Trojan Ymacco.AA59 Found in Spout2

I downloaded the latest release of Spout2 from github as a .zip (GitHub - leadedge/Spout2: A video frame sharing system for Microsoft Windows) and found it contains the Ymacco.AA59 trojan. Windows Defender popped up immediately for quarantine and removal. It seems there have been reports of this trojan in Spout software as early as February of this year. (VirusTotal) WDscreen

HI @BeerBelliedBear

I have replaced SpoutPanel and SpoutSettings with the latest release files, which I had forgotten to do. But instead of downloading direct from the repository, please download the Release zip file which has been notarized so that you can check that it’s the original file, as have the executables in it.

Virus false positive detection is an ongoing problem that can only be resolved by paying for a certificate, as you can see in a previous post (Spout 2.007 is Identified as a trojan - #7 by spout).

The problem commonly occurs for a 32 bit build of exactly the same code even if the 64 bit build is not detected. I can only assume that this is a result of the methods that anti-virus engines use.

I have been using 64 bit for release but keeping 32 bit versions in the repository for separate download if required. I believe that now there is no choice but to remove them entirely. If there is any special need there is a contact email on the Github overview page. Of course, even if I provide the 32 bit versions privately they will most likely still be detected but there is nothing I can do about that.

I will also make a new release as there are new updates, but meanwhile if you require the whole repository, download it from the master branch page.

1 Like