About a month ago, I used PyInstaller and Inno Setup to produce an installer for my Python 3 script. My AVG Business Edition AntiVirus just started complaining with today's update that the program has an SCGeneric Trojan Horse in the main .exe file used to start the program (in the folder created by PyInstaller that has all of the Python "guts"). At first I just thought it was a false positive in AVG, but submitting the .exe file to VirusTotal I get this analysis:
https://virustotal.com/en/file/9b0c24a5a90d8e3a12d2e07e3f5e5224869c01732b2c79fd88a8986b8cf30406/analysis/1493881088/
Which shows that 11 out of 61 scanners detect a problem:
TheHacker Trojan/Agent.am
NANO-Antivirus Trojan.Win32.Agent.elyxeb
DrWeb Trojan.Starter.7246
Yandex Trojan.Crypren!52N9f3NgRrY
Jiangmin Trojan.Agent.asnd
SentinelOne (Static ML) static engine - malicious
AVG SCGeneric.KTO
Rising Malware.Generic.5!tfe (thunder:5:ujHAaqkyw6C)
CrowdStrike Falcon (ML) malicious_confidence_93% (D)
Endgame malicious (high confidence) 20170503
Zillya Dropper.Sysn.Win32.5954
Now I can't say that these other scanners are ones that I have heard of before... but still I'm concerned that it is not just AVG giving a false positive.
I have submitted the .exe file in question to AVG for their analysis. Hopefully they will back off on whatever it is that they thought they were trying to detect.
Is there anything else I can do with PyInstaller to make it so that the .exe launcher that it created won't be considered a Trojan?
I was always getting some false positives with PyInstaller from VirusTotal. This is how I fixed it:
PyInstaller comes with pre-compiled bootloader binaries for different OSs. I suggest compile them by yourself on your machine. Make sure everything is consistent on your machine. For Windows 64-bit, install Python 64-bit. Download PyInstaller 64-bit for Windows. Make sure Visual Studio (VS) corresponding to your Python is installed, check below:
https://wiki.python.org/moin/WindowsCompilers
Compile the bootloader of PyInstaller on your machine with VS. It automatically updates the run.exe, runw.exe, run_d.exe, runw_d.exe in DownloadedPyinstallerFolder\PyInstaller\bootloader\Windows-64bit. Check below for more info on how to compile the bootloader:
https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html
At the end, install PyInstaller. Within the PyInstaller directory, run
python setup.py install
I was able to submit the file in question to AVG's "Report a false detection" page, at https://secure.avg.com/submit-sample. I received a response back fairly quickly (I can't remember exactly how long, but it was less than a day) that they had analyzed my file and determined that it did not have a virus. They said that they had adjusted their virus definitions so that it would not trigger a false positive anymore. I updated my definitions and it was still triggering, so I contacted them again with my virus definition version, and I heard back that the version I had wasn't high enough - I think there was some delay on my definitions because I get them from a local server. But within a day I had the right version of the definitions and the false positive didn't trigger anymore.
So if you have a false positive with AVG, I would recommend this solution - fairly quick and easy to get a resolution to the problem.
I puzzled over this question for two days and finally found a problem with my application. The issue was with the application's icon.
Example for tkinter:
root.iconbitmap('./icon.ico')
When I removed this line of code, the false-positive Trojan was gone.
Also, make sure not to use --icon dependency when you are converting your .py file into .exe. Otherwise, this will cause the same false-positive Trojan detection.
I faced same issue for my small document register project code.
My temporary solution was to allow the app in windows defender and
other solution was to use the command pyinstaller filename.py instead of pyinstaller --onefile filename.py.
I dont know if it is correct. But it worked for me.
I searched many blogs for weeks. But I found nothing..
Today I found a way to convert py to exe without any virus errors.
Virus Total Report
So in this method you do not need to send any reports.. Actually It is very simple.
You need to install a module named Nuitka.
python -m pip install nuitka
Then you need to open command from from the file path. And use the command;
python -m nuitka --mingw64 filename.py
And that's all.
