Unity producing Malware under Windows10?

That seemed to work, thanks for the workaround!

 

So... A nice and small bump to this thread.
I just built a prototype game on unity 5.5.0p4 and sent the build to a friend.

His WD alerted him for "Trojan:Win32/Manrele.K!cl" and deletes the file immediately.
After finding this thread he tried to update his WD (running on windows 10) and reset and... it did not work.

I am technically in no rush since this build is not for consumers, but it is pretty annoying and I would like to avoid trouble for testers / other people who might run into the problem.

 

Hey, I just wanted to say that I ran into this issue. Thank you Unity team for dealing with Microsoft to fix it. I got a lot of bug reports from users about this..

 

Yup. it happened when I wrote the post.

 

Hey, I just got this now, any word when Microsoft will have the update ready?

 

Update: The update works now. Thank you for the support

 

We had this issue two weeks ago with our build and then it resolved itself, however it's popped up again. I've triple checked that our definitions have been updated as of 2/13, but Windows Defender is still nabbing it as malware. Any more information about this?

 

Ack - I tried submitting but their site keeps timing out on file upload despite being under 10MB. Will try other methods.

 

FWIW: This just started happening for us as well today, out of nowhere. Windows defender started flagging all of our .exes as malware and then eventually it flagged player_win and deleted it. We are legally prohibited from sending a build out, but I wanted to give any information we could to possibly help the cause.

Using Unity 5.5.1f1
Window Defender definitions were updated today (morning of February 14th)

Cheers!

EDIT: I managed to fix this issue. Though I will say it's very odd. We uninstalled Unity, then to be safe checked for virus definitions updates 5 times in Windows Defender. It kept saying it was up to date BUT on the 5th or 6th try, the definitions randomly updated again, to what appears to be the same update we already had. (no clue what that was about) When we re - installed Unity,everything worked fine.

So I'm wondering if Defender is having trouble updating for some people. For example saying it's updated when it's not. It might explain some of these issues. and the randomness of the problem showing up also leads me to believe it is WD definition problem. Just my two cents!

 

We're experiencing the same issue when building from Unity 5.5.1f1 - though in our case it's flagging it as Detplock.

 

Has your player_win file been flagged as malware yet or can you still build an executable?

EDIT I see you've already lost your player file, so, when did you update your virus definitions last?

 

They'd updated within the past day - not sure exactly what time, but it was before the failed build attempts. Windows Defender said it's up to date, etc.

Edit: I've been able to grab another copy of the quarantined file from a different computer, so I'll try that out and let you know how I go later on.

 

In the meantime, in case it helps any one; I was able to complete a build by replacing the quarantined file with a copy from another computer, and disabling WD during the build.

 

Today I had virus problem installing the Unity 5.5.2f1 version.
Free Avira Antivirus found the TR/Crypt.XPACK.Gen inside file UnityExampleProjectSetup.exe.

It is a false positive or there are really a problem?

Thank you for help

 

Yes, i got it from this page: https://store.unity.com/download?ref=personal
Then the installer downloaded some executable files and then executed them.
Avira put UnityExampleProjectSetup.exe in her quarantene folder where I repeat the test and Avira confirm .TR/Crypt.XPACK.Gen.

It's possible to dowload again this specific file only?

 

I dowloaded it, no problem for Avira.
Maybe was a problem of "man in the middle"? I don't know.
I will write updates here if other problems of this kind will happen again.

Thank you for you kind help

 

Opening the example in Unity alert me that this is an older version (5.5.0b10) than the editor (5.5.2f1), but after clicking "Continue" it work well.

 

I had the same issue happen to me. Windows 8, PC build. SmartScreen claims "Unknown Publisher". Unity version 5.5.2f1, does have custom icon. This is quite embarrassing.

 

FYI, Windows Defender began flagging the Unity Player executable from our game as Vundo.gen!D starting on Monday. We hadn't updated the game on Steam since January, but we had numerous reports from users that is was happening. We contacted Microsoft, were directed to use the same submission link above, and the problem was resolved within 24 hours, with the following note from their support engineer:

The signature fix was added (3/21/2017 8:01:31 PM)

Add Exception:Vundo.gen!D attribute to fix FP on memory detection of a Unity file.
sample: 759f4883620bb44d46b774c651235d9a5c6f8995

It's not detected anymore as of Signature Version 1.237.1811.0

 

Happened again today

 

5.4.3

 

Yes f1
https://www.dropbox.com/s/y105hdw4hoxk8uv/Screenshot 2017-04-05 23.57.40.png?dl=0

 

This started happening to us as well yesterday.

Our cloud build gives the false positive Vundo alert. I've managed to pin-point quite exactly when the issue occurred on https://developer.cloud.unity3d.com/ as the the build between one that worked and one that didn't is like 20 minutes. It was ~17h ago, using Unity 5.4.3f1

Worst part is... we are scheduled to release our game today.

windows defender screendump:
https://ibb.co/daGZ0a

 

Any updates or eta on this?

Or perhaps anything we can do as a workaround?

Edit:
Found workaround as mentioned previously. removed our custom icon as that was causing the issue.

 

Can confirm that removing the custom icon fixes the false malware alert from MSE. My team is using 5.4.3f1 (x64) on Win7, and it started getting false alerts for "Trojan:Win32/Vundo.gen!D" last week (probably earlier, but we only noticed then). Weirdly enough, the problem only occurs with the x86 build -- when we build for x86_x64, no alarm is triggered, even with the custom icon enabled. This will be our workaround from now on, although I do hope for an official fix for this.

 

Getting a threat alert from Windows Defender on Windows 10.

Trojan:Win32/Mulrolu.C!cl
Alert level: Severe

Affected items:

mono-boehm.exe
mono-sgen.exe
mono.exe​

Affected releases:

5.6.1p3
5.6.1p4
5.6.2f1
​

update: no alerts with this morning's threat definition update ^^

 

Well, that happened again. This time when trying to send to someone I don't know (which makes the whole experience a bit embarrassing).

Anyway, here is the build i've sent him (it's temporary for 30 days but should suffice):
https://ufile.io/2ctze

Again, windows 10 - got an alert from windows defender.

 

Ok just ran into the same issue here with Windows Defender on Win 10 also getting Trojan:Win32/Vundo.gen!D

Any progress on fixing this problem?

Edit: This only occurs when I set the custom icon in the Player Settings (Build Window)

 

An easy Simple solution is to move your project outside of your documents folder move it to something like this "c;\projects\unityWorkspace". Defender detects changes to to system folders creating a folder somewhere wont trigger the change event monitor.

 

Hello,

I just wanted to throw it out there that I updated to 2018.2.8f1, not long after I did that Malwarebytes took hold of Unity and locked it out from access. I went back and excluded the whole Unity folder and of coures, it was fine after that, I just wanted to make sure it was known.

Thanks,
-MH

 

Thanks for the reply. I went from 2018.2.7f1 to 8f1 and I just downloaded it through the hub.

 

The Unity setup is riddled with Trojans and this is todays update

 

Please Does Anyone Know What Is Happening About This Malware PROBLEM?

 

I know this is an older post but it still occurs sometimes. The best thing you can do is 1, click on Windows Defender and go to Virus protection. Select Ransomware and where it says controlled folder access simply switch it off. This eliminated a lot of headaches with the program because you are disabling that feature from messing with your build settings. Simply use other programs for protection against such things like another anti-maleware provider. You wont get all these different files being red flagged and auto encrypted automatically.

 

Hey I recently hit this issue on a internally distributed app which was zipped up. Do I just need to specify a publisher to avoid the issue?