Trojan:Win32/Fethar.B!cl



  • Don’t know if is real, but the NPP plugin CSScript updater.exe was infected with this trojan (at lease Windows Defender says so).
    There are no other infections in my machine, and that scan was made as soon as npp updated that plugin (no manual download was made)
    So, be careful.

    Category: Trojan
    Description: This program is dangerous and executes commands from an attacker.

    Recommended action: Remove this software immediately.

    Items:
    file:C:\Users\JC\Downloads\CSScriptNpp.Updater\updater.exe

    Get more information about this item online.



  • I just got the same message.
    My Defender definitions are version 1.223.1538.0.
    SHA1 signature for updater.exe is 13aabfd14e2b38b0fade1ad3bb6ec43f09795ab3

    It was the self-updater to bring CSScript to v1.1.0.0

    I’ll hazard a guess it has something to do with this: https://github.com/gluck/il-repack/issues/152



  • On a little more research, chance of a link to ILRepack seems slim.

    I was able to download the 7z from Codeplex - Defender says it’s clean - and manually extract (elevated, of course) the plugins folder from the 7z into my installation’s plugin folder, which seems to have done the trick.


Log in to reply