[ronvp]

Just installed 17.5 and when I was messing with the UPNP settings, I got a windows defender message that Kodi.exe is infected with a ransom ware virus. I downloaded the nightly installer and sofar, no reports..

[antaljanssen]

Same here after upgrading from 17.4 to 17.5, downloaded the file on Saterday from the kodi.tv website and Defender marked is as infected by Win32/Cerber!blist, defender scanned the PC and found it was found in kodi.exe. In my case it was installed on a 32bit Windows 10 OS release 1709 on a Intel Stick, a small lightweight PC device.

[AK-47]

Me too, I got this after installing v17.5 over existing v17.4 install:



I quarantined it.

EDIT 1: I'm using Windows 10 Creator's Update.

EDIT 2: Not sure if this is related or not: I didn't attempt to launch Kodi before quarantining the Trojan. Now trying to launch Kodi after quarantining the Trojan, it appears kodi.exe does not exist. Don't want to install Kodi over the existing installation again as I am worried about this whole Trojan business. I think I'll just shut down the PC in question until there is more clarity around the situation.

[BatterPudding]

Get yourself some decent anti-virus.  You are looking at a bogus report there.  Probably caused by MS not having see enough copies of 17.5 to know it is safe.

TO help paranoia when false positives like this occur, use virustotal as a double check.

https://www.virustotal.com/#/home/url

[AK-47]

Get yourself some decent anti-virus.  You are looking at a bogus report there.  Probably caused by MS not having see enough copies of 17.5 to know it is safe.

TO help paranoia when false positives like this occur, use virustotal as a double check.

https://www.virustotal.com/#/home/url

So this is a false positive.

I had a feeling this might have been the case.

Thanks for the confirmation.

[antaljanssen]

Get yourself some decent anti-virus.  You are looking at a bogus report there.  Probably caused by MS not having see enough copies of 17.5 to know it is safe.

TO help paranoia when false positives like this occur, use virustotal as a double check.

https://www.virustotal.com/#/home/url

A few months ago with CCleaner, there was also malicious code embedded within the tool, this was for me the reason to be suspicious about the message by Defender after an upgrade and ask for confirmation. There must be a trigger embedded within kodi.exe 17.5 what wasn't there in 17.4 so my simple thought was better to be safe than sorry and better check twice and don't use until I'm sure it's safe.

[BatterPudding]

Get yourself some decent anti-virus.  You are looking at a bogus report there.  Probably caused by MS not having see enough copies of 17.5 to know it is safe.

TO help paranoia when false positives like this occur, use virustotal as a double check.

https://www.virustotal.com/#/home/url

A few months ago with CCleaner, there was also malicious code embedded within the tool, this was for me the reason to be suspicious about the message by Defender after an upgrade and ask for confirmation. There must be a trigger embedded within kodi.exe 17.5 what wasn't there in 17.4 so my simple thought was better to be safe than sorry and better check twice and don't use until I'm sure it's safe.

It is not really that there is a "trigger" in the code, more a case that Microsoft hasn't uploaded enough copies of the file signature yet.  In first hours of a new release this file is "too new" for Defender to recognize.  So it often assumes virus as a lazy fallback.  Has often happened with AV companies over the years.  This is where sites like Virus Total are very useful.

The CCleaner story is a good one to be aware of as this is happening more often now.  Including on the Mac.  What made me laugh about the CCleaner story was the timing of the event... it happened only a few months after CCleaner had been bought up by Avast.  Slightly embarrassing.