You can use the command
nuitka --help
You can find more at - Nuitka Guide
I had this same problem using python 3.8.5 and pyinstaller 4.5.1
In my case the first exe build was accepted by the antivirus (Windows Defender) but subsequent builds were flagged as having a trojan.
I solved it by using the pyinstaller --clean option every time I built the executable
Reverting back to PyInstaller 3.1.1 from 3.4 resolved similar issues on my end (at least temporarily).
As #boogie_bullfrog told, reverting to a previous version could be a solution. However I used *.spec file to store some data (like pictures and icons). I had the latest 3.5 version (August, 2019) and moving to 3.1.1 caused error when app was compiled (probably due to supporting Python 3.7).
So right now the easiest solution is to downgrade to 3.4
It supports specs from pyinstaller 3.5 and the onefile-app wasn't detected by Windows 10 built-in firewall
What I did was to solve this(make exe files non detectable as virus) was to downgrade pyinstaller by typing in cmd: pip install pyinstaller==4.1.0
And by the way it didn't work on 3.4.0 so I just randomly picked that version(4.1) and its pretty good looking so far :>
I'm pretty sure that it works on more than only that one version but that i experienced personally
Recompile and then reinstall your Pyinstaller bootloader manually.
This was a problem I had for a while, and my friend and I figured out this resolution with the help of many others. It almost always works to resolve the issue.
I posted the specific steps on my medium blog. Shared the link below, but the basic steps are as follows
Purge Pyinstaller Files within your Project and Rebuild
Uninstall Pyinstaller
Build a Pyinstaller Bootloader with your Compiler
Install the newly compiled Pyinstaller
Re-build your EXE with Pyinstaller, and make sure it’s not being be flagged as a virus
How to Resolve the Python Pyinstaller False Positive Trojan Virus
Part 1. Manually Compile your Pyinstaller Bootloader
Part 2. Working with Anti-Virus Developer(s)
I had a similar problem with a pyinstaller exe under Windows. Avira put that file into quarantine since it was considered potentially dangerous (due to heuristics, which means that some segments look typical for a virus, but no virus is actually found).
Keep in mind that the exe files you generate yourself are unique (as a consequence, the Avast scanner usually returns a message "you have found a rare file, we are doing a quick test", and delays execution for 15 seconds to perform a more thorough test).
My solution consists of some steps:
I have uploaded the exe to https://www.virustotal.com/gui/home/upload to check it with many scanners. If just one or two are detecting a virus, you should be on the safe side.
In order to make your local virus scanner accept the file, you can manually accept it for your computer, but this does not solve the underlying problem, so on other computers it would still be flagged as a virus.
Therefore I reported the file as false positive to Avira, which can simply be done by sending it by email. Other scanners have similar feedback lines. I got a feedback by email within one day that it is ok, and the scanner on my pc agrees with this now. Hope that this helps with the next iterations of my exe so that it stays clean.
Had the same problem today. Win8.1 would keep flagging .exe as virus. Updated to pyinstaller 5.7.0 but the issue persisted. Uninstalled pyinstaller 5.7.0 and did a fresh install. Strangely, Win8.1 isn't complaining anymore!
I am new to using git and currently employ the following combination:
Git-Gui v.0.20
R-studio 0.99.489
R 3.22
Bitbucket code repository
Windows 7
Until recently this combination worked fine for pulling and pushing code to the repository. But now I cannot push modified code anymore nor commit it in R-studio.
In R-studio, modified code is marked by a blue M with a checkbox next to it. I cannot check this box for staging, committing and pushing anymore. It literally does not check and react when I click on it.
When I create a new code sniplet which shows as yellow question mark ? I can check and push it, but modified versions cannot be checked anymore.
I have already deinstalled git and R-studio and re-installed but the problem persists. I also created a new repository but the problem occured in the new repository as well. I am a bit clueless where to start looking for a soluation and a web search did not yield many results except this discussion here, which I cannot fully follow because it perhaps does not apply fully to my problem. In any case when I give
> Sys.which('git')
R returns:
git
""
I would appreciate advice where to go from here.
