" engine that marked it as malicious was "BitDefender", with a supposed virus called "Gen:Variant.Tedy" which is not the first time BitDefender has marked it incorrectly: And for other similar cases, please take a look at: |
I also found this link for the declaration |
I tried to download KeyNote.NF_1.9.2.1.zip with Microsoft Edge on 4/2 and Windows Defender thought it was a 'severe' threat, based on the file inside the archive named kntutils.dll. On 4/3, I downloaded the zip file with wget to a directory that I have configured as an exclusion from Windows Defender. Then I copied the zip file to my desktop, and nothing seemed to happen. But when I extracted the zip, then Windows Defender had a problem with the file named kntLauncher.exe, which it also thinks is a 'severe' threat, but it lists a different trojan this time. I have no doubt these are false positives, but this is a much bigger problem than some third-party malware detection software misbehaving, as this is Windows Defender itself doing this now, and immediately quarantining the file upon download. I would assume this now affects anyone running Windows 10 (or 11 presumably). I'm sorry you have to deal with this, as I'm sure it's very irritating. Thank you for your efforts in regard to keeping this program updated, and also for dealing with these headaches. |
I personally update the version that I use on my computer with the installer (kntSetup_1.9.2.1.exe). TouchDate=2024-04-01 Therefore, if I check the kntLauncher.exe file that I have in my installation folder it corresponds to 03/07/24 21:00 instead of the one that it is in the last .zip file (and inside the installer), which corresponds. I wonder if that's what's causing him to be flagged as a suspect, which would surprise me. I say all this in case you want to try using the previous version of those two files together with the current version of KeyNote (keynote.exe), where logically there are necessary changes. |
The fact is that I have W11 with updated Windows Defender and it does not detect any viruses if I ask it to scan the .zip file or the previous kntLauncher.exe, for example. However, it is true that now even through virustotal it is marking the initial version of kntLauncher.exe as suspicious (when before it was marked as correct). In case anyone is curious, the code for kntLauncher.exe is very simple. Is here: What it does is try to locate and activate a previous instance of Keynote.exe that could already be executing the .knt file that it is asked to open, for which it consults that instance. If the title parameter has been passed in the call to kntLauncher (recommended), it is used to directly locate the KeyNote instance based on the ClassName of the window and the title, with the Windows FindWindow API. Otherwise, it uses the Windows API EnumWindowsProc to locate the main window of the processes launched by KeyNote (based on its ClassName) and to be able to ask them if they have the requested .knt file open. |
Curiously, after doing the following, my own Windows also started complaining: After this and restarting, I scanned the .zip file I have locally with Defender (the same one I uploaded to GitHub) and it did not find any threat. 2- I have downloaded the .zip file from GitHub When I downloaded that same file from GitHub, Defender gave me a virus warning. And after that, even for the same previous file in which a second before it did not see any threat, it now sees it. ??? I will report it to Microsoft 😒 I will also check it with the other files you point out. |
I have already reported the two files (kntLauncher.exe and kntutils.dll) to Microsoft. Let's see how long it takes them to respond to me. |
I have also reported false positives on those files to BitDefender. |
I have applied what they indicate and it has worked. I have also passed those two files through virustotal.com again and Microsoft already returns Undetected |
I just reported it as a false positive also to Google (it also marks the file KeyNote.NF_1.9.2.1.zip as a virus when I try to attach it in Gmail) |
I just updated the signature files of Windows Defender via it's update definition function and now it correctly doesn't mark Keynote as a virus. |
Yes, I can also confirm that Windows Defender is no longer giving me any hassles about KeyNote NF since I purged the cached detections and updated to the latest definitions. Thank you for addressing Microsoft's mistake and for everything you've done to keep this program updated after the previous developer stopped. |
I'm using the antivirus that comes with Windows 10, and yes it's updated to the latest. The only way for me to get rid of the warnings is to add the exe to the whitelist. |
I got malware alert by Windows when trying to downloading the latest version of KeynoteNF. I also scanned the file through Virustotal and this is what I got:
The text was updated successfully, but these errors were encountered: