Virus reported in msys2-x86_64-20200719.exe - "Trojan:Win32/Tnega.AMK!MSR" #11
Comments
|
Thanks. I guess a false positive based on https://www.virustotal.com/gui/file/e341cb1968af1216f4eace5bae0b88966c50ce7c47e44274da4214b37cb9626f/detection I've put out a new release: https://github.com/msys2/msys2-installer/releases/tag/2020-07-20 -> https://www.virustotal.com/gui/file/ad6b58b355a852d9df7c6dc2722d0eca139042cf262ae7363e0a5e7dd2a6c5c9/detection |
|
So, while I sadly don't have the checksums of the files when they were created on azure pipelines to ensure they weren't modified between build and release I had the github release API responses cached in my browser, and at least the filesize matches between the old nightly tag asset and the release: Old Nightly: {
"url": "https://api.github.com/repos/msys2/msys2-installer/releases/assets/23019157",
"id": 23019157,
"node_id": "MDEyOlJlbGVhc2VBc3NldDIzMDE5MTU3",
"name": "msys2-x86_64-20200719.exe",
"label": "",
"uploader": {
"login": "lazka",
"id": 991986,
"node_id": "MDQ6VXNlcjk5MTk4Ng==",
"avatar_url": "https://avatars2.githubusercontent.com/u/991986?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/lazka",
"html_url": "https://github.com/lazka",
"followers_url": "https://api.github.com/users/lazka/followers",
"following_url": "https://api.github.com/users/lazka/following{/other_user}",
"gists_url": "https://api.github.com/users/lazka/gists{/gist_id}",
"starred_url": "https://api.github.com/users/lazka/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/lazka/subscriptions",
"organizations_url": "https://api.github.com/users/lazka/orgs",
"repos_url": "https://api.github.com/users/lazka/repos",
"events_url": "https://api.github.com/users/lazka/events{/privacy}",
"received_events_url": "https://api.github.com/users/lazka/received_events",
"type": "User",
"site_admin": false
},
"content_type": "application/x-msdownload",
"state": "uploaded",
"size": 91931862,
"download_count": 2,
"created_at": "2020-07-19T07:12:31Z",
"updated_at": "2020-07-19T07:12:38Z",
"browser_download_url": "https://github.com/msys2/msys2-installer/releases/download/nightly-x86_64/msys2-x86_64-20200719.exe"
},Release: {
"url": "https://api.github.com/repos/msys2/msys2-installer/releases/assets/23020116",
"id": 23020116,
"node_id": "MDEyOlJlbGVhc2VBc3NldDIzMDIwMTE2",
"name": "msys2-x86_64-20200719.exe",
"label": null,
"uploader": {
"login": "lazka",
"id": 991986,
"node_id": "MDQ6VXNlcjk5MTk4Ng==",
"avatar_url": "https://avatars2.githubusercontent.com/u/991986?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/lazka",
"html_url": "https://github.com/lazka",
"followers_url": "https://api.github.com/users/lazka/followers",
"following_url": "https://api.github.com/users/lazka/following{/other_user}",
"gists_url": "https://api.github.com/users/lazka/gists{/gist_id}",
"starred_url": "https://api.github.com/users/lazka/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/lazka/subscriptions",
"organizations_url": "https://api.github.com/users/lazka/orgs",
"repos_url": "https://api.github.com/users/lazka/repos",
"events_url": "https://api.github.com/users/lazka/events{/privacy}",
"received_events_url": "https://api.github.com/users/lazka/received_events",
"type": "User",
"site_admin": false
},
"content_type": "application/x-msdownload",
"state": "uploaded",
"size": 91931862,
"download_count": 183,
"created_at": "2020-07-19T07:27:05Z",
"updated_at": "2020-07-19T07:27:43Z",
"browser_download_url": "https://github.com/msys2/msys2-installer/releases/download/2020-07-19/msys2-x86_64-20200719.exe"
},To prevent this kind of uncertainty in the future I've made the nightly job log the checksums and also upload them to the release tag in 6eca2a3 for future builds. |
|
Thanks for your report! |
|
I downloaded the …..720.exe build and everything is showing good. No defender notifications.
Thx!
|
|
Hi I Have Windows 10 1909 at latest version,
trying to use msys2-x86_64-20200720.exe (4901f64b0e47e0ebc9a15145abe57c1e MD5)
|
|
@impeeza This does not seem to be a virus alert. Right click on the downloaded file, select properties, tick the 'Unblock' check box and press OK. |
|
Hi, you are right is not a Virus Alert is a Smart Screen Alert, is based on «Reputation» generally means the file has been downloaded very few times. MS and his big nose... |
Didn't know this was a thing. Perhaps, a notice on the download page would be in order? PS: Have you considered getting an EV code signing certificate? |
Just tried downloading this on Win10 and Defender barfed saying it had the following trojan.
Detected: Trojan:Win32/Tnega.AMK!MSR
Affected items: file: C:\Users\xxxxx\Downloads\msys2-x86_64-20200719.exe
webfile: C:\Users\xxxxx\Downloads\msys2-x86_64-20200719.exe|https://github-production-release-asset-2e65be.s3.amazonaws.com/80988227/0260ba80-c9a2-11ea-8440-329bb71872e1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200719%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200719T225819Z&X-Amz-Expires=300&X-Amz-Signature=3914350bfc5ced016ee78cedaa8f5ae0b413db1544faf0fbae1f7b43a89bb4ae&X-Amz-SignedHeaders=host&actor_id=28606059&repo_id=80988227&response-content-disposition=attachment%3B%20filename%3Dmsys2-x86_64-20200719.exe&response-content-type=application%2Foctet-stream|pid:3088,ProcessStart:132396738872846081
The text was updated successfully, but these errors were encountered: