Description

When installing the modpack using Curseforge and having Bitdefender installed Bitdefender bocks the installation due to a trojan being there. This happens every time you try to install the modpack.
To Reproduce

1. Start installation of modpack
2. Bitdefender blocks installation of modpack due to a trojan

Screenshots

Modpack version v1.36.1

This most likely as false positive.
The modpack .zip I distribute doesn't have any malware in it. You can check the modpack .zip and see that it have no reports.
The file mentioned on screenshot 2246.zip is not provided by my modpack and seems like downloaded by CurseForge launcher.
Yes, other players reported that their antiviruses show that OpenTerrainGenerator mod have trojan in it, and this may be a case, but we need to be sure.
Please, install modpack in other launcher, for example by Prism and write if there is antivirus reports. This will show what exact mod downloaded from CurseForge assumed as having trojan.

I have downloaded the the pack using Prism as you said and you were right, there is a Trojan in OpenTerrainGenerator

Is there a way to remove the mod from the modpack?
And also is there a way to report the mod to CurseForge?

Let me reassure you with a few points that indicate this is indeed a false positive:

1. The file causing concern, OpenTerrainGenerator-1.12.2-v9.5-R1.jar, isn't utilized by Minecraft. Upon launching the modpack, it's automatically renamed to .disabled, rendering it inactive. Inactive files pose no threat to your system.

2. This file has been downloaded over 166 thousand times without any reported harmful behavior. Its widespread usage without incident further supports the notion of a false positive.

3. OpenTerrainGenerator is an open-source project, meaning its code is transparent and accessible for scrutiny. Any malicious content would have been detected and addressed by the community.

Moreover, there's concrete evidence to demonstrate the false positive nature of this issue. You can essentially "heal" the file by removing what's erroneously flagged as a trojan. Since .jar files are essentially compressed archives, you can open the mod .jar using an archiver program, add an empty file with any name, and rescan it. The trojan will vanish, confirming it as a false positive.

Finally, if you still harbor doubts about your antivirus, you can proceed with playing the modpack. Your antivirus will simply quarantine the OpenTerrainGenerator file. You will be unable to generate OTG worlds. However, you can still utilize the 'Biomes O Plenty' generator without any hindrance.

Had any chance to "heal" the jar or try another solutions?

I just added a exception in my antivirus

Thanks for the help tho

I guess the argument that the code is open source is a very big thing especially combined with the 166k downloads

Thank you for answer!

Which of the arguments that this threat is a false positive seemed more convincing to you?
I'm asking so that I know which argument to make next time someone else is faced with the same question.