I installed Creality Print v7.0.0.4127 on my Windows 11 laptop. A subsequent scan by Windows Defender detected the following…
This is quite concerning and I’ve uninstalled this version for now.
Anyone else getting this detection? Thoughts or comments from Creality?
Thanks.
Yes. Same here. I quarantined it and so far it has not had an affect on Print-7. It is deeply disturbing that Creality security would allow malware into their download repository. Until Creality lays out what they have done to mitigate the problem. Trojan:Win32/Tnega!MSR", also known as “Win32/RA-based.NJV”" is serious. Here is a good summery on the NordVPN sitye: https://nordvpn.com/cybersecurity/threat-center/tnega/
I can not trust Creality. It may be deliberate. I can no longer run my regular security on this forum. I have to use an incognito window that allows targeting cookies in order to use this forum. Since incognito windows delete cookies on exit, I think that is reasonably safe as long as I do not leave a connection to Creality open for any longer than needed.
I have alerted Creality Tech support on Facebook and e-mail. My experience from doing corporate tech security for decades is this: If the virus is removed in 24 hours or less with a posted apology/warning it was a sloppy but honest mistake. I can forgive. If it it takes more than 24 hours to fix, then management approval was required and it was most definitely a deliberate attempt to spy on users.
Yeah.. SmartAppsControl is blocking the install for me. Threw it into VirusTotal to see what’s up and this came back. It’s probably a false positive. I don’t see any suspicious activities from the file except an unknown IP address. Current CrealityPrint 6 is working for me so I’ll just stick with it until Creality releases a version that can get passed SmartApps because I don’t want to disable it.
I use McAfee which is smarter and had no issues with v7. I believe some other scanners are mis-identifying the online models tab as being adware/malware. I have had no issues with it at all. I ran an extra scan of it thru McAfee after seeing all these sort of posts and it cleared it.
I didn’t get any Adware or virus notice. I wonder if this only occurs in certain regions where the file is downloaded…
A couple of clarifications…
Creality’s lack of response/action is troubling.
No response on the Creality Support Facebook ether. This is not a false positive. I didn’t notice it for a few days because my machine quarantined it during the download. I didn’t notice until I checked my antivirus history. The infected file “Remove-Edge.exe” does not appear to affect the operation of Print-7. If your virus protection is working correctly, you may not even notice (or your download is blocked). If you are running Windows and this download did not trigger your virus protection, you need to review your computer security.
Be aware, this is an information stealing virus. It will not crash your computer or cause any strange behavior besides some unusual network activity. It will, however, upload your passwords and any financial information that may be available. The FBI and Interpol will have to sort out who the stolen information is going to. This virus is the first step in Identity theft.
It is not a regional issue. I tried setting my VPN to Iran and the download was blocked. I added the “-Iran” to the name to keep the regional downloads sorted.
I am having the same issue, not being able to download .
What part of the world are you guys getting this virus / malware file ?
So far I’ve tested the United States, Canada, and Iran. All were infected.
@jimandyen Is there a country you think is getting a clean copy. Let me know & I’ll test there (assuming my VPN has an outlet there)
I downloaded it from the Creality Cloud site as soon as it was available and the scanner (Norton) didn’t pick up anything. I’m in the U.S. Texas.
I noticed it’s available on GitHub also. Could that be where the problem is..? Last year I noticed there was a warning for files on GitHub and to use caution when downloading them. I can’t remember where I saw that though…
Try scanning this path:
C:\Users\{your user name}\AppData\Roaming\Creality\Creality Print\7.0
is the file "“Remove-Edge.exe” in that path?
Also, by chance, are you running on a virtual or cloud machine? This virus detects virtual machines and shuts off in that environment.
The gethub hack happened when Microsoft bought them. There was a security leak for a couple of weeks, but it has been locked down now.
Creality support just e-mailed me. They suggested a slightly different URL to download from. I was using Creality Print | Creality Slicer Softwares & Firmware Download
They suggest Creality Print - Creality Slicer Softwares Download I’ll give it a try and report back.
Well, that went badly. Found a different virus and Windows deleted it immediately. Not even a quarantine!
I tried both and got the same result. File was virus-flagged and automatically deleted
Fascinating. This is a reach, but i wonder if Norton is smart enough to remove the offending file, or Windows security removed the file during install. Windows Security removed the file is how my first install went. “Remove-Edge.exe” was moved to the Quarantine folder and never made it to ~\7.0 directory.
At your convenance, take a look at “Windows Security” > “Virus Threat and Protection” > “Protection History”
That is where I found the record indicating the file had been quarantined. I’ve been using v7 for a couple of days and so far, deleting “Remove-Edge.exe” from the system does not seem to affect anything.
When using Norton I had MS security scan turned off.
I couldn’t find any mention of “Remove-Edge.exe” in Norton.
