Experimenting with a ESP32-C3 SuperMini board, my antivirus program ("SpyHunter") gave me several warnings.
After running a complete scan, I got a Trojan warning : "Trojan.MSIL.Crysan.BB (3 objects)".
The 3 exe files were located as this :
- ....\AppData\Local\Arduino15\packages\esp32\tools\esp-rv32\2511\bin\riscv32-esp-elf-as.exe
- ....\AppData\Local\Arduino 15\packages\esp32\tools\esp-rv32\2511\bin\riscv32-esp-elf-objdump.exe
- ....\AppData\Local\Arduino15\packages\esp32\tools\esp-rv32\2511\riscv32-esp-elf\bin\objdump.exe
What action(s) should I take ?
Thx,
Roland
Malware in ESP32 board files ?
-
lbernstone
- Posts: 1132
- Joined: Mon Jul 22, 2019 3:20 pm
Re: Malware in ESP32 board files ?
Almost certainly a false positive, but I don't think any of those tools are used in a normal compile, so you can quarantine them if you want.
Re: Malware in ESP32 board files ?
In case of Arduino IDE I have to enable "USB CDC On Boot: "Enabled"" or in PlatformIO I have to set : "build_flags = DDARDUINO_USB_CDC_ON_BOOT=1".
This is necessary to make ESP32C3 Serial.print.When the suspected files are not there I get an error and the compile fails.
I would like to keep the print function for debugging ...
Tnx anyway for your quick respons !
Roland
This is necessary to make ESP32C3 Serial.print.When the suspected files are not there I get an error and the compile fails.
I would like to keep the print function for debugging ...
Tnx anyway for your quick respons !
Roland
-
RandomInternetGuy
- Posts: 82
- Joined: Fri Aug 11, 2023 4:56 am
Re: Malware in ESP32 board files ?
The RISC-V assembler is certainly used when compiling/assembling RISC-V code, such as for a C3. Maybe not this specific one, but if you removed it and it quit working, that's pretty compelling evidence that it is.
Either reinstall the (allegedly) corrupted files from the Arduino IDE installation (or your backups), disable the program that's preventing you from doing work on your computer, and/or use an operating system that doesn't think that requiring you to use an additional program generating false positives preventing you from doing work on your computer is a good idea.
I seriously wonder if more productivity has been lost to nonsense from antivirus than from actual viruses.
P.S. When asking for help about "an error," actually providing that error is helpful. Would you tell your mechanic that after it made "a sound," there was "a light"? Telling your mechanic that your car is suddenly sitting in a pool of oil and there's a light that says "low engine oil" is WAY more likely to get a helpful diagnosis that the oil that used to be _inside_ your engine probably isn't...
Either reinstall the (allegedly) corrupted files from the Arduino IDE installation (or your backups), disable the program that's preventing you from doing work on your computer, and/or use an operating system that doesn't think that requiring you to use an additional program generating false positives preventing you from doing work on your computer is a good idea.
I seriously wonder if more productivity has been lost to nonsense from antivirus than from actual viruses.
P.S. When asking for help about "an error," actually providing that error is helpful. Would you tell your mechanic that after it made "a sound," there was "a light"? Telling your mechanic that your car is suddenly sitting in a pool of oil and there's a light that says "low engine oil" is WAY more likely to get a helpful diagnosis that the oil that used to be _inside_ your engine probably isn't...
Who is online
Users browsing this forum: No registered users and 3 guests