Forum › Forums › Discussion › 6.4 Miqobot download shows virus detected
This topic contains 17 replies, has 9 voices, and was last updated by NepNep 1 year, 6 months ago.
-
AuthorPosts
-
June 7, 2023 at 7:10 pm #40266June 7, 2023 at 7:12 pm #40267
Yes, this always happens with every new version release.
False Positive is a bug in antivirus, but since we have no affiliation with antivirus vendors and have no access to their source code we can not help them fix it.This is why there is a special entry in our FAQ section.
Even if you did not experience this problem before, it doesn’t mean that you never will. Antiviruses are updated often and each update has a chance to introduce a new false positive bug.
We highly recommend to report this behavior to your antivirus vendor.June 7, 2023 at 7:13 pm #40268Same. Shows that there’s a trojan in there. Windows Defender won’t even let me override the warning, which in and of itself is a red flag.
Attachments:
You must be logged in to view attached files.June 7, 2023 at 7:40 pm #40270Just whitelist it and move on. Always happens after every patch: https://miqobot.com/forum/forums/topic/virustrojan-win32wacatac-bml/
June 7, 2023 at 8:33 pm #40275June 8, 2023 at 4:19 am #40277I’m sorry but no, things aren’t identified as a Trojan unless they meet specific criteria. Windows Defender and other Virus scanners don’t flag things unless the things embedded within the code match known threats.
The specific trojan being reported with this release of Miqobot indicates key logging, backdoor access to the PC and remote installation of software capabilities. There are a ton of apps on the internet that do key logging without being classified as a trojan. Whatever approach they’re using that is indicating potential remote access to the systems is a huge red flag. Or at a minimum provide a technical reason on what they are doing, how they are doing (without giving away proprietary information) to help.
Developers staying quiet on the issue and the community pushing for people to just “whitelist and move on” is how bot nets are formed across the internet. It happens all of the time with trusted software. I won’t renew my license without the code being changed to be less intrusive or the developer openly share what’s going on to cause it.
June 8, 2023 at 5:29 am #40278Oh no nobodys forcing you to buy anything. Its just that this issue is so old and has been talked over so much that its getting boring. Devs answered this openly probably a hundred times by now and you can do a quick search on forum to find the answers you need: https://miqobot.com/forum/forums/search/virus/
And in case you havent been following the news. Miqo devs are from Ukraine, they are living in a war zone. They stopped changing the code on the day Russia invaded. The bot is currently on life support. Miqo devs are keeping it alive only because there are people who still need it and dont want it to die. And im pretty sure they wont bother going out of a bomb shelter just to force one more player to renew a license.
June 8, 2023 at 5:34 am #40279Thank you for your opinion very much.
Miqobot Team is already doing everything possible to alleviate the issue with antiviruses.We always inform antivirus vendors about False Positives, and Miqobot project is also subscribed to premium VirusTotal services that send automatic notifications to them.
If you upload Miqobot to VirusTotal, you may notice that our executables are published in the VirusTotal Monitor collection:
https://www.virustotal.com/gui/file/d80f91b000bce773233c41b4808a384f0bbbf0d993117755c0d8728e907a32cfHowever, we have no affiliation with antivirus vendors and have no access to their source code, therefore we can not help them fix this problem. It’s entirely up to them when and how to address it.
June 8, 2023 at 4:37 pm #40289June 8, 2023 at 4:52 pm #40290Devs answered this openly probably a hundred times by now and you can do a quick search on forum to find the answers you need: https://miqobot.com/forum/forums/search/virus/
I did do a search, every result I looked at (and double checked again this morning) didn’t actually say why. The community says “just whitelist” and the developer said “we can’t get the virus vendors to update their code”. Nothing actually said what specifically the app is doing that would cause a scanner to pick up backdoor risks, how their key logging is working etc. For example – is keylogging happening OS-wide, or is it limited to just the ffxiv_dx11.exe process? If it’s limited to just the ffxiv_dx11.exe process, then I would keep using it no problem. The search results, nor the FAQ, answer things like this.
And im pretty sure they wont bother going out of a bomb shelter just to force one more player to renew a license.
