Today Windows Defender detected a trojan virus (Win32/Vagger!rfn) in the kombilo.exe

True threat or false positive?

The check with uploading the executable to www.virustotal.com shows no threat.

Thanks for the notice.

I am very confident that this is a false positive, as far as the installer is concerned: I checked that the exe files which can be downloaded from u-go.net have not been compromised (same md5sum as my local copies). In particular, they have not changed recently.

Also, the Windows build process runs in an isolated environment (not on one of my computers, but in an AppVeyor container - this is a service which offers a Windows build environment in isolated virtual machines). It seems very unlikely that a trojan got into the installer in that way. It is even more unlikely that it has not been noticed for several months.

(I did not find any substantial information on the Vagger trojan. Could it have infected the system and Kombilo at a later point, i.e., after the installation was finished?)

If someone knows more, further information is of course appreciated.

Best regards, Ulrich

_________________
u-go.net

Thanks for your reply.

The message was only shown once in the windows defender history and windows defender did not show any further warning or current threats.

The microsoft website about this special threat was also offline after a day.

With the negative virustotal check and your feedback I think it was a temporary false positive for now.

Time will tell

the "Windows Defender" alert message.

Today i wanted to start kombilo.exe, but it is actually still put in quarantine by microsoft defender.

I checked again with http://www.virustotal.com and get a detection rate of 10/64:

https://www.virustotal.com/de/file/f0140f71cd033c6f8aa7e91b9d0d7e34885577e6264bcdfc0b9ee90c232496f0/analysis/1507481768/

The last check by somebody else three month ago showed a detection rate of 8/64.

Windows defender does not detect any threat at this moment.

I want to use this thread (also the place seems somewhat inappropriate) to express my gratitude to Ulrich Goertz for the fine Kombilo database program.

There is no alternative in my opinion to Kombilo that provides such a great go learning environment for every go enthusiast.

It feels like always having pro teachers available when you analyse your tactics with this excellent go tool.

Thank you!