2

NextDNS 2.0.3 detected by Kaspersky

Today, the NextDNS application automatically updated to version 2.0.3. But was detected by Kaspersky as Trojan-PSW, so it was blocked and deleted.

Event: Malicious object detected
User: COMPAQ-CQ45\Jerry
User type: Active user
Application name: NextDNSService.exe
Application path: C:\Program Files (x86)\NextDNS
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan-PSW.Win32.Mimikatz.ekv
Precision: Exactly
Threat level: High
Object type: File
Object name: NextDNS Upgrader 2.0.3.exe
Object path: C:\Windows\Temp
MD5: 44657C3CFD8A4CC8DD1B0E8AF008002F
Reason: Cloud Protection
Event: Malicious object detected
User: COMPAQ-CQ45\Jerry
User type: Active user
Application name: NextDNSService.exe
Application path: C:\Program Files (x86)\NextDNS
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan-PSW.Win32.Mimikatz
Precision: Exactly
Threat level: High
Object type: File
Object name: NextDNSService.exe
Object path: C:\Windows\Temp\NextDNS Upgrader 2.0.3.exe//
MD5: 50D6D76C0BD3EB2985D9D8C040E812E9
Reason: Cloud Protection

When I download the 2.0.3 installation, it's still detected by Kasperksy

Event: Malicious object detected
User: COMPAQ-CQ45\Jerry
User type: Active user
Application name: explorer.exe
Application path: C:\Windows
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan-PSW.Win32.Mimikatz.ekv
Precision: Exactly
Threat level: High
Object type: File
Object name: NextDNSSetup-2.0.3.exe
Object path: D:\Users\Downloads\Programs
MD5: 44657C3CFD8A4CC8DD1B0E8AF008002F
Reason: Cloud Protection
Event: Malicious object detected
User: COMPAQ-CQ45\Jerry
User type: Active user
Application name: explorer.exe
Application path: C:\Windows
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan-PSW.Win32.Mimikatz
Precision: Exactly
Threat level: High
Object type: File
Object name: NextDNSService.exe
Object path: D:\Users\Downloads\Programs\NextDNSSetup-2.0.3.exe//
MD5: 50D6D76C0BD3EB2985D9D8C040E812E9
Reason: Cloud Protection

Please check and fix it! Thank you!

5 replies

null
    • NextDNs
    • 2 yrs ago
    • Reported - view

    This happens every time we release a new version of the Windows app. It is signed with an EV certificate and nothing major has changed in this revision, but still, those anti-viruses AI keep reporting it as a trojan. This is obviously a false positive. It will solve by itself as people report it as such, until the next revision…

    • mssfxwas
    • 2 yrs ago
    • Reported - view

    I contacted microsoft and they said they removed the detection

Content aside

  • 2 Likes
  • 2 yrs agoLast active
  • 5Replies
  • 160Views
  • 4 Following