[1.1.1 & 1.1.2] Windows Defender: reports "Trojan:Win32/Skeeyah.H" with jython.jar and sikulix.jar --- probably false positives or affected locally at download

Asked by Arito Shimazaki on 2018-02-16

---- checked at https://www.virustotal.com

the files at the origins in the net are clean

------------------------------------------------------------------------------

Today I got report from Windows Defender. Does anyone have similar issue?
The malware found is "Trojan:Win32/Skeeyah.H".

Here I have logs from Windows Defender.
containerfile: C:\Documents and Settings\MyName\AppData\Roaming\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar
containerfile: C:\Documents and Settings\MyName\Application Data\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar
containerfile: C:\tools\sikulix111\sikulix.jar
containerfile: C:\tools\sikulix112n\sikulix.jar
file: C:\Documents and Settings\MyName\AppData\Roaming\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar->org/python/jsr223/ScriptEngineTest.class
file: C:\Documents and Settings\MyName\Application Data\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar->org/python/jsr223/ScriptEngineTest.class
file: C:\tools\sikulix111\sikulix.jar->org/python/jsr223/ScriptEngineTest.class
file: C:\tools\sikulix112n\sikulix.jar->org/python/jsr223/ScriptEngineTest.class

My environment:
Windows 10 64bit
Sikuli version 1.1.1 & 1.1.2
Have Python 3.6.4 installed.

Question information

Language:
English Edit question
Status:
Solved
For:
Sikuli Edit question
Assignee:
No assignee Edit question
Solved by:
Arito Shimazaki
Solved:
2018-02-19
Last query:
2018-02-19
Last reply:
2018-02-16
Manfred Hampl (m-hampl) said : #1

Probably a false positive.

I suggest that you upload the file for a security scan to a security service, e.g. virustotal.com

There is already a report about a jar archive with that name that shows a clean file
https://www.virustotal.com/#/file/c4410d1a731948131a71f24c4e1ed0c5326711265b474b173acab2723c258c4b/detection

(Not sure whether it is the same version as the one on your system)

RaiMan (raimund-hocke) said : #2

@Manfred
Great thanks for the pointer to virustotal - did not know about that.

Arito Shimazaki (arisima) said : #3

Thanks Manfred, RaiMan.

I uploaded the file on VirusTotal and nothing malicious was found.

The same alert popped up on the pc of my friend as well,
but we are both using Windows Defender and maybe it is false positive of Windows Defender.