Login at Kodi Home

angryguy123 · 2017-12-05, 13:46

I just installed Kodi via https://kodi.tv/download then click on "Windows" and "Installer" Download via your official Link to Mirrors. After downloading and installing it, Windows Defender says Malware found: Win32/Vigorf.A

The mirrors are: use.se and leaseweb.net

Is this a false positive?

angryguy123 · 2017-12-05, 14:04

Same at hosteurope.de and rwth-aachen.de as Mirrors.
The download of the .exe gets stopped by Defender after 99% and Defender says Trojan found.

Newsangel · 2017-12-05, 14:16

(2017-12-05, 13:46)angryguy123 Wrote: I just installed Kodi via https://kodi.tv/download then click on "Windows" and "Installer" Download via your official Link to Mirrors. After downloading and installing it, Windows Defender says Malware found: Win32/Vigorf.A

The mirrors are: use.se and leaseweb.net

Is this a false positive?

GOT THE SAME ISSUE TODAY

KODI TEAM -- WAKE UP -- THIS IS AN EMERGENCY

since attackers have been injecting bad code into GOOD software these days (if you've been reading the news) I would say there is a good chance it is infected. Kodi needs a hotline for these kind of problems, because this will instantly affect millions of users. I found your post because I was going to make my own. Win Defender has removed my EXE file from my storage.. and it also said it detected Trojan:Win32/Vigorf.A That's a specific and SEVERE virus and I am willing to be it is embedded in the code.

angryguy123 · 2017-12-05, 14:19

(2017-12-05, 14:16)Newsangel Wrote:
(2017-12-05, 13:46)angryguy123 Wrote: I just installed Kodi via https://kodi.tv/download then click on "Windows" and "Installer" Download via your official Link to Mirrors. After downloading and installing it, Windows Defender says Malware found: Win32/Vigorf.A

The mirrors are: use.se and leaseweb.net

Is this a false positive?

GOT THE SAME ISSUE TODAY

KODI TEAM -- WAKE UP -- THIS IS AN EMERGENCY

since attackers have been injecting bad code into GOOD software these days (if you've been reading the news) I would say there is a good chance it is infected. Kodi needs a hotline for these kind of problems, because this will instantly affect millions of users. I found your post because I was going to make my own. Win Defender has removed my EXE file from my storage.. and it also said it detected Trojan:Win32/Vigorf.A That's a specific and SEVERE virus and I am willing to be it is embedded in the code.

I tried to prove it but there is no chance for me to download the .exe Installer. Defender stops the download at 99% and says that .exe.part is infected. No matter which Mirror, I tried it now with 3 more.

FXB78 · 2017-12-05, 14:34

(2017-12-05, 14:16)Newsangel Wrote: KODI TEAM -- WAKE UP -- THIS IS AN EMERGENCY

You've been here for 4 years and never noticed this happens on EVERY release of Kodi due to false positives. Yes, there's a chance it could be an issue so I suppose it's fine to report it, but there's no need to be so dramatic Smile

Newsangel · 2017-12-05, 14:39

(2017-12-05, 14:19)angryguy123 Wrote:
(2017-12-05, 14:16)Newsangel Wrote:
(2017-12-05, 13:46)angryguy123 Wrote: i do not LIKE

Newsangel · 2017-12-05, 14:43

Sorry about the confusion, the REPLY feature completely messes up my replies. This time I tried a new reply instead of specific

I downloaded Kodi 17.6 last week and have it saved on multiple volumes, such a flash sticks. Win Defender just started blocked the executable recently.

I had no issues with it previously.

This means the latest definition updates are what is telling WinDefender that the Kodi file is infected.

Until Kodi notices our posts and responds, I would NOT trust this version of Kodi. From what I am reading, this virus lets invaders take control of your PC'

That is certainly not worth the risk, even it is just a false positive

Because this is a Win Defender issue, Kodi team needs in investigate like YESTERDAY. LOL

**jjd-uk** · 2017-12-05, 14:51

I guarantee it's a false positive so nothing for us to check, if you are really that paranoid get a md5 checker and compare against the md5 hash here http://mirrors.kodi.tv/releases/windows/...mirrorlist

Newsangel · 2017-12-05, 14:54

FXB78..

I am a PC tech of 26 years.

Your response is uncalled for.

Perhaps you are NOT a Windows user, but millions of people will NOT be able to use Kodi after today.

