Windows reporting NextDNS 2.0.1 as Trojan:MSL/Masslogger.VN!rfn

Mark_85
updated 3 yrs ago
9replies

I noticed the error after a reboot. It looks like some files in the Program Files directory were modified today as well. My version.txt file says I'm on 2.0.1. However, the program is blocked from running on my Windows 10 machine.

Screenshot of my NextDNS directory in the Program Files directory

- Mariusb
- 3 yrs ago
- Reported - view
Hi.

This happened here just now as well. Next DNS was detected as a trojan, and then removed.

Apparently the trojan has been detected since Nov 15. The version of Next DNS being uninstalled appeared to be from Dec 9, which makes me believe that either
a. There was a recent infection in this computer, affecting the NextDNS sw.
b. There is a problem with NextDNS.
c. The NextDNS was incorrectly detected due to an error in the definition files.
The update for MS Defender definitions which apparently triggered the removal of NextDNS, is version 1.329.1466.0.

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aMSIL%2fMasslogger.VN!rfn&threatid=2147767997

My file info is similar to what Mark shares above.
- olivier
  
  3 yrs ago
  
  Reported - view
  Marius B we just pushed a new version of the windows client. We often get false positives, even though our client is signed and does nothing wrong.
- Mariusb
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey Thanks for the info.
  
  It appears that later versions of MS Defender definitions doesn't remove NextDNS, when reinstalled. We shall see what happens on subsequent updates to the Next DNS windows client.
- Artem_Lipatov
- 3 yrs ago
- Reported - view
I downloaded the latest binary from the site, it is still being detected by BitDefender
- Greg_Z
- 3 yrs ago
- Reported - view
McAfee will not allow 2.01 to be installed. 1.0.12 sill works.
- olivier
  
  3 yrs ago
  
  Reported - view
  Greg Z please report it a false positive. The more report they get, the faster they will clear it.
- Greg_Z
  
  3 yrs ago
  
  Reported - view
  Olivier Poitrey I've been in and out all around that app and I do not see anyway to 1) report false positives, nor 2) tell it to ignore the issue and stop deleting the file.
- Ruby_Balloon
  
  3 yrs ago
  
  Reported - view
  Greg Z Depending on which McAfee product/suite you use, one of these links should point you in the right direction
  
  https://kc.mcafee.com/corporate/index?page=content&id=KB85567
  
  or
  
  https://service.mcafee.com/webcenter/portal/cp/home/articleview?locale=en-US&articleId=TS103032&fromSearch=true&platform=
- Ueliton_Alves
- 3 yrs ago
- Reported - view
The CLI alternative for Windows cmd on the recomanded Wiki page is also detected as Trojan. Which makes me wonder if the program for Linux also has a Trojan.

Content aside

1 Likes
3 yrs agoLast active
9Replies
752Views
9 Following

Windows reporting NextDNS 2.0.1 as Trojan:MSL/Masslogger.VN!rfn

9 replies

Content aside

Home

Tags