Trojan in Windows Binary (unpacker)

[BloodBaz 0]

Hello,

We've been trying to download the latest (XIV) version of the Windows Binary (14_0_0_ZeroXIV.exe) but we are getting reports of malware (Trojan:Win32/Casdet!rfn) when either downloading or launching the executable.  This is occurring on more than one AV (Sophos is one which reports the issue when you launch the unpacker)

https://sourceforge.net/projects/miniserver/files/Uniform%20Server%20ZeroXIV/14_0_0_ZeroXIV/

Thanks

Chris

[BloodBaz 0]

Microsoft, McAfee, Comodo & Jiangmin also view the installer executable as dangerous.
The files contain 5 malicious and 15 suspicious indicators.

[camilh 0]

the same experience. :-(

[sudeepjd 0]

My apologies for the late reply on this thread. For the ease of use, we have included a couple of AutoIT scripts to make a couple of things easier for users and unfortunately some of the Antivirus programs treat any AutoIT scripts as bad. I have posted an announcement on the Announcements thread. And have submitted this to VirusTotal as well. 

In the next version, we will make these scripts an optional modular include so that the users may include this additional scripts based on their need.

Please be assured that there is no Virus or Malware or Trojan of any kind in UniformServer. All the source code is on our Github repo.

Thanks.

[sudeepjd 0]

In the latest release of UniformServer Zero XIV 14.0.1, we have removed the need for the AutoIT script to hide the MySQL8 Console window. This version should no longer be flagged as a false positive malware.