NextDNS Detected as a Trojan, Again?

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Content source
https://help.nextdns.io/t/x2htpvm/nextdns-agent-2-0-1-now-detected-as-malware
Members on NextDNS forum reported about VirusTotal results already a month ago and also that their AVs ( Microsoft Defender etc ) started to flag the NextDNS agent as malicious. Apparently not the first time as seen in the quoted sources. It is several separate reports with a bit unusual amount of vendors flag it. False Positive ( FP ) is of course possible, but the malicious flags is still up and available since the first submission from December 2020.

help.nextdns.io

NextDNS agent 2.0.1 now detected as malware

I am not sure what changed but the official exe download from the site is now detected as malware. I have used the .exe for many months without issue until today.
help.nextdns.io help.nextdns.io

Windows reporting NextDNS 2.0.1 as Trojan:MSL/Masslogger.VN!rfn

I noticed the error after a reboot. It looks like some files in the Program Files directory were modified today as well. My version.txt file says I'm on 2.0.1.
help.nextdns.io help.nextdns.io

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
help.nextdns.io

NextDNS agent 2.0.1 now detected as malware

I am not sure what changed but the official exe download from the site is now detected as malware. I have used the .exe for many months without issue until today.
help.nextdns.io help.nextdns.io
Thales said:
  • Removed Next DNS app because Norton and other AV'S say it is unsafe and malicious (probably false positive), but I set it up in the browser, so it works.
Click to expand...
Official statement :
we just pushed a new version of the windows client. We often get false positives, even though our client is signed and does nothing wrong.
Click to expand...

Windows reporting NextDNS 2.0.1 as Trojan:MSL/Masslogger.VN!rfn

I noticed the error after a reboot. It looks like some files in the Program Files directory were modified today as well. My version.txt file says I'm on 2.0.1.
help.nextdns.io help.nextdns.io
 
  • Like
  • Wow
  • +Reputation
Reactions: Nevi, Venustus, ForgottenSeer 89360 and 16 others
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
This is very interesting, not because of NextDNS detection per se, but the nasty copycat practices of most vendors (look at the detection name), they will simple detect anything that Microsoft Defender or Kaspersky detects at VirusTotal without giving a "F" word.

Some years ago I even made a thread about this, you can see that Microsoft Defender had a false positive that was later fixed, but the copycats kept the wrong detection.

547.png



Capturar.PNG


My old thread about this:
malwaretips.com

Advice Request - I am very disappointed by some antivirus solutions [copycats]

Guys, today I was just doing some tests with Windows Defender Testground website and I realized how mediocre some antivirus solutions actually are; let me explain below. In this website there are some files to test if Windows Defender protection is working correctly. So I tried the CloudBlock...
malwaretips.com malwaretips.com

Ps: Revisiting my old thread I noticed that some vendors finally changed the detection name for "Application Joke" or "Fake File Coder", I guess that they took notice of my complainings at that time.
 
Last edited:
  • Like
Reactions: Nevi, Venustus, ForgottenSeer 89360 and 12 others
Divine_Barakah

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
Looking at VT results I do not see detections coming from Kaspersky and Eset. The aforementioned vendors’ detection names might have given us a clue about what is wrong.
20A762C7-606E-4C55-8516-9A5EC90AE266.pngF643A628-229E-4E5F-817F-32930894684A.png
But, unfortunately, the response of NextDNS is not in a way or another convincing. Let’s wait and see.
 
  • Like
Reactions: Nevi, Venustus, ForgottenSeer 89360 and 13 others
You must log in or register to reply here.

Similar threads

Kongo
    • Like
    • Wow
Question NextDNS client infected?
Replies
20
Views
2,542
Malware Analysis
oldschool
oldschool
SerialCart
    • Like
    • +Reputation
Guide | How To How to get Mullvad VPN work with NextDNS with a custom profile
Replies
12
Views
2,488
Guides - Privacy & Security Tips
ForgottenSeer 107474
F
Tiamati
    • Like
Battle NEXTDNS (with adguard filters) vs Adguard DNS
Replies
8
Views
2,810
Software Comparison
ForgottenSeer 107474
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top