virus in DT 2.4.1 Win?

I started DT and got warning from AVG antivirus:

Wonders me why I have 4 same dll’s all with different size. Found on web that Trojan.Encoder.766 modifies libgio-2.0-0.dll and creates windbyit.exe but didn’t find such file. Anybody else encountered such warning? Can I replace dll from somebody else?

Antiviral apps often report what are considered false positives. They rather report something as bad when it might not be for better-safe-than-sorry and also financial reasons.

– First thing to check is whether you are downloading the darktable install package from a reputable source.

– Second thing to do is to try scanning with another antivirus. Different ones arrive at different conclusions.

– The other 3 dlls appear to be in a backup folder. It is likely that they have been compressed.

PS The antivirus might have two types of scanning. I don’t know what each are called exactly but there is one that scans the drive periodically and another that triggers a quarantine prompt when something suspicious happens. In your case, I would whitelist libgio in the general scan.

All of those dlls appear to be for different programs.

A quick google search indicates that “EaseUS” is a recovery utility, so those other three copies were probably created by it at some point. As long as you downloaded it from an official or reputable source, Darktable isn’t likely your culprit. It’s more likely that, if you do have a virus, libgio was infected, and then EaseUS made backups of it. Try the built-in Windows Defender utility, and the free version of MalwareBytes.

1 Like

As said, it is highly unlikely for a virus to find a way in a darktable installer from a reliable source, and the generic name of the “threat” often comes in combination with “exotic” files. Just in case, one can upload the reported file to VirusTotal, where it is inspected with 40+ antivirus engines.

Even a small number of positives still means everything is OK, false positives are common with files from open-source software, even more from development versions and such.

On my Windows laptop, I see different versions of libgio-2.0-0.dll in darktable, RawTherapee, Partha’s Gimp, PhotoFlow, Inkscape, and some other directories.

Here is a fresh report from VirusTotal.

1 Like