https://threats.kaspersky.com/en/threat/UDS:Trojan.Win32.Badur
It’s a false positive, it happens from time to time.
This just came up for me too today. my whole pc went into meltdown over it with different windows elements crashing. i’m not sure if it was the antivirus trying to protect the system preventing use of things or an actual trojan doing it’s work. never before has kaspersky come up with a false positive on sonarr, and the exes themselves seemed odd as to why 2 update exes were made in diff directories.
It’s above my paygrade, as if something bad did happen i’d have no way of telling if something was pushed out and then retracted so it would only affect a smaller subset of users(be less detectable)but if someone who knows how to double check something bad wasn’t pushed out by a malicous actor.
i spent about an hour myself on it i was able to get the files quarantined and tested on virustotal which showed a 3/68 positive detection rate which is at least mostly reassuring. but yeah, if someone could please double check i’d be eternally grateful.
let’s be real, if they can get stuff inserted into the likes of cccleaner and other major software titles, they can get stuff in anywhere.
@whiz There’s no good reason for Kaspersky to detect it as a virus. Sonarr is built using the .net framework and the generated binary is in an intermediate language that can be completely disassembled and inspected. Yet they throw up false positives regularly.
Antivir solutions generally are like The Boy who cried Wolf, and I have little interest in chasing after leads that don’t point at clearly malicious behavior.
Your post says ‘UDS:Trojan.Win32.Badur’ and ‘PDM:Trojan.Win32.Bazon.a’, on the two files separately. Files which happen to be identical. So what is it? Badur or Bazon? How did they detect it?
Antivir apps never provide the specific reason for the detection.
Kaspersky VirusDesk says:
including filehashes, in case you’re inclined to verify it yourself.
I submitted `NzbDrone.Update.exe to Kaspersky and they confirmed it was a false positive.’
Their response:
Hello,
Sorry, it was a false detection. It will be fixed.
Thank you for your help.
thanks for following up <3. as for the diff detection for the same file name, that’s the strange thing i noted above. the file was a few kb diff in those 2 locations. hence one reason that it raised my concern. same filename, diff capitalization, diff location, diff size.
Not sure about that difference, since casing doesn’t make a difference it may just be in how it was detected.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.