Trojan detected in mcx.exe file

Lorenzo Spinelli

unread,

Oct 14, 2025, 4:54:46 AMOct 14

to mcx-users

Dear Dr. Fang,

I installed the very last version of MCX (2025.10).

Unfortunately, on one of my windows PC Windows Security detects the following threat in file "mcx.exe":

Trojan:Win32/Wacatac.C!ml

Due to this, it remove automatically the file.

I think (and hope) this is a false positive detection: do you know how to fix this behavior of Windows Security?

Thanks a lot and best regards,

Lorenzo

Qianqian Fang

unread,

Oct 14, 2025, 12:46:53 PMOct 14

to mcx-...@googlegroups.com, Lorenzo Spinelli

does anyone else see this warning? I don't see such message after testing on two of my windows machines (a windows 10 lab server, and a windows 11 laptop).

after a quick google search, from this article

https://medium.com/@smith_brendan/trojan-script-wacatac-b-ml-when-microsoft-defender-cries-wolf-usually-6fb25816eee6

it appears that the false positive rate of such warning is very high at the moment - likely these machine-learning ("*!ml") based detection is still not reliable.

the binary was built on a windows virtual machine that was behind University's firewall, which was also used for producing the released windows binaries for the previous release (v2025). If you do not have any issue for the previous releases, this should be a false detection. ask google and see if you can find a way to whitelist it (haven't done it before).

--
You received this message because you are subscribed to the Google Groups "mcx-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mcx-users+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/mcx-users/b2306290-b201-46c7-a0ac-4a535c8d17f1n%40googlegroups.com.

Fang, Qianqian

unread,

Oct 14, 2025, 11:17:55 PMOct 14

to mcx-...@googlegroups.com, Lorenzo Spinelli

Hi Lorenzo, on my laptop dual-boot with windows 11, I did a custom scan using the most recent Windows Security virus definitions, it did not find anything from the unzipped mcx package.

Screenshot is attached. Based on this, I am quite certain that your OS warning was a false alarm.

From: 'Qianqian Fang' via mcx-users <mcx-...@googlegroups.com>
Sent: Tuesday, October 14, 2025 12:46 PM
To: mcx-...@googlegroups.com <mcx-...@googlegroups.com>; Lorenzo Spinelli <lspin...@gmail.com>
Subject: Re: [mcx-users] Trojan detected in mcx.exe file

To view this discussion visit https://groups.google.com/d/msgid/mcx-users/ffa647e0-be52-448e-bc68-0a3599726267%40neu.edu.

Screenshot 2025-10-14 231001.png

Lorenzo Spinelli

unread,

Oct 15, 2025, 3:08:27 AMOct 15

to Fang, Qianqian, mcx-...@googlegroups.com

Hi Qianqian,

actually, after updating the virus and threat protection of windows security to last version the file mcx.exe results ok: I do not understand what happened yesterday.

Sorry for the alarm.

See you,

lorenzo

Da: Fang, Qianqian <q.f...@northeastern.edu>
Inviato: Mercoledì, 15 Ottobre, 2025 05:17
A: mcx-...@googlegroups.com <mcx-...@googlegroups.com>; Lorenzo Spinelli <lspin...@gmail.com>
Oggetto: Re: [mcx-users] Trojan detected in mcx.exe file

Reply all

Reply to author

Forward