Virus report, maybe misinformation? about vanara HOT 2 CLOSED

@greatfirewall
There is a chance that your copy is corrupted.

Vanara.PInvoke.Kernel32 is a signed Nuget. You can verify its integrity using the NuGet Verify Command.

If your copy is corrupted, it is likely that your system is compromised with malware that is infecting files.

We can download the package via https from https://www.nuget.org/api/v2/package/Vanara.PInvoke.Kernel32/2.1.0, by giving the url to virusl total (so, they download and scan the file without passing our potentially compromised system), I got this report: https://www.virustotal.com/#/url/b5a17db6446da9773e26c45f4dcceb2b1a1a081b7eea49487072f48810d099cd/detection (clean).

VirusTotal computes the hashes of the file:

MD5: eba2e1e1012b45b007d969c6030d5f9e
SHA-1: a005f6714ed68c732e0865190dc4cfd187526f90
SHA-256: cadd4aaa142da6e11ca6ae7c8cd3c7f701a3af8b49ae832383704eceeb7cc552

I also downloaded the package to my machine, and verified that the hash match (meaning that it was not compromised by entering my system, you can do the same check in your system), then I extracted it, looked for vanara.pinvoke.kernel32.2.1.0\lib\net45\Vanara.PInvoke.Kernel32.dll and uploaded it to VirusTotal. This is the report: https://www.virustotal.com/#/file/b2626685ebca72f27462df0408800d1db52f6600c6e6256f17f7487bba9a8b4b/detection (no malware detected).

VirusTotal also computes the hashes of the file I uploaded (which you can use as an alternative way of verification):

MD5: 3d01f7cd0ae21e09580ba0c41da57377
SHA-1: 553b8d57130bdab7ed20089675621bccaea8e1c5
SHA-256: b2626685ebca72f27462df0408800d1db52f6600c6e6256f17f7487bba9a8b4b

You can verify the hashes of your file, if they do not match, your copy is corrupted.

As per your system probably being compromised, I suggest to:

• Make sure your system and malware definitions is up to date
• Run - at least - your Windows Defender quick scan
• You can use sfc /scannow to find and repair any corrupted system files
• If it fails, you can use DISM.exe /Online /Cleanup-image /Restorehealth then repeat sfc /scannow, also check for updates again after it finishes.

You might also be interested in AutoRuns and Process Explorer from the Sysinternals Suite (from Microsoft). They can be configured to automatically verify digital signatures and verify with VirusTotal. AutoRuns will find all software that can start automatically (no, the list in task manager is not comprehensive), and Process Explorer does the same for currently running software. They will not upload files without your input, instead they will say "unknown" and you would have to tell it to upload the files at your own discretion. By the way, there is maximum file size (256MB as far as I know). They will need administrator privileges to be able to see software that starts from another user (which is something that malware can do programmatically).

from vanara.

I permit it, and remove it, then redownload from vs nuget manager, no alert again, thanks.

from vanara.