www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Website contains a virus?

reply Dominikus Dittes Scherkl <Dominikus.Scherkl continental-corporation.com> writes:
Hi.

I'm using Norton Security from Symantec, and it claims that the 
current compiler dmd-2.069.2.exe is infected with the 
"Trojan.Gen.2". Not a particularly harmful virus, but 
nevertheless I hope that's not true or you can fix that rather 
soon!
Jan 21
next sibling parent reply Brad Anderson <eco gnuk.net> writes:
On Thursday, 21 January 2016 at 18:46:15 UTC, Dominikus Dittes 
Scherkl wrote:
 Hi.

 I'm using Norton Security from Symantec, and it claims that the 
 current compiler dmd-2.069.2.exe is infected with the 
 "Trojan.Gen.2". Not a particularly harmful virus, but 
 nevertheless I hope that's not true or you can fix that rather 
 soon!
I just ran it through VirusTotal and nothing came up: https://www.virustotal.com/en/url/e4fb12ce95fb0234554339a5162e736d5f337b427214b58d5bc10122fcb83435/analysis/1453402206/
Jan 21
parent reply Brad Anderson <eco gnuk.net> writes:
On Thursday, 21 January 2016 at 18:50:48 UTC, Brad Anderson wrote:
 On Thursday, 21 January 2016 at 18:46:15 UTC, Dominikus Dittes 
 Scherkl wrote:
 Hi.

 I'm using Norton Security from Symantec, and it claims that 
 the current compiler dmd-2.069.2.exe is infected with the 
 "Trojan.Gen.2". Not a particularly harmful virus, but 
 nevertheless I hope that's not true or you can fix that rather 
 soon!
I just ran it through VirusTotal and nothing came up: https://www.virustotal.com/en/url/e4fb12ce95fb0234554339a5162e736d5f337b427214b58d5bc10122fcb83435/analysis/1453402206/
Hold on, that may not have scanned like I expected since I used a URL...rerunning using a file upload...
Jan 21
parent reply Brad Anderson <eco gnuk.net> writes:
On Thursday, 21 January 2016 at 18:55:16 UTC, Brad Anderson wrote:
 On Thursday, 21 January 2016 at 18:50:48 UTC, Brad Anderson 
 wrote:
 On Thursday, 21 January 2016 at 18:46:15 UTC, Dominikus Dittes 
 Scherkl wrote:
 Hi.

 I'm using Norton Security from Symantec, and it claims that 
 the current compiler dmd-2.069.2.exe is infected with the 
 "Trojan.Gen.2". Not a particularly harmful virus, but 
 nevertheless I hope that's not true or you can fix that 
 rather soon!
I just ran it through VirusTotal and nothing came up: https://www.virustotal.com/en/url/e4fb12ce95fb0234554339a5162e736d5f337b427214b58d5bc10122fcb83435/analysis/1453402206/
Hold on, that may not have scanned like I expected since I used a URL...rerunning using a file upload...
New results: https://www.virustotal.com/en/file/45e01e0eba641b02874d84fafceefac2b53a28add31ceeef2a4bfce13c1440d7/analysis/1453402410/ Now to decide if it's a false positive... (we use NSIS which I could easily see being an easily thing to have false positives with).
Jan 21
next sibling parent Bubbasaur <bubba gmail.com> writes:
On Thursday, 21 January 2016 at 18:57:27 UTC, Brad Anderson wrote:
 Hold on, that may not have scanned like I expected since I 
 used a URL...rerunning using a file upload...
New results: ... Now to decide if it's a false positive... (we use NSIS which I could easily see being an easily thing to have false positives with).
Results against: 2.060: https://www.virustotal.com/en/file/8da5b46e34e476c29155eff8507aa7a6a82545b1e236f27bad2b6613d2165498/analysis/1453403420/ 2.066.1: https://www.virustotal.com/en/file/a06d989365e77b46900c45ded383d16292e2ed92aba98621bc89861cc60082e3/analysis/1453403539/ Bubbasaur.
Jan 21
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 1/21/2016 10:57 AM, Brad Anderson wrote:
 New results:
 https://www.virustotal.com/en/file/45e01e0eba641b02874d84fafceefac2b53a28add31ceeef2a4bfce13c1440d7/analysis/1453402410/


