Thread overview
[Trojan in production binaries?????] Windows Defender claims that VisualD-v1.4.0.exe has a Trojan in it (Trojan:Win32/Suschil!rfn) #304
1 day ago
Kedy
21 hours ago
user1234
20 hours ago
Guillaume Piolat
20 hours ago
jmh530
1 day ago

I recently got a notification that says,

Detected: Trojan:Win32/Suschil!rfn
Status: Quarantined
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\rootz\Downloads\VisualD-v1.4.0.exe

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

1 day ago
On 06/05/2025 5:50 AM, Kedy wrote:
> I recently got a notification that says,
> 
> Detected: Trojan:Win32/Suschil!rfn
> Status: Quarantined
> Details: This program is dangerous and executes commands from an attacker.
> file: C:\Users\rootz\Downloads\VisualD-v1.4.0.exe
> 
> I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

Windows Defender is known to be quite happy to do this for binaries it hasn't seen very often.

21 hours ago

On Monday, 5 May 2025 at 17:50:24 UTC, Kedy wrote:

>

I recently got a notification that says,

Detected: Trojan:Win32/Suschil!rfn
Status: Quarantined
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\rootz\Downloads\VisualD-v1.4.0.exe

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

I think that the release is produced in a sandbox so if the signature matches you can confidently whitelist the program.

20 hours ago

On Monday, 5 May 2025 at 17:50:24 UTC, Kedy wrote:

>

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

Classic problem since D is used in malware and AV software tend to think all D software is thus malware.

When you suspect an antivirus misclassified a D program just because it's written in D, it helps to send them the misclassified binary for them to analyze. (often checking with VirusTotal give you the offenders). If noone do this then D programs end up deleted by browsers and OS right on download, I've found, also prevent people new to D from installing the compiler.

20 hours ago

On Tuesday, 6 May 2025 at 12:24:42 UTC, Guillaume Piolat wrote:

>

On Monday, 5 May 2025 at 17:50:24 UTC, Kedy wrote:

>

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

Classic problem since D is used in malware and AV software tend to think all D software is thus malware.

When you suspect an antivirus misclassified a D program just because it's written in D, it helps to send them the misclassified binary for them to analyze. (often checking with VirusTotal give you the offenders). If noone do this then D programs end up deleted by browsers and OS right on download, I've found, also prevent people new to D from installing the compiler.

I think Windows does this now when upgrading the compiler. My recollection is that it didn't for a period because we were paying for a certificate of some kind, but the price went up and we dropped it.