[1.1.1 & 1.1.2] Windows Defender: reports "Trojan:Win32/Skeeyah.H" with jython.jar and sikulix.jar --- probably false positives or affected locally at download

Asked by Arito Shimazaki on 2018-02-16

---- checked at https://www.virustotal.com

the files at the origins in the net are clean


Today I got report from Windows Defender. Does anyone have similar issue?
The malware found is "Trojan:Win32/Skeeyah.H".

Here I have logs from Windows Defender.
containerfile: C:\Documents and Settings\MyName\AppData\Roaming\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar
containerfile: C:\Documents and Settings\MyName\Application Data\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar
containerfile: C:\tools\sikulix111\sikulix.jar
containerfile: C:\tools\sikulix112n\sikulix.jar
file: C:\Documents and Settings\MyName\AppData\Roaming\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar->org/python/jsr223/ScriptEngineTest.class
file: C:\Documents and Settings\MyName\Application Data\Sikulix\SikulixDownloads\jython-standalone-2.7.1.jar->org/python/jsr223/ScriptEngineTest.class
file: C:\tools\sikulix111\sikulix.jar->org/python/jsr223/ScriptEngineTest.class
file: C:\tools\sikulix112n\sikulix.jar->org/python/jsr223/ScriptEngineTest.class

My environment:
Windows 10 64bit
Sikuli version 1.1.1 & 1.1.2
Have Python 3.6.4 installed.

Question information

English Edit question
Sikuli Edit question
No assignee Edit question
Solved by:
Arito Shimazaki
Last query:
Last reply:
Manfred Hampl (m-hampl) said : #1

Probably a false positive.

I suggest that you upload the file for a security scan to a security service, e.g. virustotal.com

There is already a report about a jar archive with that name that shows a clean file

(Not sure whether it is the same version as the one on your system)

RaiMan (raimund-hocke) said : #2

Great thanks for the pointer to virustotal - did not know about that.

Arito Shimazaki (arisima) said : #3

Thanks Manfred, RaiMan.

I uploaded the file on VirusTotal and nothing malicious was found.

The same alert popped up on the pc of my friend as well,
but we are both using Windows Defender and maybe it is false positive of Windows Defender.