Welcome to the Cumulus Support forum.

Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024

Cumulus MX V4 beta test release 4.0.0 (build 4017) - 17 March 2024

Legacy Cumulus 1 release v1.9.4 (build 1099) - 28 November 2014 (a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)

Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki

Re: CumulusMX - Trojan/Malware In DLL ? - Nope, Defender Reporting False Positive

Topics about the Beta trials up to Build 3043, the last build by Cumulus's founder Steve Loft. It was by this time way out of Beta but Steve wanted to keep it that way until he made a decision on his and Cumulus's future.

Moderator: mcrossley

Locked
trevbrp
Posts: 8
Joined: Tue 02 Aug 2016 8:44 pm
Weather Station: WMR 928
Operating System: Windows 10
Location: Peterborough

Re: CumulusMX - Trojan/Malware In DLL ? - Nope, Defender Reporting False Positive

Post by trevbrp »

I've been running Cumulus now for a few months with no issues. This evening I had need to stop Cumulus as I was doing some testing. However when I restarted the CumulusMx exe, errors were being reported as a file was missing. Looking a bit further, it was apparent Windows Defender has decided the following:

Detected item : Trojan:Win32/Peals.A!cl
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items:
containerfile:C:\Users\Trev\Downloads\CumulusMXDist3041.zip
file:C:\Users\Trev\Downloads\CumulusMXDist3041.zip->CumulusMX/Devart.Data.MySql.dll


Even re-installing from a new zip download of the Cumulus files, the same issue is being reported and Windows Defender removes the .dll file so i cannot run Cumulus again.

As I say, all was fine and dandy, until earlier this evening when stopping Cumulus temporarily.

Any others having the same issue....Is Defender reporting a false positive here ? Obviously a bit of an problem as I want to run Cumulus, but the only way I can do that is if I say 'allow' to the file and not remove it.... :!:

TrevP
Last edited by trevbrp on Wed 07 Dec 2016 11:41 pm, edited 1 time in total.
User avatar
ConligWX
Posts: 1570
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis vPro2+ w/DFARS + AirLink
Operating System: Ubuntu 22.04 LTS
Location: Bangor, NI
Contact:

Re: CumulusMX - Trojan/Malware In DLL

Post by ConligWX »

I have scanned all CumulusMX files by MalwareBytes, Spybot Search and Destroy and Sophos Endpoint Security and Sophos Home. this is on my System and a new download from this forum.

I think your windows Defender is showing a definite false positive, unless the dll has become infected from a trojan on your system. Personally I dont trust Defender as a "good" AV solution. there are plenty of Free alternatives that do a far better job.

"Sophos Home" is very good.
Capture.JPG
You do not have the required permissions to view the files attached to this post.
Regards Simon

https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •

Image
User avatar
steve
Cumulus Author
Posts: 26702
Joined: Mon 02 Jun 2008 6:49 pm
Weather Station: None
Operating System: None
Location: Vienne, France
Contact:

Re: CumulusMX - Trojan/Malware In DLL

Post by steve »

A quick Google for "Win32/Peals.A!cl" finds this: https://www.microsoft.com/security/port ... 2147276824

"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."

Hopefully this thread title won't put off the casual observer from trying Cumulus MX :(
Steve
User avatar
ConligWX
Posts: 1570
Joined: Mon 19 May 2014 10:45 pm
Weather Station: Davis vPro2+ w/DFARS + AirLink
Operating System: Ubuntu 22.04 LTS
Location: Bangor, NI
Contact:

Re: CumulusMX - Trojan/Malware In DLL

Post by ConligWX »

steve wrote:Hopefully this thread title won't put off the casual observer from trying Cumulus MX :(
I wonder how many Companies have had their products tainted by a pathetic MS app called Defender.
Regards Simon

https://www.conligwx.org - @conligwx
Davis Vantage Pro2 Plus with Daytime FARS • WeatherLink Live • Davis AirLink • PurpleAir •

Image
BigOkie
Posts: 272
Joined: Tue 28 May 2013 1:06 am
Weather Station: Davis VP2 Plus
Operating System: Raspian Buster (RPi 3b)
Location: Tulsa, OK

Re: CumulusMX - Trojan/Malware In DLL

Post by BigOkie »

Toxic17 wrote:
steve wrote:Hopefully this thread title won't put off the casual observer from trying Cumulus MX :(
I wonder how many Companies have had their products tainted by a pathetic MS app called Defender.
Any company using a free consumer tool for security deserves to have their products tainted.
User avatar
mcrossley
Posts: 12685
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: CumulusMX - Trojan/Malware In DLL

Post by mcrossley »

I think toxic meant - by false detections.

To be fair all the AV products do this from time to time.
trevbrp
Posts: 8
Joined: Tue 02 Aug 2016 8:44 pm
Weather Station: WMR 928
Operating System: Windows 10
Location: Peterborough

Re: CumulusMX - Trojan/Malware In DLL - False Positive ?

Post by trevbrp »

steve wrote:A quick Google for "Win32/Peals.A!cl" finds this: https://www.microsoft.com/security/port ... 2147276824

"NOTE: On December 6, 2016, an incorrect detection for our cloud-based protection for Trojan:Win32/Peals.A!cl was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. For details, see Updating your Microsoft antimalware and antispyware software."

Hopefully this thread title won't put off the casual observer from trying Cumulus MX :(
Hi Steve,

Apologies. It was not my intention to infer from the thread title that there WAS a trojan in the DLL, and from the content of the thread, I'm sure any reading the post would soon come to the conclusion that I was asking a generic question rather than accusing the software of actually having some malware/trojan within the download. I have now changed the title of the post.

I have no issues with Defender, it is not the only anti-virus software that reports false positives, far from iot, paid or unpaid software. I DO keep it updated and did update the definition file yesterday....I can only assume I updated before Microsoft issued the update.

Good to know that it was indeed a false positive.

regards

Trev
User avatar
mcrossley
Posts: 12685
Joined: Thu 07 Jan 2010 9:44 pm
Weather Station: Davis VP2/WLL
Operating System: Bullseye Lite rPi
Location: Wilmslow, Cheshire, UK
Contact:

Re: CumulusMX - Trojan/Malware In DLL

Post by mcrossley »

You might want to change the thread title then? Maybe something like... "CumulusMX - Possible Trojan/Malware In DLL? [no]"
trevbrp
Posts: 8
Joined: Tue 02 Aug 2016 8:44 pm
Weather Station: WMR 928
Operating System: Windows 10
Location: Peterborough

Re: CumulusMX - Trojan/Malware In DLL ? - Nope, Defender Reporting False Positive

Post by trevbrp »

mcrossley wrote:You might want to change the thread title then? Maybe something like... "CumulusMX - Possible Trojan/Malware In DLL? [no]"
Hi Mark,

I thought I had, but it seems the change didn't take. I will amend again.

Bit of a nightmare at the moment as I have updated Defender, and re-installed, but Cumulus is reporting that It still has a problem. I will persevere see if I can sort that...if not, i will raise it.

regards

Trev
water01
Posts: 3215
Joined: Sat 13 Aug 2011 9:33 am
Weather Station: Ecowitt HP2551
Operating System: Windows 10 64bit
Location: Burnham-on-Sea
Contact:

Re: CumulusMX - Trojan/Malware In DLL

Post by water01 »

You have to go back and edit your first post and change the Topic title in that as that is the one it uses for the Forum Topic List.
David
Image
Locked