使用 PyInstaller 制作的程序现在被 AVG 视为特洛伊木马 [英] Program made with PyInstaller now seen as a Trojan Horse by AVG
问题描述
大约一个月前,我使用 PyInstaller 和 Inno Setup 为我的 Python 3 脚本生成安装程序.我的 AVG Business Edition AntiVirus 刚刚开始抱怨今天的更新,该程序在用于启动程序的主 .exe 文件中(在 PyInstaller 创建的文件夹中,包含所有 Python胆量")中有一个 SCGeneric 特洛伊木马.起初我只是认为这是 AVG 中的误报,但是将 .exe 文件提交给 VirusTotal 我得到了这个分析:
About a month ago, I used PyInstaller and Inno Setup to produce an installer for my Python 3 script. My AVG Business Edition AntiVirus just started complaining with today's update that the program has an SCGeneric Trojan Horse in the main .exe file used to start the program (in the folder created by PyInstaller that has all of the Python "guts"). At first I just thought it was a false positive in AVG, but submitting the .exe file to VirusTotal I get this analysis:
这表明 61 个扫描仪中有 11 个检测到问题:
Which shows that 11 out of 61 scanners detect a problem:
TheHacker Trojan/Agent.am
NANO-Antivirus Trojan.Win32.Agent.elyxeb
DrWeb Trojan.Starter.7246
Yandex Trojan.Crypren!52N9f3NgRrY
Jiangmin Trojan.Agent.asnd
SentinelOne (Static ML) static engine - malicious
AVG SCGeneric.KTO
Rising Malware.Generic.5!tfe (thunder:5:ujHAaqkyw6C)
CrowdStrike Falcon (ML) malicious_confidence_93% (D)
Endgame malicious (high confidence) 20170503
Zillya Dropper.Sysn.Win32.5954
现在我不能说这些其他扫描仪是我以前听说过的……但我仍然担心它不仅仅是 AVG 给出误报.
Now I can't say that these other scanners are ones that I have heard of before... but still I'm concerned that it is not just AVG giving a false positive.
我已将相关 .exe 文件提交给 AVG 以供他们分析.希望他们会放弃他们认为他们试图检测的任何东西.
I have submitted the .exe file in question to AVG for their analysis. Hopefully they will back off on whatever it is that they thought they were trying to detect.
我还能用 PyInstaller 做些什么来使它创建的 .exe 启动器不会被视为木马吗?
Is there anything else I can do with PyInstaller to make it so that the .exe launcher that it created won't be considered a Trojan?
感谢您的任何意见.
推荐答案
我能够将相关文件提交到 AVG 的报告错误检测"页面,位于 https://secure.avg.com/submit-sample.我很快就收到了回复(我不记得确切多久了,但不到一天),他们分析了我的文件并确定它没有病毒.他们说他们已经调整了他们的病毒定义,这样就不会再触发误报.我更新了我的定义,它仍然在触发,所以我用我的病毒定义版本再次联系他们,我听说我的版本不够高 - 我认为我的定义有一些延迟,因为我从本地服务器.但在一天之内,我得到了正确版本的定义,并且不再触发误报.
I was able to submit the file in question to AVG's "Report a false detection" page, at https://secure.avg.com/submit-sample. I received a response back fairly quickly (I can't remember exactly how long, but it was less than a day) that they had analyzed my file and determined that it did not have a virus. They said that they had adjusted their virus definitions so that it would not trigger a false positive anymore. I updated my definitions and it was still triggering, so I contacted them again with my virus definition version, and I heard back that the version I had wasn't high enough - I think there was some delay on my definitions because I get them from a local server. But within a day I had the right version of the definitions and the false positive didn't trigger anymore.
因此,如果您对 AVG 有误报,我会推荐此解决方案 - 相当快速且轻松地解决问题.
So if you have a false positive with AVG, I would recommend this solution - fairly quick and easy to get a resolution to the problem.
这篇关于使用 PyInstaller 制作的程序现在被 AVG 视为特洛伊木马的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
