NextDNS Detected as a Trojan, Again?


Thread author
Staff member
Malware Hunter
Jul 27, 2015
Members on NextDNS forum reported about VirusTotal results already a month ago and also that their AVs ( Microsoft Defender etc ) started to flag the NextDNS agent as malicious. Apparently not the first time as seen in the quoted sources. It is several separate reports with a bit unusual amount of vendors flag it. False Positive ( FP ) is of course possible, but the malicious flags is still up and available since the first submission from December 2020.

  • Removed Next DNS app because Norton and other AV'S say it is unsafe and malicious (probably false positive), but I set it up in the browser, so it works.
Official statement :
we just pushed a new version of the windows client. We often get false positives, even though our client is signed and does nothing wrong.


Level 23
Top poster
Content Creator
May 26, 2014
This is very interesting, not because of NextDNS detection per se, but the nasty copycat practices of most vendors (look at the detection name), they will simple detect anything that Microsoft Defender or Kaspersky detects at VirusTotal without giving a "F" word.

Some years ago I even made a thread about this, you can see that Microsoft Defender had a false positive that was later fixed, but the copycats kept the wrong detection.



My old thread about this:

Ps: Revisiting my old thread I noticed that some vendors finally changed the detection name for "Application Joke" or "Fake File Coder", I guess that they took notice of my complainings at that time.
Last edited:


Level 27
Top poster
May 10, 2019
Looking at VT results I do not see detections coming from Kaspersky and Eset. The aforementioned vendors’ detection names might have given us a clue about what is wrong.
But, unfortunately, the response of NextDNS is not in a way or another convincing. Let’s wait and see.

ForgottenSeer 85179

maybe the binary itself isn't the "problem" but the default NextDNS filter list which block some ads and tracking, and companies doesn't like that.
It's just a guess through