Can some Dev please try to answer this question?

[meth0d]

When I downloaded the zip file with Honorbuddy no antivirus program alerted me at all, but when I extracted the files from Demonbuddy my Windows Defender popped up and said a Trojan/Malware was detected.

Well, I now know it's a false positive, but if I Google the filename "Trojan:Win32/Skeeyah.C!plock" Google find a lot about this trojan and how to remove it, but if it's a false positive, why does Windows Defender then detect it anyway as Malware? Is there another file in the Demonbuddy files that makes Windows Defender to think it's a real trojan with that Skeeyah.C!plock filename?

But if Skeeyah.C!plock isn't a trojan, and it's only detected as a false positive, why are there then many post on Google with how to remove that trojan?


I'm very sorry if I'm overthinking this, and I will gladly be the first to admit that I'm not super expert on this subject, so that's why I'm asking here trying to understand what is happening.


Thanks for any useful answers.

 

[Tony]

its a false positive,add exceptions if you have issues

 

[meth0d]

its a false positive,add exceptions if you have issues

@Tony yes I know it's a false positive, and thank you very much for your answer, but I was just curious what makes Windows Defender to think Demonbuddy files contains a trojan called Skeeyah.!cplock.

But maybe I should stop thinking sometimes.

 

[junkie1977]

I too was kinda surprised to find out Windows Defender decided to flag DB as this Skeeyah.C!plock. Sure, added it to allowed list and life goes on - until an elite beats my ass.

Seems like some code found for DB is also used for this bad guy, hence the false positive results.

 

[Tony]

@Tony yes I know it's a false positive, and thank you very much for your answer, but I was just curious what makes Windows Defender to think Demonbuddy files contains a trojan called Skeeyah.!cplock.

But maybe I should stop thinking sometimes.

we cant give you more info on this,sorry

what we can tell you is you are safe

 

[TarasBulba]

@Tony yes I know it's a false positive, and thank you very much for your answer, but I was just curious what makes Windows Defender to think Demonbuddy files contains a trojan called Skeeyah.!cplock.

But maybe I should stop thinking sometimes.

DB is a flesh eating virus which eats monsters alive in D3

As a dev, I can tell you it's safe, it's just the code encryption technique that is used in DB which makes some AV software come back with false positive.

 

[TwoCigars]

@Tony yes I know it's a false positive, and thank you very much for your answer, but I was just curious what makes Windows Defender to think Demonbuddy files contains a trojan called Skeeyah.!cplock.

It's a "false positive" due to Windows Defender's analysis of activity on your PC.

WinD thinks that something happening reminds it of a trojan that it is programmed to look for.

The methods that security programs utilize can be simultaneously overreaching and ineffective in this way. (They get false positives on benign programs while failing to catch the latest viruses that were built to circumvent them or ones that they don't know to look for).

There are some decent articles around if you want to learn more about this. Try googling "false positive virus detection" or "how antivirus programs work."
http://science.opposingviews.com/behavioral-vs-heuristic-antivirus-3122.html

Here is a simple video explanation of the "heuristic" ones. Search for similar ones on other specific security topics.
https://www.youtube.com/watch?v=hLdYx1od-0o

If you want to dig deeper, look into modern obfuscation techniques and other things you will learn along the way...