It is currently March 28th, 2024, 9:35 am

Rainmeter 4.5.3 has a TROJAN detected

Report bugs with the Rainmeter application and suggest features.
mcsteve
Posts: 2
Joined: October 4th, 2021, 12:22 am

Rainmeter 4.5.3 has a TROJAN detected

Post by mcsteve »

User avatar
Brian
Developer
Posts: 2673
Joined: November 24th, 2011, 1:42 am
Location: Utah

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by Brian »

This is most certainly a false positive, and has been discussed on a previous version.
https://github.com/rainmeter/rainmeter/issues/272#issuecomment-908090633

-Brian
mcsteve
Posts: 2
Joined: October 4th, 2021, 12:22 am

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by mcsteve »

The same TROJAN is in new Rainmeter 4.5.4
https://www.virustotal.com/gui/file/31efb6ba0b89be4d73925fa79747e45d96479408f9808edead3b8b787fe79495

Rainmeter is a great product, thanks a lot to the developer.

It is a shame that people see that Trojan detected in the Rainmeter and just skip using it altogether, hoping to return one day when it is fixed.
No one has time to search forums for the explanation.
I also think that it might be a false positive, but I will wait for the next version to be fixed.

One way to fix it is to contact google owned VirusTotal.com and request an Anti-Virus vendor to update virus definition files for the Rainmeter.

Again, thanks to the developer for the great product with the hope the issue be resolved soon.
User avatar
Yincognito
Rainmeter Sage
Posts: 7017
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by Yincognito »

mcsteve wrote: October 4th, 2021, 4:49 pmNo one has time to search forums for the explanation.
And no one has time to consider a false positive detected by just one AV, which is not ESET, not Kaspersky, not BitDefender, heck, not even Avast (which also sometimes yields false positives), but ... VBA32. Really?! FYI, this is precisely why VirusTotal and other online scanners use multiple AV engines to scan a file: because only a few AV vendors are top ones, and even then, a file usually contains a virus if most AVs (and especially the top ones) detect it as such.
mcsteve wrote: October 4th, 2021, 4:49 pmI also think that it might be a false positive, but I will wait for the next version to be fixed.
You'll probably have to wait for much longer, LOL, because I doubt there is something to "fix" here. If anything, that "famous" VBA32 should fix its detection engine, or leave the AV market altogether.

That being said, all the AV vendors lost their credibility the moment they started to flag the PUA / PUP (potentially unwanted application / potentially unwanted program) apps as "infected", regardless of whether they are truly malicious or just used in illegal activities. Currently, no AV vender is a true antivirus maker anymore, since politics, company interests, the tools used in building an app, or simply the "reputation" (read: how well known an app is) of a software or their programmers make the flagging biased and not strictly technical (i.e. based on actual malicious code). The fact that these vendors (or those buying their products) are interested in ... erm, parental controls or other things totally unrelated to virus detection says everything.
mcsteve wrote: October 4th, 2021, 4:49 pmIt is a shame that people see that Trojan detected in the Rainmeter and just skip using it altogether...
In my view, it's a shame when such people consider only the one obsolete AV vendor that incorrectly flagged the product as Trojan instead of ALL THE OTHERS that did not...
User avatar
death.crafter
Rainmeter Sage
Posts: 1399
Joined: April 24th, 2021, 8:13 pm
Contact:

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by death.crafter »

Well, I don't disagree or agree with anyone here, but just saying. And I very much agree that the Trojan detection was false.

Let's say an user uses his skin to read some file from say Documents of an user where he has stored his important relevant information and sends it to himself using webparser. God don't do this please, if anyone is thinking about it after reading it.

Just say he does, then the skin becomes it self a very potent and skilled trojan, which doesn't need soldiers inside. Lmao... This thing had never crossed my mind, up until now :rolmfao:
User avatar
Yincognito
Rainmeter Sage
Posts: 7017
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by Yincognito »

death.crafter wrote: October 7th, 2021, 2:09 am[...] and sends it to himself using webparser.
Are you sure webparser can do that? Last time I checked, webparser could only read a webpage, not write anywhere or send something somewhere. To send some data or a file to someone else, another method would have to be used. Just saying... :D
User avatar
death.crafter
Rainmeter Sage
Posts: 1399
Joined: April 24th, 2021, 8:13 pm
Contact:

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by death.crafter »

Yincognito wrote: October 7th, 2021, 2:25 am Are you sure webparser can do that? Last time I checked, webparser could only read a webpage, not write anywhere or send something somewhere. To send some data or a file to someone else, another method would have to be used. Just saying... :D
In form of queries? But yeah you can't normally do that. You have to setup your own methods to do so... But we have run command and powershell with powerful internet capabilities... And not like there ain't option for custom plugins... So who knows. If someone wants to, he can.

So we better check the skins we run. And avoid closed source unknown plugins as far as possible. Just to be safe.
User avatar
Yincognito
Rainmeter Sage
Posts: 7017
Joined: February 27th, 2015, 2:38 pm
Location: Terra Yincognita

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by Yincognito »

death.crafter wrote: October 7th, 2021, 3:14 am In form of queries? But yeah you can't normally do that. You have to setup your own methods to do so... But we have run command and powershell with powerful internet capabilities... And not like there ain't option for custom plugins... So who knows. If someone wants to, he can.

So we better check the skins we run. And avoid closed source unknown plugins as far as possible. Just to be safe.
Not sure that will pass solid firewalls with restrictive rules, but yeah, I agree with checking the skins we run or the plugins. I already do that, checking the .rmskin archive or minimizing the amount of plugin dependencies. ;-)
User avatar
David8192
Posts: 246
Joined: July 8th, 2021, 11:30 pm
Location: The King's Avenue, Golden Kingdom
Contact:

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by David8192 »

mcsteve wrote: October 4th, 2021, 4:49 pm The same TROJAN is in new Rainmeter 4.5.4
https://www.virustotal.com/gui/file/31efb6ba0b89be4d73925fa79747e45d96479408f9808edead3b8b787fe79495

Rainmeter is a great product, thanks a lot to the developer.

It is a shame that people see that Trojan detected in the Rainmeter and just skip using it altogether, hoping to return one day when it is fixed.
No one has time to search forums for the explanation.
I also think that it might be a false positive, but I will wait for the next version to be fixed.

One way to fix it is to contact google owned VirusTotal.com and request an Anti-Virus vendor to update virus definition files for the Rainmeter.

Again, thanks to the developer for the great product with the hope the issue be resolved soon.
Dude! Trojan, here?. We love to do our beautiful crafting in peace. I don't trust the AV vendors these days. Not even Avast. I made a script once and avast blocked it and then took over the entire system! So I got rid of it and I have never been better. These things just limit your functionality. I craft my own defences.
User avatar
jsmorley
Developer
Posts: 22628
Joined: April 19th, 2009, 11:02 pm
Location: Fort Hunt, Virginia, USA

Re: Rainmeter 4.5.3 has a TROJAN detected

Post by jsmorley »

This is a false positive with just one out of the dozens of antivirus vendors that VirusTotal tests against. This happens from time to time, and it's safe and best to just ignore it and "allow" the executable in the software. Trust me, there is no malware in the Rainmeter setup executable.

The whole antivirus deal is a matter of personal preference, but I resist any calls that you shouldn't necessarily use one. In my view, the Windows Defender stuff that is included with Windows works about as well as anything, but I for one would not recommend just going without entirely.

Protecting your computer is a holistic approach that in my view involves being smart about where you go and what you do on the internet, a really good regular backup, a decent antivirus application, and running something like MalwareBytes from time to time.
Post Reply