Malware detected inside IPH (Isk Per Hour)? I don't (want to) believe it

I’ve been using IPH for a longer time than I’d like to admit, and I’ve been in contact with Zifrian here on the forum and on git and mail too. He’s a cool and dedicated guy and he’s been working really hard to keep his tool updated after all the oh so many dramatic changes CCP threw at third parties developers, so I have no reason to doubt about his behavior. Still, today I decided it was time for me to stick my nose back again into EVE and windows defender got all triggered and alarmed.

image_2020-12-23_175554858×313 19.8 KB

It won’t let me complete the install because it found a certain ‘cryptinject.ml’ malware inside the executable. I googled it, I’ve seen it seems to be a ‘true’ malware, I looked quickly here and found no reference to this problem, and I opened this thread.
Hope it all turns out to be a windows issue, or my own as well, but I just wanted to have it clarified once and for all. Thanks.

Just for the sake of it, I downloaded the installer from the git repos, cloning the latest stable version on my desktop and extracting the installer. Anyway… although the install did not complete, I noticed that in the usual folder where all the personal data are stored ( %user%/AppData/Roaming/EVE IPH) there was the EVEIPH Updater. I launched it, it did find some updates, it downloaded them, installed them flawlessly and now I’m using IPH like a boss. I still have no idea about what triggered the windows protection antimalware thingy in the first place.

Usually this happens when something new exists that Microsoft or whatever antivirus/antimalware service hasn’t properly and thoroughly indexed as safe (yet).

Even EVE throws these errors sometimes.

WINE detected as Malware
Malware detected
False virus warning from the update?
Possible virus/malware in Wine components of Eve for mac

Just saw this message but others brought this too my attention as well. I submitted the program for scanning with Windows Defender and they removed it from the definitions for CryptInject as a false positive. I also submitted one for CoinMiner but it only shows it as a potentially unwanted application (PUA) program so not sure if that will get updated.

I think this started after I implemented the new log-in process where you don’t need to create a developer account. In any case, email me any issues at eveiskperhour@gmail.com or say something on Discord and I’ll check into it.

Oh ok, this put me off previously. So I only need my account details? What about steam accounts?
Cheers

I’m not sure but I assume it’s fine. I assume there is no special way to log into the forums with a steam account and it’s the same process. Give it a go and let me know?

Just letting you know this still seems to be a problem. I made sure Windows Defender was up-to-date, but there seems to still be a problem. It did detect it as a different malware than what’s listed above though, so… progress?

I was able to tell Defender to allow it, which I had to do again after EVE ISK updated, and it seems to be working now. You might want to bug MS about it though, as they seem to have dropped the ball on their end.

Yeah, getting reports still. What virus or malware did it flag? A new name has come up recently.

Btw, the only virus scanner flagging it is Microsoft Defender:
https://www.virustotal.com/gui/file/a1797c477240f839e1fc37894cd8a0ad29291637fc4aa297edaaeafd8624500d/detection

What is CoinMiner? I would imagine that Windows Defender is flagging it as a bitcoin/crypto miner.

Still got the message, that there is a PUA:Win32/CoinMiner inside the updater. Uploaded the installer to virustotal, result is good (negativ), but this is a huge flaw in my opinion, which needs to get adressed. the reputation of this great 3rd party tool will fall, which is the opposite of which you deserve, Zifrian

Ok, found the advisory on your discord, sorry for re-activation of this old thread. mea culpa