Kombilo Virus warning Trojan:Win32/Vagger!rfn

Gomoto · Post by **Gomoto** » Wed Sep 27, 2017 9:40 am

Today Windows Defender detected a trojan virus (Win32/Vagger!rfn) in the kombilo.exe

True threat or false positive?

Gomoto · Post by **Gomoto** » Wed Sep 27, 2017 10:04 am

The check with uploading the executable to www.virustotal.com shows no threat.

ugoertz · Post by **ugoertz** » Wed Sep 27, 2017 10:45 am

Gomoto wrote:Today Windows Defender detected a trojan virus (Win32/Vagger!rfn) in the kombilo.exe

True threat or false positive?

Thanks for the notice.

I am very confident that this is a false positive, as far as the installer is concerned: I checked that the exe files which can be downloaded from u-go.net have not been compromised (same md5sum as my local copies). In particular, they have not changed recently.

Also, the Windows build process runs in an isolated environment (not on one of my computers, but in an AppVeyor container - this is a service which offers a Windows build environment in isolated virtual machines). It seems very unlikely that a trojan got into the installer in that way. It is even more unlikely that it has not been noticed for several months.

(I did not find any substantial information on the Vagger trojan. Could it have infected the system and Kombilo at a later point, i.e., after the installation was finished?)

If someone knows more, further information is of course appreciated.

Best regards, Ulrich

Gomoto · Post by **Gomoto** » Tue Oct 03, 2017 9:27 am

Thanks for your reply.

The message was only shown once in the windows defender history and windows defender did not show any further warning or current threats.

The microsoft website about this special threat was also offline after a day.

With the negative virustotal check and your feedback I think it was a temporary false positive for now.

Time will tell

jptavan · Post by **jptavan** » Tue Oct 03, 2017 9:40 am

the "Windows Defender" alert message.

Gomoto · Post by **Gomoto** » Sun Oct 08, 2017 9:13 am

Today i wanted to start kombilo.exe, but it is actually still put in quarantine by microsoft defender.

I checked again with http://www.virustotal.com and get a detection rate of 10/64:

https://www.virustotal.com/de/file/f014 ... 507481768/

The last check by somebody else three month ago showed a detection rate of 8/64.

Windows defender does not detect any threat at this moment.

Gomoto · Post by **Gomoto** » Wed Oct 11, 2017 1:23 pm

I want to use this thread (also the place seems somewhat inappropriate) to express my gratitude to Ulrich Goertz for the fine Kombilo database program.

There is no alternative in my opinion to Kombilo that provides such a great go learning environment for every go enthusiast.

It feels like always having pro teachers available when you analyse your tactics with this excellent go tool.

Thank you!

Life In 19x19

Kombilo Virus warning Trojan:Win32/Vagger!rfn

Kombilo Virus warning Trojan:Win32/Vagger!rfn

Re: Kombilo Virus warning Trojan:Win32/Vagger!rfn

Re: Kombilo Virus warning Trojan:Win32/Vagger!rfn

Re: Kombilo Virus warning Trojan:Win32/Vagger!rfn

Re: Kombilo Virus warning Trojan:Win32/Vagger!rfn

Re: Kombilo Virus warning Trojan:Win32/Vagger!rfn

Re: Kombilo Virus warning Trojan:Win32/Vagger!rfn