Menu
Search

Forums

Forum Index

Thread overview
[Trojan in production binaries?????] Windows Defender claims that VisualD-v1.4.0.exe has a Trojan in it (Trojan:Win32/Suschil!rfn) #304
1 day ago
Kedy
21 hours ago
user1234
20 hours ago
Guillaume Piolat
20 hours ago
jmh530
1 day ago
Gravatar of KedyPosted by KedyReply
Kedy
Gravatar of Kedy


Reply

I recently got a notification that says,

Detected: Trojan:Win32/Suschil!rfn
Status: Quarantined
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\rootz\Downloads\VisualD-v1.4.0.exe

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

1 day ago
Gravatar of Richard (Rikki) Andrew CattermolePosted by Richard (Rikki) Andrew Cattermole
in reply to Kedy		Reply
Richard (Rikki) Andrew Cattermole
Gravatar of Richard (Rikki) Andrew Cattermole
Posted in reply to Kedy


Reply
On 06/05/2025 5:50 AM, Kedy wrote:
> I recently got a notification that says,
> 
> Detected: Trojan:Win32/Suschil!rfn
> Status: Quarantined
> Details: This program is dangerous and executes commands from an attacker.
> file: C:\Users\rootz\Downloads\VisualD-v1.4.0.exe
> 
> I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

Windows Defender is known to be quite happy to do this for binaries it hasn't seen very often.
21 hours ago
Gravatar of user1234Posted by user1234
in reply to Kedy		Reply
user1234
Gravatar of user1234
Posted in reply to Kedy


Reply

On Monday, 5 May 2025 at 17:50:24 UTC, Kedy wrote:

>

I recently got a notification that says,

Detected: Trojan:Win32/Suschil!rfn
Status: Quarantined
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\rootz\Downloads\VisualD-v1.4.0.exe

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

I think that the release is produced in a sandbox so if the signature matches you can confidently whitelist the program.

20 hours ago
Gravatar of Guillaume PiolatPosted by Guillaume Piolat
in reply to Kedy		Reply
Guillaume Piolat
Gravatar of Guillaume Piolat
Posted in reply to Kedy


Reply

On Monday, 5 May 2025 at 17:50:24 UTC, Kedy wrote:

>

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

Classic problem since D is used in malware and AV software tend to think all D software is thus malware.

When you suspect an antivirus misclassified a D program just because it's written in D, it helps to send them the misclassified binary for them to analyze. (often checking with VirusTotal give you the offenders). If noone do this then D programs end up deleted by browsers and OS right on download, I've found, also prevent people new to D from installing the compiler.

20 hours ago
Gravatar of jmh530Posted by jmh530
in reply to Guillaume Piolat		Reply
jmh530
Gravatar of jmh530
Posted in reply to Guillaume Piolat


Reply

On Tuesday, 6 May 2025 at 12:24:42 UTC, Guillaume Piolat wrote:

>

On Monday, 5 May 2025 at 17:50:24 UTC, Kedy wrote:

>

I do strongly think that I have downloaded the official release, can someone please tell me if they have a similar thing happened to them? I do not remember what triggered this, I do believe I have opened Visual Studio (in which I have D extension) so that could be what happened. Should I be woried?

Classic problem since D is used in malware and AV software tend to think all D software is thus malware.

When you suspect an antivirus misclassified a D program just because it's written in D, it helps to send them the misclassified binary for them to analyze. (often checking with VirusTotal give you the offenders). If noone do this then D programs end up deleted by browsers and OS right on download, I've found, also prevent people new to D from installing the compiler.

I think Windows does this now when upgrading the compiler. My recollection is that it didn't for a period because we were paying for a certificate of some kind, but the price went up and we dropped it.