Bitdefender flags paint.net.5.0.7.install.x64.zip

[xordevoreaux]

I downloaded paint.net.5.0.7.install.x64.zip from Github, extracted the installer, launched it, and Bitdefender instantly flagged it. Couldn't install it.

 

Edit: Right-clicking the file to scan with Bitdefender didn't reveal anything. It only occurs upon launch.

This is what Bitdefender is reporting:

 

The file C:\Users\[username]\AppData\Local\Temp\7zS40E88D5D\SetupShim.exe is infected with Gen:Variant.Tedy.388183 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

 

Edited June 24 by xordevoreaux

[Disk4mat]

Installers are known for triggering false positives. You can create an exclusion or temporarily disable BD for the install.

[xordevoreaux]

For all the years I've used both Paint.net and BitDefender, this is the first time I've come across this, and with so many repositories in Github compromised, I'm keeping my current installation of Paint.net and turning off automatic updates. I'll see how things are with the next announced update.

[Rick Brewster]

Many antivirus programs will sometimes have false-positives until they learn that the new version is not a virus. Quite often because the installer is doing "suspicious" things such as requiring elevated privilege and having a bunch of compressed files within it (via 7-zip/LZMA compression). In other words, it's not detecting a specific virus -- it's using a heuristic to detect things that might be from a virus. And those things happen to align with what a legitimate application installer will often be doing as well.

 

I scanned it multiple times with Windows Defender, which did not pick up any virus or malware.

 

This will likely go away within a day or so.

[MC Painter]

My virus protection also detects a virus of the type beast (Trojan) in the installation software paint.net.5.0.7.install.x64.zip. The detected infection is quarantined and installation is denied. I take the alert seriously because in over 10 years of using paint.net I have never had an update virus alert before. (Translated from German with Google translator)

[MC Painter]

Okay, I've now relied on admin Rick Brewster's statement because my antivirus was also alerting by behavior and not a specific virus. The supposedly detected Trojan of the type "beast" is not exactly defined. I downloaded the offline installation file to bypass the installation lock from my antivirus program. Then I blocked internet access and turned off the virus monitor. The paint.net installation routine that was then started ran normally. After that, paint.net also started normally. A subsequent full virus scan of the computer yielded nothing.

 

Thanks very much.

 

(Translated from German with Google translator)

Edited June 25 by MC Painter

[Portalvasco]

Panda Dome shows alert on setupshim.exe too.

 

I had never given that alert until this 5.0.7 version.

 

I have reported it to Panda.

Edited June 26 by Portalvasco

[aecoles]

Same as Portalvasco. WatchGuard flags SetupShim.exe 

Not going to disable my AV.

 

Edited June 27 by aecoles

[toe_head2001]

You all need to report the false positive to your AV vendors.

 

No one here can do anything about it, so you're essentially wasting your breath.

[FB60NL]

I just installed the most recent update. Windows instantly flaged the file SetupShim.exe as containing Trojan:Script/Wacatac.B!ml.

[Tactilis]

4 minutes ago, FB60NL said:

I just installed the most recent update. Windows instantly flaged the file SetupShim.exe as containing Trojan:Script/Wacatac.B!ml.

Please see the comment from @toe_head2001 immediately above yours and that from @Rick Brewster on June 25th.

[BoltBait]

The installs are all signed and do not contain viruses.

 

You really need to report false positives to your AV vendor.