ASIO4ALL flagging my antivirus??

[bweezy320]

Please confirm these before moving forward

• I have searched for my issue and not found a work-in-progress/duplicate/resolved issue.
• I have not been informed if the issue is resolved in a preview version of the winget client.

Category of the issue

Installer hash mismatch.

Brief description of your issue

When ASIO4ALL tries to update, saying hashed don't match, but also my antivirus detects a trojan, in the outbound connection to cybersoft.ru

Steps to reproduce

Try to update ASIO4ALL

Actual behavior

Doesn't update. AV is flagged.

Expected behavior

It should update

Environment

Hdh

Screenshots and Logs

[Trenly]

@stephengillie - is this really a Validation-Defender-Error, or is this more of an Area-External? It seems Malwarebytes is the one doing the flagging

[Exorcism0666]

https://www.virustotal.com/gui/file/5fc936fcde5552662ffb3b14f84ab8f1f6a2558270010b141d3453977b79e97b

[bweezy320]

Forgive me, I'm not a dev, just a guy with a computer, so I have NO idea what any of that means. Don't know if it's a false positive but just wanted to report just in case.

…

On Wed, Jan 24, 2024, 10:26 AM ‌ ***@***.***> wrote: https://www.virustotal.com/gui/file/5fc936fcde5552662ffb3b14f84ab8f1f6a2558270010b141d3453977b79e97b — Reply to this email directly, view it on GitHub <#135716 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALAS626HO2NB3AD3TS2VVA3YQEY4LAVCNFSM6AAAAABCE7TSYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBYGQ4DENBXGA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[BinToss]

The SHA256 in https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/MichaelTippach/ASIO4ALL/2.15/MichaelTippach.ASIO4ALL.installer.yaml is outdated or incorrect. The hash of ASIO4ALL_2_15_English.exe at https://www.asio4all.org/downloads_11/ASIO4ALL_2_15_English.exe is b22282d5a2daa646deb624cf461bf4f1dfeda541cc505a6781124275f8c2960d.

EDIT: after looking into this, the issue is that the installer URL is incorrect. The current URL redirects and resolves to https://asio4all.org/about/download-asio4all/ instead of the installer.

---

Correlation =/= causation

The AV issue isn't caused by WinGet nor ASIO4ALL. It's the cybersoft.ru (WHOIS) domain—which is completely unrelated. WinGet, the package for ASIO4ALL, and ASIO4ALL itself make no connections to that domain, so other software on your PC is connecting to Cybersoft.ru.

suggestion:

1. Run notepad as admin
2. In the Open File dialog, paste %SystemRoot%\system32\drivers\etc\HOSTS and press Enter
3. At the bottom of the file, add 0.0.0.0 cybersoft.ru and save changes. This will cause all outgoing connections to that domain to fail.

This is a bandaid fix. You should first check if Malwarebytes logged which application attempted the connection. If it did not (I'm 60% sure it does), then I recommend searching for and installing software that logs network connections, allowing you to determine which software is attempting to connect to the domain. I'm biased towards NetLimiter.

[bweezy320]

Ok, thanks for the response. That's strange because it only happens when that package attempts to update in Winget UI. Also thank you for the suggestion to block the website mentioned. Cheers. Bryan

…

On Thu, Jan 25, 2024, 6:11 PM Noah Sherwin ***@***.***> wrote: The SHA256 in https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/MichaelTippach/ASIO4ALL/2.15/MichaelTippach.ASIO4ALL.installer.yaml is outdated or incorrect. The hash of ASIO4ALL_2_15_English.exe at https://www.asio4all.org/downloads_11/ASIO4ALL_2_15_English.exe is b22282d5a2daa646deb624cf461bf4f1dfeda541cc505a6781124275f8c2960d. ------------------------------ Correlation =/= causation The AV issue isn't caused by WinGet nor ASIO4ALL. It's the cybersoft.ru ( WHOIS <https://www.whois.com/whois/cybersoft.ru>) domain—which is completely unrelated. WinGet, the package for ASIO4ALL, and ASIO4ALL itself make no connections to that domain, so *other software on your PC is connecting to Cybersoft.ru*. suggestion: 1. Run notepad as admin 2. In the Open File dialog, paste %SystemRoot%\system32\drivers\etc\HOSTS and press Enter 3. At the bottom of the file, add 0.0.0.0 cybersoft.ru and save changes. This will cause all outgoing connections to that domain to fail. This is a bandaid fix. You should first check if Malwarebytes logged which application attempted the connection. If it did not (I'm 60% sure it does), then I recommend searching for and installing software that logs network connections, allowing you to determine which software is attempting to connect to the domain. I'm biased towards NetLimiter. — Reply to this email directly, view it on GitHub <#135716 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALAS6256KUAV3F5Z2AMV2STYQLYDFAVCNFSM6AAAAABCE7TSYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJRGIYDCNBXGY> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[bweezy320]

Ok thank you. Will do that

…

On Thu, Jan 25, 2024, 8:31 PM Bryan Walker ***@***.***> wrote: Ok, thanks for the response. That's strange because it only happens when that package attempts to update in Winget UI. Also thank you for the suggestion to block the website mentioned. Cheers. Bryan On Thu, Jan 25, 2024, 6:11 PM Noah Sherwin ***@***.***> wrote: > The SHA256 in > https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/MichaelTippach/ASIO4ALL/2.15/MichaelTippach.ASIO4ALL.installer.yaml > is outdated or incorrect. The hash of ASIO4ALL_2_15_English.exe at > https://www.asio4all.org/downloads_11/ASIO4ALL_2_15_English.exe is > b22282d5a2daa646deb624cf461bf4f1dfeda541cc505a6781124275f8c2960d. > ------------------------------ > > Correlation =/= causation > > The AV issue isn't caused by WinGet nor ASIO4ALL. It's the cybersoft.ru ( > WHOIS <https://www.whois.com/whois/cybersoft.ru>) domain—which is > completely unrelated. WinGet, the package for ASIO4ALL, and ASIO4ALL itself > make no connections to that domain, so *other software on your PC is > connecting to Cybersoft.ru*. > > suggestion: > > 1. Run notepad as admin > 2. In the Open File dialog, paste > %SystemRoot%\system32\drivers\etc\HOSTS and press Enter > 3. At the bottom of the file, add 0.0.0.0 cybersoft.ru and save > changes. This will cause all outgoing connections to that domain to fail. > > This is a bandaid fix. You should first check if Malwarebytes logged > which application attempted the connection. If it did not (I'm 60% sure it > does), then I recommend searching for and installing software that logs > network connections, allowing you to determine which software is attempting > to connect to the domain. I'm biased towards NetLimiter. > > — > Reply to this email directly, view it on GitHub > <#135716 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ALAS6256KUAV3F5Z2AMV2STYQLYDFAVCNFSM6AAAAABCE7TSYOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMJRGIYDCNBXGY> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >

[microsoft-github-policy-service]

Hello @bweezy320,

This issue has been identified as requiring a fix from a third party or external repository. Since there has been no recent activity on this issue, it will be automatically closed.

Template: msftbot/noRecentActivity/areaExternal