DJI Assistant 2 has Malware possibly

[svfdfireman]

My Bitdefender security program identified 2 infected files related to DJI Assistant 2:

A bit angry right now unless these were false positives.

Any suggestions?

 

[zocalo]

If you got DJI Assistant directly from DJI then it's almost certainly a false positive. There's a bit of a history of BitDefender flagging DJI's programs and drivers for some reason, supposedly being to do with unsigned binaries. Other AV packages do not seem to have the problem, so they've either whitelisted DJI's files or are not as aggressive in their blocking as BitDefender is, YMMV as to which is the best approach. Either way thumbs down to DJI for not correctly signing their programs in this day and age.

You can work around it by temporarily disabling the AV package for the install and/or whitelisting the app/drivers afterwards if required, but that's generally not very good advice to give in this situation. If you want to make sure your files are valid I have v2.0.6 installed and my files have the following checksums (link to a guide & tools if you're not familiar with this):

md5sum:
407e8f0b202153f6566beb438e293f29 DJIServiceCore.exe
5cf96aac6a4f1cc25bcb297c1dbd31d8 Viewer.exe

sha1sum:
b50c306921ea7481e763f4a15dc162e07495e68c DJIServiceCore.exe
542b167db516b065dd46abedd3dc5c520b64690a Viewer.exe

sha256sum:
073c0005e23b6e6cc5096150ca3785a30ad145b2c68ab6b7d74ba89127f80adc DJIServiceCore.exe
fc01df52e8ef6721cdb667b8255d1a88015e70fc605ea4d5be1e1b43c5cced2c Viewer.exe

 

[svfdfireman]

Here is more Evidence.....

 

[zocalo]

The "Heur" in the ID is probably short for "heuristic", which is a term applied to intelligent scanning based on likely patterns. That means that BitDefender has detected something that it thinks *looks* like malware, but might not actually *be* malware. This might occur if the program is linked against a library that is commonly used by genuine malware, or occassionally for compressed (e.g. obfuscated) executables.

If you want a second opinion, I'd download another AV vendor's standalone scanning tool, or a tool like SpyBot Search and Destroy, (or multiple tools), run their scans on the file and see what they say. If they concur then it's probably a genuine bit of malware, if not then it's more likely BitDefender is giving a false positive and it's safe to whitelist it.

If it does come back as malware, I'd be curious to know whether this was sourced direct from DJI or not. I have had every v2.0.x release of Assistant installed (all downloaded direct from DJI) without any problems from regular scans by Windows Defender, Kaspersky AV, or SpyBot S&D on my PC, and periodic scans with Avast!'s standalone scanner have always come up clean as well.

 

[Labphoto]

Go To Virustotal.com, upload the executable there and wait for the results. There is always the chance that something else on your system infected the DJI Assistant 2.

 

[svfdfireman]

Thanks for the input. I will try a couple of the suggestions. FYI - Yes I downloaded the DJI assistant 2 directly from DJI website where the downloads reside.

 

[ElGuapo]

In the cybersecurity universe, everything revolves around one basic question: is the detected sample malicious or clean? As in life, the answer is more complicated than just these two options, creating a vast grey area where good and bad things resemble one another.
Established cybersecurity vendors, such as ESET, have to navigate that dilemma every day. With a growing number of clients in its global network, the number of items that needs to be evaluated increases along with the risk of causing false positives (FPs).

In cybersecurity, this term describes errors made when a protection solution incorrectly labels clean items as malicious. This leads to them being quarantined, blocked or deleted. Needless to say I deal quite a bit during the normal course of my day at work with emails FPs and legitimate software. In fact, in order to minimize issues during software install we temporarily disable or turn off antivirus / antimalware software.

 

[Remote Pilots Australia]

In fact, in order to minimize issues during software install we temporarily disable or turn off antivirus / antimalware software.

I used to to this quite a bit when things weren't quite so connectivity centric. I'd isolate from the net and install if it was a reputable vendor but now that so many installs require connectivity during install it makes my hair stand on end at times.

Now days I really look to a statement by the software vendor or my AMW / AV providers about known FP alerts. If I can't find it then I install in a sand box environment. Sure, as long as you are sufficiently backed up there's not a lot you can't recover from but it the downtime that can be the killer.

Regards
Ari

 

[ravedog]

On the Mac side, their app isn’t even signed with a developer account from Apple ($99) so the system security flags it. Lol. Really DJI? Lazy.

 

[Sniperfritz]

I downloaded straight from Dji . My Bitdefender gave me no such warnings.

 

[AgentMIB]

Most likely DJI being cheap by not paying Microsoft to test and provide the software with an authentic Microsoft WHQL signature. This is common with many Chinese vendors, especially with drivers. Another DJI issue is that they distribute GPL code with their product, which is a huge legal liability. You can use Open Source code, but according to GPL you aren't allowed to bundle it and sell it with a product. The way around the GPL license issue is to create a script that retrieves the packages from a repository (GIT, SVN, etc) and installs them.

 

[crazyju]

Mine has given me that warning on every download from DJI. I just put it in a folder and except my dji folder