I love the tool, I’ve followed their struggles with the invasion and the challenges they face trying to keep it on life support. Thus why I searched before posting, hoping that in the past they had at least disclosed a technical reason. I wish the devs well and hope they stay safe and the war ends quickly so they can stop fearing for their lives. I don’t think anywhere in my post I said “risk your lives and make this change right now”. I just said I’ll not use it until clarity is provided or code is changed. If they choose to not change it at any point in the future, or choose not to disclose technical reasons like mentioned above, that’s no big deal. To each their own and we move on
Cheers!
June 8, 2023 at 6:03 pm #40291June 9, 2023 at 12:34 am #40292Nothing actually said what specifically the app is doing that would cause a scanner to pick up backdoor risks, how their key logging is working etc
I am not the dev. It’s your call to make, but feature wise it’s somehow reasonable:
Keylogger: You can define hotkeys, for example to toggle combat assist off and on. Or you can create grids, which is an overlay over the game and has hotkeys to create, move, toggle points etc. Which it obviously needs to listen to.
Backdoor: It is communicating with the Miqo Server to check if your license is valid and not used twice, probably during the whole time the bot is open. Plus it updates the memory addresses (and maybe other stuff) the bot needs to read from the game on startup, which of course could be seen as providing a backdoor to execute code from an external source.June 9, 2023 at 9:06 pm #40300I’m sorry but no, things aren’t identified as a Trojan unless they meet specific criteria. Windows Defender and other Virus scanners don’t flag things unless the things embedded within the code match known threats.
The specific trojan being reported with this release of Miqobot indicates key logging, backdoor access to the PC and remote installation of software capabilities. There are a ton of apps on the internet that do key logging without being classified as a trojan. Whatever approach they’re using that is indicating potential remote access to the systems is a huge red flag. Or at a minimum provide a technical reason on what they are doing, how they are doing (without giving away proprietary information) to help.
Developers staying quiet on the issue and the community pushing for people to just “whitelist and move on” is how bot nets are formed across the internet. It happens all of the time with trusted software. I won’t renew my license without the code being changed to be less intrusive or the developer openly share what’s going on to cause it.
It is far more complicated the that.
The reason windows flags Miqo is because of the way it does key presses to emulate human input, to avoid Bot detection in the game.
Any program that reads your keys and can simulate key presses, with out a digital signature from Microsoft is going to get flagged. And Miqo would not be able to get a Digisig from Microsoft given the nature of their software.
This has been a thing since forever with miqobot, the reason why it is showing up more is microsoft is pushing new updates in the past few months that are increasing the level of reading it can detect for those programs access this specfic set of .dll.
Any bot program that simulates key presses is going to trigger this. Peroid. And thats far more preferable then a bot that injects cause those ARE detactable by most games that have basic anticheat.
So sit there and try to slander the bot when you have no basis other then to, what apepars be a troll.
As to why I am responding this way, I am a 6+ years cybersecurity manager, I deal with Windows defender and its systems intergration on a daily basis as a part of enterprise security. It’s also why we typically rely on 3rd party AV because windows applies this new blanket inclusion only via digisig.
Did you know RPG maker also gets flagged on my system because of how it access my GPU drivers? One of the most used single party in home rpg maker tools is now a virus by your logic.
Just because “Microsoft” flags it, doesnt mean they are all knowing. It simply means its doing somehting they would prefer things not to do normally.
Edit: I felt I needed to post this because honestly theres this huge misunderstanding that defender is an AV, and its not, its meant to protect windows first, you second, anything that manipulates windows core .dll makes Microsoft nervous because it can come back to them as an exploit.
June 9, 2023 at 9:15 pm #40304Also one last clarification, Windows classifies threats based on “know action types” that Screenshot showing the Script/Wacatac.H!ml is a falase positive, windows simply places that designation on it because thats the closest thing it can find to what the bot is doing.
June 10, 2023 at 1:40 pm #40308The reason windows flags Miqo is because of the way it does key presses to emulate human input, to avoid Bot detection in the game.
Any program that reads your keys and can simulate key presses, with out a digital signature from Microsoft is going to get flagged. And Miqo would not be able to get a Digisig from Microsoft given the nature of their software.
This. Win 11 defender is overly enthusiastic to put it mildly. It is great for a majority of users in the gen pop, but has caused me so many headaches on the security end.
-
AuthorPosts
You must be logged in to reply to this topic.