-
Notifications
You must be signed in to change notification settings - Fork 838
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Win 10 quarantines an index.php file as being the backdoor:PHP/Dirtelti.HA trojan #1867
Comments
That's why it was removed in #1598 |
tksldk
added a commit
to tksldk/nixpkgs
that referenced
this issue
Mar 26, 2024
Fixes: espeak-ng/espeak-ng#1867 Removes backdoor php file identified by Anti-Virus as severe threat
13 tasks
Windows Defender also alerts to the same virus on the Source Code .zip File. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the tar.gz file for release version 1.51, Windows 10 will quarantine the following file upon accessing it (including unzipping it):
./chromium_extension/index.php
.Windows will identify it as the "backdoor:PHP/Dirtelti.HA" trojan and label it as being a severe threat. The named trojan is a secure shell tunneling vulnerability with rather simple variants being any PHP script that uses
eval()
orecho
.The contents of the
index.php
file, shown below, do not appear to be deliberately malicious and it is otherwise not particularly sinister, but it might be a good idea to rewrite it.I did not even know there was a chrome extension or something, so I don't know if it is critical or not.
In any case, for those who might freak the f*ck out at the Severe Virus Threat Warning, nothing will activate if you simply delete it (if you want) or if you let windows quarantine it.
This
index.php
file is only 324 bytes, but variants of the Dirteli trojan of a similar size seem to either need to access another (presumably larger) file, or to otherwise send a call-home signal.The text was updated successfully, but these errors were encountered: