Trojan:Win32/Fethar.B!cl
-
Don’t know if is real, but the NPP plugin CSScript updater.exe was infected with this trojan (at lease Windows Defender says so).
There are no other infections in my machine, and that scan was made as soon as npp updated that plugin (no manual download was made)
So, be careful.Category: Trojan
Description: This program is dangerous and executes commands from an attacker.Recommended action: Remove this software immediately.
Items:
file:C:\Users\JC\Downloads\CSScriptNpp.Updater\updater.exeGet more information about this item online.
-
I just got the same message.
My Defender definitions are version 1.223.1538.0.
SHA1 signature for updater.exe is 13aabfd14e2b38b0fade1ad3bb6ec43f09795ab3It was the self-updater to bring CSScript to v1.1.0.0
I’ll hazard a guess it has something to do with this: https://github.com/gluck/il-repack/issues/152
-
On a little more research, chance of a link to ILRepack seems slim.
I was able to download the 7z from Codeplex - Defender says it’s clean - and manually extract (elevated, of course) the plugins folder from the 7z into my installation’s plugin folder, which seems to have done the trick.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login