Windows Defender reports Sheepshaver as Malware

About SheepShaver, a PPC Mac emulator for Windows, MacOS X, and Linux that can run System 7.5.3 to MacOS 9.0.4.

Moderators: Cat_7, Ronald P. Regensburg, ClockWise

Post Reply
Paul D
Space Cadet
Posts: 1
Joined: Fri Aug 17, 2018 8:20 pm

Windows Defender reports Sheepshaver as Malware

Post by Paul D »

I downloaded a Sheepshaver for Windows build from Columbia University:

http://www.columbia.edu/~em36/macos9win.html

When I run it, Windows Defender reported it as Malware (Bitrep.A).

Anyone else had this?
Is it a false positive?
emendelson
Forum All-Star
Posts: 1706
Joined: Tue Oct 14, 2008 12:12 am

Re: Windows Defender reports Sheepshaver as Malware

Post by emendelson »

As I said in a private e-mail to Paul D., if you don't trust my software, just don't use my software. It's as simple as that.

I don't expect anyone to take my word when I say the software is clean. Upload it to VirusTotal.com and let the experts test it.
User avatar
adespoton
Forum All-Star
Posts: 4226
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Windows Defender reports Sheepshaver as Malware

Post by adespoton »

Do you have the SHA1 or SHA256 hash for that file? Bitrep appears to be detecting on a class of installers that drop and execute malware as part of an attack chain. The ones I've seen appear to be trying to install malware that captures credentials from point of sale and online credit card transactions.

[edit] If this is emendelson's bundle, it's highly unlikely to be a TP. Best to submit it to Microsoft as an FP.

Submitting it to VT may have a cascade effect, as some vendors will see that MS has detected the file and detect it as well, which will cause further vendors to consider it malicious. So getting all vendors to clean up at that point may take a while.
emendelson
Forum All-Star
Posts: 1706
Joined: Tue Oct 14, 2008 12:12 am

Re: Windows Defender reports Sheepshaver as Malware

Post by emendelson »

It seems that someone submitted the file to VirusTotal.com on 22 July. Here are the results:

https://www.virustotal.com/#/url/0e6a85 ... /detection
emendelson
Forum All-Star
Posts: 1706
Joined: Tue Oct 14, 2008 12:12 am

Re: Windows Defender reports Sheepshaver as Malware

Post by emendelson »

The original poster took the trouble to send me an e-mail telling me he had decided not to use my system after all, because he got another malware warning from him. I urged him to delete the software and not to think about it again, because I didn't see any point in wasting time trying to convince someone to use something he doesn't trust.

However, what may have produced that warning is this: I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.
User avatar
adespoton
Forum All-Star
Posts: 4226
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: Windows Defender reports Sheepshaver as Malware

Post by adespoton »

emendelson wrote:I wrote my Windows-based launcher for SheepShaver in the AutoIt scripting language, and some anti-virus programs (Avast, Avira, Webroot, at different times) simply treat all AutoIt-based programs as dangerous, because script-kiddies used AutoIt to create malware in the past. There's nothing to be done about this except to get a better antivirus program.
Ah; that explains it. Trust me: it's not just script kiddies using it in the past; there are thousands of malware files pumped out each day that use AutoIt despite the fact that most spammers have moved on to using powershell finally.

AutoIt is best used for internal tools.
emendelson
Forum All-Star
Posts: 1706
Joined: Tue Oct 14, 2008 12:12 am

Re: Windows Defender reports Sheepshaver as Malware

Post by emendelson »

adespoton wrote:AutoIt is best used for internal tools.
If I knew how to use anything else, I would! AppleScript and AutoIt are more or less my limits.
Post Reply