I am getting a warning of a Trojan in the latest x64 Windows install, 28.2.2 for PaleMoon, from MS Security Essentials, onto Windows 7.
(Europe site, direct download installer, URL: https://www.palemoon.org/download.php?m ... =installer )
This is said to be the culprit: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fCloxer.D!cl&threatid=2147726003&enterprise=0
It seems unlikely to be a false positive since it is so specific, but then again ...
Would someone else check it?
Trojan warning when installing Palemoon 28.2.2
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Re: Trojan warning when installing Palemoon 28.2.2
They're trying to teach machines to guess... so report it as a false positive, please.This detection, made possible by cloud-based machine learning
Re: Trojan warning when installing Palemoon 28.2.2
False positives can be very specific if a sequence of bytes just happens to be the same as a signature they check for without checking much else.JK9977 wrote:It seems unlikely to be a false positive since it is so specific, but then again ...
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Night Wing
- Knows the dark side
- Posts: 5170
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: Trojan warning when installing Palemoon 28.2.2
satrow wrote:They're trying to teach machines to guess... so report it as a false positive, please.This detection, made possible by cloud-based machine learning
Off-topic:
I hope the people at Microsoft trying to teach their MS Security Essentials cloud based machine to learn and recognize viruses and malware for Windows 7..............are not the same people at Microsoft who worked on the Windows 10 October (November/December) 1809 OS "fiasco".
Down at the shop where I volunteer at to catch their overflow for Windows 7 machines, earlier today MS Security Essentials on a customer's 64 bit Windows 7 Home Premium, SP1 machine flagged Firefox 64.0; which was released today, as malware.I hope the people at Microsoft trying to teach their MS Security Essentials cloud based machine to learn and recognize viruses and malware for Windows 7..............are not the same people at Microsoft who worked on the Windows 10 October (November/December) 1809 OS "fiasco".
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: Trojan warning when installing Palemoon 28.2.2
While hashes are not an end-all, they are provided on the download page.
So download your file, then check the download against the provided hash (as you should do in any case).
So download your file, then check the download against the provided hash (as you should do in any case).
-
NotesTracker
Re: Trojan:Win32/Occamy.C warning when installing Palemoon 28.2.2
I also am getting a warning from Windows Defender when trying to install 64-bit Pale Moon 28.2.2 (on Windows 10 Pro). It reports the Trojan havng the name Trojan:Win32/Occamy.C
I re-launched the Pale Moon 28.2.0 64-bit installer and (as before) Windows Defender gave no such warning, so I wonder what they're doing (or not doing properly).
I re-launched the Pale Moon 28.2.0 64-bit installer and (as before) Windows Defender gave no such warning, so I wonder what they're doing (or not doing properly).
Re: Trojan:Win32/Occamy.C warning when installing Palemoon 28.2.2
NotesTracker wrote:I also am getting a warning from Windows Defender when trying to install 64-bit Pale Moon 28.2.2 (on Windows 10 Pro). It reports the Trojan havng the name Trojan:Win32/Occamy.C
I re-launched the Pale Moon 28.2.0 64-bit installer and (as before) Windows Defender gave no such warning, so I wonder what they're doing (or not doing properly).
Compiled binaries can have any number of seemingly random byte sequences and if they match up with a "signature", it will hit a false positive. It's possible they are not doing anything -wrong- per se, but rather that their check is simply too naive.... if a sequence of bytes just happens to be the same as a signature they check for without checking much else.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Trojan warning when installing Palemoon 28.2.2
I unzipped the installer and scanned the setup file, then zipped the folders and the loose files of the core file separately
setup.exe
https://www.virustotal.com/en/file/d7b7 ... 545173400/
TheHacker Trojan/Katusha.m 20181216
files from "core" less the folders
https://www.virustotal.com/en/file/1a96 ... 545173316/
Cylance Unsafe 20181218
folders from "core"
https://www.virustotal.com/en/file/55a2 ... 545173675/
Cylance Unsafe 20181218
Installer direct from eu server
https://www.virustotal.com/en/file/83f8 ... 545172573/
Acronis malware 20180726
Cyren W32/GenBl.00FF64D7!Olympus 20181218
Trapmine malicious.high.ml.score 20181205
Is this googles plan to eliminate competition?
These unknown antivirus's....who the hell are they? they wont detect any 1 file, they are just programmed to give bullsit results based on the md5 or sha1 or similar of the installer. shenanigans
setup.exe
https://www.virustotal.com/en/file/d7b7 ... 545173400/
TheHacker Trojan/Katusha.m 20181216
files from "core" less the folders
https://www.virustotal.com/en/file/1a96 ... 545173316/
Cylance Unsafe 20181218
folders from "core"
https://www.virustotal.com/en/file/55a2 ... 545173675/
Cylance Unsafe 20181218
Installer direct from eu server
https://www.virustotal.com/en/file/83f8 ... 545172573/
Acronis malware 20180726
Cyren W32/GenBl.00FF64D7!Olympus 20181218
Trapmine malicious.high.ml.score 20181205
Is this googles plan to eliminate competition?
These unknown antivirus's....who the hell are they? they wont detect any 1 file, they are just programmed to give bullsit results based on the md5 or sha1 or similar of the installer. shenanigans
Re: Trojan warning when installing Palemoon 28.2.2
I had to send a software dev report to Microsoft before they took action, but their false positive has at least been removed.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Trojan warning when installing Palemoon 28.2.2
I would *dump* MS , and get a good AV like ... [Snipped]
Mod Edit: irrelevant, none are perfect, none avoid using MS's freely available definitions, all use guesswork... please stay on topic.
Mod Edit: irrelevant, none are perfect, none avoid using MS's freely available definitions, all use guesswork... please stay on topic.
VM 300Mbs in london england 
on Intel Core I7 3GHz on Gigabyte X58a.
PM 32.4.1(64bit) on win7(64bit) sp1 - does ytoobe better than FF!!
Got 24Gig, Nvidia GTX 1060
dont need 4k - not rich, not gamer, newer GPUs only for $$$ peeps
useragentstring(com) 
FF 115.3.1 
on Intel Core I7 3GHz on Gigabyte X58a. PM 32.4.1(64bit) on win7(64bit) sp1 - does ytoobe better than FF!!
Got 24Gig, Nvidia GTX 1060
dont need 4k - not rich, not gamer, newer GPUs only for $$$ peeps useragentstring(com) FF 115.3.1 Re: Trojan warning when installing Palemoon 28.2.2
This topic is about dealing with false positives.
Whatever your thoughts on which AV is 'best', they're irrelevant here.
Whatever your thoughts on which AV is 'best', they're irrelevant here.