NextDNS agent 2.0.1 now detected as malware
I am not sure what changed but the official exe download from the site is now detected as malware. I have used the .exe for many months without issue until today. It appears that 13 AV companies are now detecting it as malware. It was automatically removed from my computer.
Update: windows smartscreen is now blocking downloads of this as well
17 replies
-
I am having the same problem. Both Windows Defender & Antivirus software are detecting it as malware. It seems the app has been recently updated and there might be some bug in it.
I am using YogaDNS software with NextDNS settings for the time being the issue is resolved.
-
A virustotal scan of the Windows exe does not look great. More than likely a large false positive. Lets hope.
-
I noticed that this has happed on my Win10 system today. Getting the following in the event logs;
Log Name: Microsoft-Windows-Windows Defender/Operational Source: Microsoft-Windows-Windows Defender Date: 3/01/2021 21:39:11 Event ID: 1116 Task Category: None Level: Warning Keywords: User: SYSTEM Computer: XXXXXXXXXXXX Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Masslogger.VN!rfn&threatid=2147767997&enterprise=0 Name: Trojan:MSIL/Masslogger.VN!rfn ID: 2147767997 Severity: Severe Category: Trojan Path: file:_C:\Program Files (x86)\NextDNS\NextDNS.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\Temp\NextDNS Upgrader 2.0.1.exe Security intelligence Version: AV: 1.329.1515.0, AS: 1.329.1515.0, NIS: 1.329.1515.0 Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4Looks to be the latest NextDNS agent update that is the issue.
Let hope it gets sorted soon.
-
Same here with Bitdefender. Classified as: Trojan.GenericKD.35766253
-
+1 BitDefender here. is this a false positive or we are really dealing with malware??? NextDNS, please respond
-
+1 BitDefender as well. As others said, VirusTotal results also very alarming, almost as alarming as the lack of response from NextDNS
-
Lector I am going to leave the app in the bitbucket where windows defender ATP put it until someone provides an update about this.
-
Lector answered here already: https://help.nextdns.io/t/m1htpar/windows-reporting-nextdns-2-0-1-as-trojanmslmasslogger-vnrfn
-
Olivier Poitrey thanks! I'd imagine pinning your answer to a place highly visible would help others same as myself to quickly realize is a false positive? In any case, thanks for your answer, and for the product as well.
-
Olivier Poitrey hello Sir,
Do you know this IP 124.108.23.14, is this IP your block page IP. We sometimes get this IP when nextdns blocks a domain.
Thanks,
Nofil
-
Mohammad Nofil yes it is one of our IPs.
-
Olivier Poitrey At the same time as NextDNS, BitDefender also blocked the following file: C:\Program Files\Common Files\Autodesk Shared\cao20cht.tlb. How is that related to NextDNS? Also a false positive then?
-
Vincent van Duijnhoven it’s not. From my small experience anti virus tools are meh...
-
-
Well some info from VirusTotal may be the reason for this:
. Also something microsoft probably doesn't like 
-
Any news on if there has been a compromise to the app? Carbon Black is flagging it now too likely because they leverage virus total, who thinks there is a problem.
-
Next DNS Could we have an official confirmation that we can run the Windows installer safely and bypass any warning from smartscreen and antivirus ... Thanks in advance ...
Content aside
- 3 yrs agoLast active
- 17Replies
- 1013Views
-
13
Following