And my being a member for 4 years has no bearing on this conversation.

It almost looks to me you are bored.. and entered the conversation just to pick a fight.

In fact, I would have preferred to contact the Kodi team privately, but the forum is my only choice.

Kodi team needs to know about this ASAP, especially since Kodi has been working directly with Microsoft and the relationship is important.

angryguy123 · 2017-12-05, 14:56

(2017-12-05, 14:51)jjd-uk Wrote: I guarantee it's a false positive so nothing for us to check, if you are really that paranoid get a md5 checker and compare against the md5 hash here http://mirrors.kodi.tv/releases/windows/...mirrorlist

Problem is, that I can not load the .exe due to blocking of the defender. Just tried it once again.

Newsangel · 2017-12-05, 15:00

JJD

as I stated earlier, doesn't matter if the code is infected or not.

Win 10 has total control of the user's system.. much more so than earlier versions

As a Kodi team member, do you really want millions of people to suddenly NOT be able to use Kodi?

And if the team just shrugs and does nothing, don't you think that would push people to trust Plex over Kodi, which Microsoft now embeds in Win 10?

Think about it...

FXB78 · 2017-12-05, 15:18

(2017-12-05, 14:54)Newsangel Wrote: FXB78..

I am a PC tech of 26 years.

Your response is uncalled for.

Perhaps you are NOT a Windows user, but millions of people will NOT be able to use Kodi after today.

And my being a member for 4 years has no bearing on this conversation.

It almost looks to me you are bored.. and entered the conversation just to pick a fight.

In fact, I would have preferred to contact the Kodi team privately, but the forum is my only choice.

Kodi team needs to know about this ASAP, especially since Kodi has been working directly with Microsoft and the relationship is important.

I'm bored of people getting all dramatic every single time there is a new release of Kodi, I'll tell you that much. Not really 'picking a fight', just advising you that it's 99.9% likely to be a false positive. As you can see from further posts even Team Kodi are not bothered by this false positive, so it's not a case of me causing trouble.

I did a quick search of the forum and picked out all these links in about 30 seconds (there are many more), like I said it happens with EVERY release and goes away when definitions are fixed:

https://forum.kodi.tv/showthread.php?tid=323200
https://forum.kodi.tv/showthread.php?tid=320335
https://forum.kodi.tv/showthread.php?tid=305310
https://forum.kodi.tv/showthread.php?tid=306564
https://forum.kodi.tv/showthread.php?tid=305527
https://forum.kodi.tv/showthread.php?tid=305366
https://forum.kodi.tv/showthread.php?tid=264099
https://forum.kodi.tv/showthread.php?tid=264783
https://forum.kodi.tv/showthread.php?tid=258923

narvatu · 2017-12-05, 15:32

I have a installer downloaded 16-Nov without problems until now
If I open this installer today, windows defender informs about trojan vigorf.A
It's a new positive in new definitions of antivirus. Old antivirus (not actualized) don not find any virus

Huh

FXB78 · (This post was last modified: 2017-12-05, 15:47 by FXB78.)

I just downloaded the file & Windows Defender does give a warning, however it seems like no other AV out there has a problem https://www.virustotal.com/#/url/c2b54db.../detection

I assume it's an issue with Windows Defender which will probably be rectified shortly.

Newsangel · 2017-12-05, 15:51

FXB78

This is a public forum to report issues.

And a thousand people might report a problem, even when the problem is already solved.

If someone cannot productively respond to posts without insulting the writer, then why bother responding?

Am I responsible for your boredom?

No one is forcing to read our posts, let alone respond.

Doesn't proper common sense etiquette state that if you are going to respond or be helpful, that you should do it without an attitude?

Speaking as a PC professional in the real world and former psych therapist. I find it disheartening that:

I've been called both paranoid and dramatic, by supposed respected and important members of the community

And blamed/shamed for reporting an important issue early (on the first to detect Microsoft's AV issue)

If I didn't know any better, I'd say some people in the forums feel threatened by anyone who seems intelligent or concerned

Here's what is important...

It doesn't matter if I am 'in the know' or not about false positives

All that matters is Kodi teams know about it to STOP POTENTIAL REPUTATION DAMAGE with its Win users.

Contacting MS team should be a priority.

If you cannot SEE the importance of that, then I am beating a dead horse