Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malware detected from ESET Antivirus #1031

Closed
mack0196 opened this issue Feb 9, 2024 · 5 comments
Closed

Malware detected from ESET Antivirus #1031

mack0196 opened this issue Feb 9, 2024 · 5 comments
Assignees
@alanhamlett
Labels
p0 High Priority

Comments

@mack0196
Copy link

mack0196 commented Feb 9, 2024
edited
Loading

Malware scanning found a trojan in wakatime extension files and disabled the extension.

Real-time file system protection;file;C:\Users\XXX\.wakatime\wakatime-cli-windows-amd64.exe;a variant of WinGo/Agent_AGen.AN trojan;cleaned by deleting;

Event occurred during an attempt to run the file by the application: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe

Could a security audit be performed to verify and clean if found?
@mack0196 mack0196 changed the title Malware detected by Trend Micro Malware detected Feb 9, 2024
@alanhamlett
Copy link
Member

This started happening after we upgraded Go in the wakatime-cli part of the extension. I used this guide to report the false positive to Trend Micro.

@gandarez gandarez transferred this issue from wakatime/visualstudio-wakatime Feb 9, 2024
@github-actions github-actions bot added the triage label Feb 9, 2024
@gandarez gandarez added p0 High Priority and removed triage labels Feb 9, 2024
@mack0196
Copy link
Author

mack0196 commented Feb 10, 2024
edited
Loading

Thanks. I originally said trend micro but we are using eset. Have you filed similar report https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab?

@alanhamlett alanhamlett changed the title Malware detected Malware detected from ESET Antivirus Feb 10, 2024
@alanhamlett
Copy link
Member

Thanks. I originally said trend micro but we are using eset. Have you filed similar report https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab?

I also sent it to ESET and received this response:

Hello,

Thank you for your submission.
It was a false positive which was fixed yesterday.

Regards,

ESET Malware Response Team

@alanhamlett alanhamlett mentioned this issue Feb 10, 2024
Closed
@PaltryProgrammer
Copy link

Infected
Avast Free Antivirus

@alanhamlett
Copy link
Member

It's not showing up as blocked on any major av providers:
https://www.virustotal.com/gui/file/5f308842c8da2cb7c4de041df545327bb493d5d9d9779ceec1351e5a8082869d

As long as you haven't disabled SSL in your ~/.wakatime.cfg then it's safe. Just click More Options and allow it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alanhamlett alanhamlett

Labels
p0 High Priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alanhamlett @gandarez @mack0196 @PaltryProgrammer