Kaspersky detects KeyLogger within MP

Can someone help me understand why Kaspersky anti-virus identified and deleted a DLL within a recent Mission Planner update that is defined as a KeyLogger. I had to disable Kaspersky for the update to download; I was getting an update failed due to virus protection error; but my night time virus scan found this DLL with the Mission Planner directory and deleted it. Why is it there? Does it matter that it was deleted?Cheers!Pem

You need to be a member of diydrones to add comments!

Join diydrones

Email me when people reply –

Replies

  • Kaspersky advanced settings cause the malware affected files to be deleted directly without giving an option. Which is good for security measures but risky as it might delete certain program files. K7 Antivirus Customer Support can explain more on this topic. The firewall settings also perform certain access blockage.

  • This file is already present in previous versions of MP, but...

    from version 1.3.15 of Mission Planner : the file is 241152 bytes long, and no malware detected (not a single).

    from version 1.3.31 of Mission Planner : the file is 235008 bytes long, and malware detected by 15 antivirus.

    The weird point is that both file are version 1.0.0.6 so they should be exactly the same.

    It should be noted that this file is not developed by Michael Oborne, but by "Maxim Kartavenkov aka Sonic 2012". Who is probably someone reliable, but it's just to understand that it's a dll imported into the project, not a development from Michael so who knows what's really inside.

    PS : I didn't compare to all versions of MP, but I had version 1.3.15 laying around, it could be interesting to compare with other versions too.

  • I am using MalwareBytes and Avast here and no report of infection have been found coming from the Mission Planner directories. Furthermore, I am using the latest version of the Mission Planner on my PC. As it has been mentioned previously, it must be a false positive. 

    Also, that .DLL file must have a certain line of code that is causing the AV to trigger it as a Trojan or Malware. If I were you, I would just report it to Kaspasky as a false positive.

  • Developer

    Hey Michael
    This must be what is going on with the false alarm :)

    http://www.torontosun.com/2015/08/14/antivirus-firm-kaspersky-faked...

  • Developer

    I have removed this dll from the current release of MP.

    it is no longer part of the MSI, or the zip, and will not be downloaded as part of the update process either.

    • Michael,

      Thanks. I was able to update two Win 7 pro computers to without Norton saying anything. However, on the Win 8.1 tablet it's a different story. I uninstalled MP to get a clean start, then did a new install from planner.ardupilot.com this morning. Norton complained about baseclassesnet.dll again and deleted it but did not complain about ardupilot.com. Is there a delay between you posting it to http://firmware.diydrones.com  and it getting used by the installer on ardupilot.com or perhaps a difference between a new install and an update? The build numbers are the same - 1.3.31 build 1.1.5696.33420

      The drivers also failed to install but I'm still looking at that. I suspect it's because they were already there.

      • Developer

        drivers are failing because of a Linux/windows line ending issue

  • This reply was deleted.
    • The same thing happened to me last night when I tried to update MP to the latest Beta release. It found that baseclassesnet.dll was a “Trojan.Gen.2 with “High” severity. In addition to deleting the dll it marked “http://oborne.me/MissionPlanner/upgrade//MissionPlanner.exe?881085803” as having a “bad” reputation.

      I don’t think you can completely dismiss this as a false positive. There are plenty of individuals, groups, and nation states that might think that it would be amusing or in their national interest to take control of a drone or keep track of drone activity first hand. The perceived threat of a surveillance drone or kamikaze drone violating controlled airspace near an airport or government installation is enough reason for many governments to attempt to put a Trojan into the computers of the pilots. It would enable them to scan flight logs and report back violations or look for specific gps coordinates that match specific incidents.

      It doesn’t really matter if oborne.me is on a server with a secured and updated OS and web server, if a group or nation state really wants to compromise it they will find a way. I think whatever solution is found for this problem should not involve turning off virus and malware checking programs. They may not be perfect but they have prevented lots of infections.

This reply was deleted.

Activity

DIY Robocars via Twitter
RT @chr1sa: Just a week to go before our next @DIYRobocars race at @circuitlaunch, complete with famous Brazilian BBQ. It's free, fun for k…
20 hours ago
DIY Robocars via Twitter
How to use the new @donkey_car graphical UI to edit driving data for better training https://www.youtube.com/watch?v=J5-zHNeNebQ
Nov 28
DIY Robocars via Twitter
RT @SmallpixelCar: Wrote a program to find the light positions at @circuitlaunch. Here is the hypothesis of the light locations updating ba…
Nov 26
DIY Robocars via Twitter
RT @SmallpixelCar: Broke my @HokuyoUsa Lidar today. Luckily the non-cone localization, based on @a1k0n LightSLAM idea, works. It will help…
Nov 25
DIY Robocars via Twitter
@gclue_akira CC @NVIDIAEmbedded
Nov 23
DIY Robocars via Twitter
RT @luxonis: OAK-D PoE Autonomous Vehicle (Courtesy of zonyl in our Discord: https://discord.gg/EPsZHkg9Nx) https://t.co/PNDewvJdrb
Nov 23
DIY Robocars via Twitter
RT @f1tenth: It is getting dark and rainy on the F1TENTH racetrack in the @LGSVLSimulator. Testing out the new flood lights for the racetra…
Nov 23
DIY Robocars via Twitter
RT @JoeSpeeds: Live Now! Alex of @IndyAChallenge winning @TU_Muenchen team talking about their racing strategy and open source @OpenRobotic…
Nov 20
DIY Robocars via Twitter
RT @DAVGtech: Live NOW! Alexander Wischnewski of Indy Autonomous Challenge winning TUM team talking racing @diyrobocars @Heavy02011 @Ottawa…
Nov 20
DIY Robocars via Twitter
Incredible training performance with Donkeycar https://www.youtube.com/watch?v=9yy7ASttw04
Nov 9
DIY Robocars via Twitter
RT @JoeSpeeds: Sat Nov 6 Virtual DonkeyCar (and other cars, too) Race. So bring any car? @diyrobocars @IndyAChallenge https://t.co/nZQTff5…
Oct 31
DIY Robocars via Twitter
RT @JoeSpeeds: @chr1sa awesomely scary to see in person as our $1M robot almost clipped the walls as it spun at 140mph. But it was also awe…
Oct 29
DIY Robocars via Twitter
RT @chr1sa: Hey, @a1k0n's amazing "localize by the ceiling lights" @diyrobocars made @hackaday! It's consistently been the fastest in our…
Oct 25
DIY Robocars via Twitter
RT @IMS: It’s only fitting that @BostonDynamics Spot is waving the green flag for today’s @IndyAChallenge! Watch LIVE 👉 https://t.co/NtKnO…
Oct 23
DIY Robocars via Twitter
RT @IndyAChallenge: Congratulations to @TU_Muenchen the winners of the historic @IndyAChallenge and $1M. The first autonomous racecar comp…
Oct 23
DIY Robocars via Twitter
RT @JoeSpeeds: 🏎@TU_Muenchen #ROS 2 @EclipseCyclone #DDS #Zenoh 137mph. Saturday 10am EDT @IndyAChallenge @Twitch http://indyautonomouschallenge.com/stream
Oct 23
More…