what file did it delete?
there is no key logger inside mp, apart from shortcut keys.
It is common for A/V software to detect false positives in new installations, thus the instructions usually suggest you disable your antivirus scanners during setup.
I ran Windows Defender yesterday morning with MP 1.3.28 installed on my PC and it did not detect the mentioned Trojan.
I updated to MP 1.3.31 yesterday afternoon after running Windows Defender and the download was not blocked.
I am presently running Windows Defender on my PC to see if it detects the mentioned Trojan, if it is there, since I updated to MP 1.3.31.
just FYI, Windows Defender is about the weakest/most allowing AV available, while Kaspersky is the opposite, and blocks just about anything new.
So basically, windows defender isn't a good test of whether or not something will throw up a red flag.
The latest version of Windows Defender is pretty robust according to recent reviews and is updated every night on my PC.
I found Norton to be one of the most obnoxious pieces of antivirus crap that I have ever used. Norton even blocked downloads from its own website when I used to use it in the distant past.
As I said, I had to disable Kaspersky to get the update; with Kaspersky off, Mission Planner updated and ran fine. But during the night when Kaspersky performs a virus scan, it identified and deleted this file: BaseClassesNET.dll. According to Kaspersky, within this file is: Trojan-Spy.MSIL.KeyLogger.bzam.
How will the deletion of the "BaseClassesNET.dll" file from the "C:/Program Files (x86)/Mission Planner/" sub-directory effect the performance of Mission Planner?
the source code
the library is for talking to windows directshow.
Although I'm not currently using it, I have used Kaspersky in the past and it is a very popular anti virus program.
Way less obnoxious than Norton (what isn't) and even less of a pain than McAfee.
It comes free for a year on many Dell computers and there are hundreds of thousands of users.
Unfortunately, I think this means you can't ignore it and will either need to modify that module so it doesn't trigger Kaspersky's defenses or you will need to contact Kaspersky to get them to stop false triggering on it.
Obviously, some portion of the internal code bears a significant resemblance to the the "detected" virus and that is why they are deleting it.
It likely has nothing to do with it actually being the virus, but they are looking at machine code and it is entirely possible for a section of legitimate code to mimic a known evil chunk of code.
It would probably be simplest to just modify the order of elements in the DLL and recompile, there is a good chance that the code will be changed sufficiently to pass through Kaspersky without a false detection.
At worst you might need to move some of the elements to a separate DLL.
Just a thought.