This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

PLLATINUMSIM-SW: Recognized as Trojan by Windows Defender


Hi team,

My customer downloaded Pllatinumsim but it was recognized as "Trojan" by Windows Defender.

Is this just false detection of Windows Defender?

Best regards,

Shota Mago

  • Hello Mago-san,

    This is a false detection. 

    Microsoft update added an incorrect definition for OneevaA!ml which aggressively flags files that have packed binary data (such as our database of devices), and several other commercial software programs are being flagged alongside us – a quick search for “Oneeva.a!ml false positive” reveals many programs that have also been falsely flagged in the last year. We obviously aren’t attaching trojans to our software.

    For the record, PLLatinum Sim installer does the following:

    • Adds the PLLatinumSim.exe binary to your program files directory
    • Unpacks the PLLatinumSimDevices.dat file, which is a compressed XML database of our devices
    • Unpacks the license file and the software manifest
    • Creates the uninstaller
    • In case a previous edition of PLLatinum Sim existed on the machine, loads it to the rollback directory in the install path.
    • Adds shortcuts (if requested).

    We compile the executable, build the installer file, and package it in a zip file for distribution through – we control every step of the process. The current version of the installer we uploaded to (1.5.6) has MD5 checksum eb4228add3d5b074fc8b88984908d438. You can verify for yourself that your downloaded copy has the correct checksum, to ensure that no other party has tampered with the program. There are a number of ways to do this, but the most straightforward is using the Microsoft File Checksum Integrity Verifier:

    1. Download and extract the checksum verifier program (fciv.exe) to some location
    2. From the directory where fciv.exe is extracted, run fciv from command line. Example is below for my test case, in which I extracted fciv to my desktop.


  • Hi Derek-san,

    Thank you so much for your elaborate answer!

    I understood that this is a false detection by Windows Defender.

    Best regards,

    Shota Mago