6

Since today when we build an App with latest Version of Android Studio and enabled instant run, Kaspersky starts to reporting us that something tries to inject HEUR:Trojan.AndroidOS.Boogr.gsh in our classes.dex. After some research i found out that this starts happening when we are using com.android.tools.build:gradle:2.3.1 instead of 2.3.0 ! I tested it on a completely new mac book. Just Download Android Studio created an empty Project with installed Kaspersky with the latest updates and got the Alert from Kaspersky. Could anybody check if that also is happening for him? Also with an old project which is using the 2.3.1 since some weeks, this is not happening i think cause of an cached version of 2.3.1. Maybe somebody has changed something in the 2.3.1 in the meanwhile.

enter image description here

Sprotte
  • 541
  • 6
  • 19
  • Are you still seeing this? Can you file a bug report here: https://issuetracker.google.com/issues/new?component=192709&template=842921. – Jared Burrows Apr 30 '17 at 00:59

4 Answers4

1

I am actually experiencing the same issue.

Temporary solution is to desable instunt run or to downgrade gradle to 2.3.0.

For me it only happens with app in development. When you build release version, everything works fine.

UPD (April, 22) The problem is gone for me. Used the same pc with the same settings with gradle 2.3.1 and instant run enabled - everything works fine.

Anatoly
  • 49
  • 6
  • I know that everything is working fine when we disable instant run or going back to 2.3.0 but i really want to make sure that there is no virus in the current android build pipeline or on our company maschines. – Sprotte Apr 20 '17 at 19:25
  • Not a virus on your company machines. Having the same report since today, MacBook Pro with Kaspersky. – Syex Apr 21 '17 at 06:54
  • I have tried to reproduce on my mac book pro as well as on Windows with no luck. Could your provide more information on how to reproduce it, which dependencies you are bringing in ? Can you repro when building a newly created project from a template ? – Jerome Dochez Apr 21 '17 at 19:42
  • @JeromeDochez for a couple of days i had this issue. Tried to build it today - everything is back to normal (same pc with same settings and development environment). Thank you for your concern! – Anatoly Apr 22 '17 at 12:10
  • Glad to hear that the issue has resolved itself. Further updates will be provided on the bug : https://buganizer.corp.google.com/issues/37536603 – Jerome Dochez Apr 24 '17 at 16:47
1

We are looking into it right now.

Jerome Dochez
  • 706
  • 3
  • 4
  • Hey Jerome, this is more of a comment. Do you mind putting more of an official answer? Maybe add this to the android bug tracker? – Jared Burrows Apr 22 '17 at 16:16
0

I experienced the same issue last night when I downloaded Android Studio to a Windows 7 computer and ran the example App "Hello World" using Instant Run through a USB to a Samsung Galaxy Core Prime mobile phone. I'm trying to find out if it is the phone trying to infect the computer through Android Studio or Android Studio trying to infect the phone. I've kept text files of the Kaspersky virus scan reports if you need more details.

The App ran on the phone as expected but as soon as it displayed "Hello World" Kaspersky detected the Trojan HEUR.Trojan.AndroidOS.Boogr.gsh. Kaspersky failed to disinfect the file and then deleted it. I ran the App again and again Kaspersky detected and deleted it. I then carried out a full scan and it reported several references to the Trojan in the downloaded Android files on the computer. Kaspersky cleared these and a third scan reports no infection.

I've run another program (Processing Android) many times in the last week using the same computer phone connection and Kaspersky has not reported a problem.

peter osman
  • 1
  • I cannot reproduce the issue. This is what I did on Windows 10 - Install Kapersky Total Security - Install Android Studio 2.3.1 - Create a new project with defaults. - build/run the project on Emulator N. - make couple of code changes doing a hot swap. Kapersky did not complain about the dex files. I need more info to reproduce this. Is this happening on every project ? can you try creating a new project and see if you can repro there ? – Jerome Dochez Apr 21 '17 at 17:55
0

The problem I had was a virus message from Kaspersky whenever I ran a newly comoiled "Hello World" from Android Studio, Using Kaspersky to erase the virus didn't remove the problem.

I raised the issue with Kaspersky who were uncertain if it was a genuine virus or because the default sensitivity I was using is the highest sensitivity for the Kaspersky software. They said they might raise it within their software team and possibly with the Android Studio team.

Next day (in Australia) I downloaded and installed a new copy of Android Studio having first factory reset my phone, used Kaspersky to once again clean the two suspect virus components and then removed every Android Studio software component from the computer. Subsequent total system virus checks and running of Android Studio did not produce the problem again.

Don't know whether Kaspersky and/or Android fixed the problem or whether It was an isse with my system and fixed with my cleaning.

PeterO
  • 1