I found an answer to my question. It is a bug in RStudio, albeit not a very well documented one.
When there is a space in the .R file name, it is not possible to push the file through git. Removing the space solves the problem.
See here for an official comment on the Rstudio board dating February 2015. I am using the most recent version of Rstudio and it is not yet fixed there.
Try if the issue persists with:
the latest git for Windows unzipped anywhere you want: PortableGit-2.6.3-64-bit.7z.exe
its path added to %PATH%:
set PATH=%PATH%;C:\path\to\PortableGit-2.6.3-64-bit\bin
its path declare in R-Studio C:\path\to\PortableGit-2.6.3-64-bit\bin\git.exe
R-Studio itself launched from a CMD session where %PATH% already references git.
When I first uploaded the basic LAMP stack from Bitnami, it was just one .run file. I first was making the mistake of not writing it like this:
./bitnami-lamp-stack.run
Note, full file name was longer, obviously. So, then to install WordPress, there is a native installer. So, I uploaded that, just as instructed. Made it executable. Then ran
./bitnami-wordpress-module.run
Note, again, the actual fine name was different. So, the second command, should find the bitnami installation and add WordPress. Strangely, it just returns immediately without doing anything. I tried it with an without sudo, as I had given read and execute permission temporarily. It just throws me back at the command prompt having done nothing.
I even tried running it from the same directory as where the lamp stack is installed. I am baffled by this and stumped. One idea did come to mind... Maybe I need to add the bitnami lamp stack location to the path. It doesn't seem to require that but who knows.
This is on Ubuntu 14.04.
Thanks in advance for any help,
Bruce
My understanding is that you already have the Bitnami LAMP properly installed and you have troubles installing the module on top of the LAMP. Could you run the module installer with the following option?
./bitnami-wordpress-module.run --mode text
Could you also try to download again the module from the bitnami page and check the md5 of both installers? You can check it with the following command:
md5sum /path/to/installer
I've been trying to install Meteorjs on windows but error occurs. I already tried downloading another installer and restarting my computer but it doesn't work. It always pops 'failed to contact install server. Please try again' then displays the message 'One or more issues caused the setup to fail. Please fix the issues and then retry setup. For more information see the log file.'
Under that it displays '0x80070643. Fatal Error during installation.'
what to do with this?
One option is to run meteor preview for windows. Believe it is a standalone copy of meteor 1.1
https://github.com/meteor/meteor/wiki/Preview-of-Meteor-on-Windows
(this doesn't address the issue of connecting to server though because when you try to create a meteor account you get a similar error).
there definitely is a way to install through command line on windows (which annoyingly I can't remember from my other machine). Perhaps through npm...
Try to run the package as administrator.It works!
Try this guide.
Download .zip, then unzip and set path environment variable.
Recently I updated my RStudio Desktop for Windows to the latest version 0.98.953. When running a previously working script accessing data stored on a mapped network drive (university personal file store), error occurred saying the specified path did not exist, which was not true - the directories and files were all accessible from Windows Explorer.
Further investigations showed that there were crosses on the concerned drive icons in RStudio's File - Open File... dialogue box. However, using dir() to display these files in the native R GUI was OK, suggesting that it was a problem of RStudio's. I have uninstalled, reinstalled RStudio and updated to the latest Version 0.98.1006 but the problem persisted.
I searched the RStudio community forums but only found one similar case reported (https://support.rstudio.com/hc/communities/public/questions/200655286-RStudio-can-t-see-my-network-directory?locale=en-us) and no practical reply. Could anyone with similar experience help me with this?
Many thanks in advance!
I faced a similar problem with Version 0.98.1074 and also with eclipse:
http://www.eclipse.org/forums/index.php/t/612569/
My (increasingly annoying) workaround is to manually open the mapped network drive, which works for both eclipse and RStudio. After initialization accessing files from the mapped network drive works perfectly.
Best regards