Gomoto wrote:
Today Windows Defender detected a trojan virus (Win32/Vagger!rfn) in the kombilo.exe
True threat or false positive?
Thanks for the notice.
I am very confident that this is a false positive, as far as the installer is concerned: I checked that the exe files which can be downloaded from u-go.net have not been compromised (same md5sum as my local copies). In particular, they have not changed recently.
Also, the Windows build process runs in an isolated environment (not on one of my computers, but in an AppVeyor container - this is a service which offers a Windows build environment in isolated virtual machines). It seems very unlikely that a trojan got into the installer in that way. It is even more unlikely that it has not been noticed for several months.
(I did not find any substantial information on the Vagger trojan. Could it have infected the system and Kombilo at a later point, i.e., after the installation was finished?)
If someone knows more, further information is of course appreciated.
Best regards, Ulrich