afropino Posted September 27, 2017 Posted September 27, 2017 (edited) I'm not even sure what happened. Updated 2 days ago, everything was fine. I just boot up my PC and this happens. PKHeX had an error opening and the alert kept going off. Is this an isolated incident or was there a problem in the files? edit: redownloaded PKHeX and it opens just fine. Hopefully it stays that way tomorrow. Edited September 27, 2017 by afropino There's been a change in the situation.
JHorbach Posted September 27, 2017 Posted September 27, 2017 No way. https://www.virustotal.com/pt/file/77a26c65f82373c1e7b942d91bbd6ad8c191ae07eab897497260ab0b360697b3/analysis/1506556488/ 1
afropino Posted September 27, 2017 Author Posted September 27, 2017 Yeah, I have no clue what happened. It's going fine so far. Might've just been Windows losing it's mind again.
Sahaade Posted September 28, 2017 Posted September 28, 2017 I got the same trojan when i tried to open pkhex. what i did was delete it and return to an old version. kinda sucks that you get hacked now instead of the pokemon getting hacked.
Sabresite Posted September 28, 2017 Posted September 28, 2017 I always download from our team city and never had any issues. Guaranteed there is no malware. Not sure why the false positive.
afropino Posted September 28, 2017 Author Posted September 28, 2017 Yeah, something is clearly up with Windows Defender and false positives. Booted it up today and claimed the dll was a Trojan yet again.
Sabresite Posted September 29, 2017 Posted September 29, 2017 Since anyone can verify the code, compile their own, or get it from teamcity's auto-compilation system, it is definitely a false positive. Too bad.
rah913 Posted September 29, 2017 Posted September 29, 2017 (edited) I just wanted to add to this - I've always downloaded PKHeX from here whenever there's an update and never had any false positive issues, even after it was rewritten and the dll added to the program. The 9/22 update was the first time I got that same trojan warning from Windows 10 on the pkhex.core.dll. I downloaded it again from here and still got the same trojan notification for it. When I went over to teamcity and got the latest one from there, I was able to download it with no warning and a scan of the files from teamcity didn't find anything. Is there a possibility that the version hosted here is compromised? Edited September 29, 2017 by rah913
Kaphotics Posted September 29, 2017 Posted September 29, 2017 Last updated 7 days ago, didn't hear of it until ~36 hours ago. Edit history doesn't show the file as changed since last week, so it's very likely a misclassification. The teamcity builds are more up to date and have a different dll signature (because the code has been updated with fixes and does not have release optimizations enabled), hence why it may not be flagged the same as the release build.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now