topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday October 4, 2024, 12:53 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Mouser - newest version of LBC installer was flagged as a trojan  (Read 5256 times)

Lolipop Jones

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 65
    • View Profile
    • Donate to Member
...by my antivirus app, Vipre Antivirus Premium (Sunbelt Software)

Since I have no reason to mistrust anything downloaded directly from Donation Coder, I disabled the virus scanner, downloaded and installed.  Did a system scan just afterward and everything was OK, including all the new LBC files.  So it appears to be something that's only in the installer itself.

- Jones
Today's problems were yesterday's solutions....

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
just another false positive annoyance in a long history of them by lazy antivirus companies.  >:(
thanks for the report -- can you tell me the exact warning it gave -- did it say what it thought it was?

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
FWIW, I tried uploading to virustotal and got:

http://www.virustota...46b371937-1306287846

In the case of Sophos, the result listed in red was "NirCmd" -- which I guess happens to be included in LBC's zip file.

The following is from a NirSoft FAQ list:

Q: The antivirus software on my computer reports that some of the your utilities are infected with a virus or trojan. What should I do ?

A: First of all, All the utilities in my Web site are clean, and they don't contain any virus or trojan. Unfortunately, Antivirus programs are not perfect, and in many times they detects innocent software as infected with trojan or virus. This problem is known as 'False Positive' or 'False Alert', and it's quite common in password-recovery tools. If your antivirus software reports that utilities you downloaded from this Web site are infected with a virus or trojan, I highly recommend you to contact your antivirus company and ask them to fix this 'False Positive' problem in the next update of your antivirus software. You can also contact NirSoft to report about 'False Positive' problems. Click here to view the latest 'False Positive' problems reported by users from around the world.

In the case of VIPRE, I saw:

VIPRE 9381 2011.05.25 Trojan.Win32.Generic!BT

FWIW, the MD5 and SHA1 checksums of the file uploaded (requested a re-analysis) were:

MD5   : 9cb3a38088807f54e7f89ac30e09c030
SHA1  : d3578d56c6ec1c23179520a01309a79ccb38324b


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
ridiculous.  i guess i will stop bundling nircmd  :down:

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,922
    • View Profile
    • Donate to Member
For reference, I tried uploading a zipped LBC folder with the NirCmd folder removed and got:

http://www.virustotal.com/file-scan/report.html?id=1a2facb8134f0d69c27dcb96890c2d3f58f7574a09cd576de08d9ca56ee26d61-1306291149

No VIPRE this time, and I didn't see any obvious mention of NirCmd (not surprisingly), but still 4 AV engines seemed to mention something...
« Last Edit: May 24, 2011, 09:51 PM by ewemoa »

Lolipop Jones

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 65
    • View Profile
    • Donate to Member
Just to close the loop, I got the same detail as ewemoa did

Trojan.Win32.Generic!BT

I didn't realize you were bundling some Nirsoft in the install.  That may explain it.  Nir writes great utilities, but the mindless AV scanners hate them, I've been there before.

- Jones
Today's problems were yesterday's solutions....