NextDNS Detected as a Trojan, Again?

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,403
2
65,358
6,699
Sweden
Content source
https://help.nextdns.io/t/x2htpvm/nextdns-agent-2-0-1-now-detected-as-malware
Members on NextDNS forum reported about VirusTotal results already a month ago and also that their AVs ( Microsoft Defender etc ) started to flag the NextDNS agent as malicious. Apparently not the first time as seen in the quoted sources. It is several separate reports with a bit unusual amount of vendors flag it. False Positive ( FP ) is of course possible, but the malicious flags is still up and available since the first submission from December 2020.

help.nextdns.io

NextDNS agent 2.0.1 now detected as malware

I am not sure what changed but the official exe download from the site is now detected as malware. I have used the .exe for many months without issue until today.
help.nextdns.io help.nextdns.io

Windows reporting NextDNS 2.0.1 as Trojan:MSL/Masslogger.VN!rfn

I noticed the error after a reboot. It looks like some files in the Program Files directory were modified today as well. My version.txt file says I'm on 2.0.1.
help.nextdns.io help.nextdns.io

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
help.nextdns.io

NextDNS agent 2.0.1 now detected as malware

I am not sure what changed but the official exe download from the site is now detected as malware. I have used the .exe for many months without issue until today.
help.nextdns.io help.nextdns.io
Thales said:
  • Removed Next DNS app because Norton and other AV'S say it is unsafe and malicious (probably false positive), but I set it up in the browser, so it works.
Click to expand...
Official statement :
we just pushed a new version of the windows client. We often get false positives, even though our client is signed and does nothing wrong.
Click to expand...

Windows reporting NextDNS 2.0.1 as Trojan:MSL/Masslogger.VN!rfn

I noticed the error after a reboot. It looks like some files in the Program Files directory were modified today as well. My version.txt file says I'm on 2.0.1.
help.nextdns.io help.nextdns.io
 
  • Like
  • Wow
  • +Reputation
Reactions: Nevi, Venustus, ForgottenSeer 89360 and 16 others
This is very interesting, not because of NextDNS detection per se, but the nasty copycat practices of most vendors (look at the detection name), they will simple detect anything that Microsoft Defender or Kaspersky detects at VirusTotal without giving a "F" word.

Some years ago I even made a thread about this, you can see that Microsoft Defender had a false positive that was later fixed, but the copycats kept the wrong detection.

547.png



Capturar.PNG


My old thread about this:
malwaretips.com

Advice Request - I am very disappointed by some antivirus solutions [copycats]

Guys, today I was just doing some tests with Windows Defender Testground website and I realized how mediocre some antivirus solutions actually are; let me explain below. In this website there are some files to test if Windows Defender protection is working correctly. So I tried the CloudBlock...
malwaretips.com malwaretips.com

Ps: Revisiting my old thread I noticed that some vendors finally changed the detection name for "Application Joke" or "Fake File Coder", I guess that they took notice of my complainings at that time.
 
Last edited:
  • Like
Reactions: Nevi, Venustus, ForgottenSeer 89360 and 12 others
Looking at VT results I do not see detections coming from Kaspersky and Eset. The aforementioned vendors’ detection names might have given us a clue about what is wrong.
20A762C7-606E-4C55-8516-9A5EC90AE266.pngF643A628-229E-4E5F-817F-32930894684A.png
But, unfortunately, the response of NextDNS is not in a way or another convincing. Let’s wait and see.
 
  • Like
Reactions: Nevi, Venustus, ForgottenSeer 89360 and 13 others
You must log in or register to reply here.

You may also like...