 Now to decide if it's a false positive... (we use NSIS which I could easily see
 being an easily thing to have false positives with).
Note that different tools find different "viruses" Comodo Heur.Packed.Unknown 20160121 DrWeb Trojan.Packed.196 20160121 McAfee-GW-Edition BehavesLike.Win32.Tool.tc 20160121 Rising PE:Malware.XPACK/RDM!5.1 [F] 20160121 Symantec Trojan.Gen.2 20160121 TrendMicro Possible_Virus 20160121 Meaning they don't know what they're doing. In the past some of these were driven by Optlink making an executable that is not quite like what MS tools make, so, hey, "Possible Virus". Blech.
Jan 21
next sibling parent thedeemon <dlang thedeemon.com> writes:
On Friday, 22 January 2016 at 02:14:53 UTC, Walter Bright wrote:
 In the past some of these were driven by Optlink making an 
 executable that is not quite like what MS tools make, so, hey, 
 "Possible Virus". Blech.
Yeah, I was bitten by this too, antiviruses started barfing at my Win32 app when it was statically linked with libjpeg, while the lib file itself and the app without this lib linked in were accepted by the same antiviruses as clean. I understand DMD is now linked by Optlink. How hard would it be to try linking it with MS linker? This could be a workaround, otherwise we might soon find dlang.org blocked by major browsers and antimalware systems.
Jan 22
prev sibling parent Kagamin <spam here.lot> writes:
On Friday, 22 January 2016 at 02:14:53 UTC, Walter Bright wrote:
 Note that different tools find different "viruses"

   Comodo  Heur.Packed.Unknown  20160121
   DrWeb  Trojan.Packed.196  20160121
   McAfee-GW-Edition  BehavesLike.Win32.Tool.tc  20160121
   Rising  PE:Malware.XPACK/RDM!5.1 [F]  20160121
   Symantec  Trojan.Gen.2  20160121
   TrendMicro  Possible_Virus  20160121

 Meaning they don't know what they're doing.
No, antiviruses always had independent naming schemes and virus classification.
Jan 22
prev sibling next sibling parent reply sclytrack <sclytrack fake.com> writes:
On Thursday, 21 January 2016 at 18:46:15 UTC, Dominikus Dittes 
Scherkl wrote:
 Hi.

 I'm using Norton Security from Symantec, and it claims that the 
 current compiler dmd-2.069.2.exe is infected with the 
 "Trojan.Gen.2". Not a particularly harmful virus, but 
 nevertheless I hope that's not true or you can fix that rather 
 soon!
Does this pose a problem for the linux variant?
Jan 21
parent Dominikus Dittes Scherkl <Dominikus.Scherkl continental-corporation.com> writes:
On Thursday, 21 January 2016 at 18:51:34 UTC, sclytrack wrote:
 On Thursday, 21 January 2016 at 18:46:15 UTC, Dominikus Dittes 
 Scherkl wrote:
 Hi.

 I'm using Norton Security from Symantec, and it claims that 
 the current compiler dmd-2.069.2.exe is infected with the 
 "Trojan.Gen.2". Not a particularly harmful virus, but 
 nevertheless I hope that's not true or you can fix that rather 
 soon!
Does this pose a problem for the linux variant?
Hm. The .exe is precompiled for Windows only, so I suppose not. But the one generating it should have a look, would be likely his machine is infected too.
Jan 21
prev sibling next sibling parent reply Vladimir Panteleev <thecybershadow.lists gmail.com> writes:
On Thursday, 21 January 2016 at 18:46:15 UTC, Dominikus Dittes 
Scherkl wrote:
 Hi.

 I'm using Norton Security from Symantec, and it claims that the 
 current compiler dmd-2.069.2.exe is infected with the 
 "Trojan.Gen.2".
That would be a false positive.
 Not a particularly harmful virus, but nevertheless I hope 
 that's not true or you can fix that rather soon!
Unfortunately software writers do not have many options when false positives occur against their software. Please report this false positive to your antivirus vendor. You could also check that the download has not been modified in-flight using the provided signature files. Here are my hashes: MD5: 1f6a138851c7d27bc7df637126008614 SHA1: 5d76851618adc8c2c2cccab5111ea7f35a020002 SHA256: 45e01e0eba641b02874d84fafceefac2b53a28add31ceeef2a4bfce13c1440d7
Jan 21
parent Brad Anderson <eco gnuk.net> writes:
On Thursday, 21 January 2016 at 18:58:04 UTC, Vladimir Panteleev 
wrote:
 You could also check that the download has not been modified 
 in-flight using the provided signature files. Here are my 
 hashes:

 MD5: 1f6a138851c7d27bc7df637126008614
 SHA1: 5d76851618adc8c2c2cccab5111ea7f35a020002
 SHA256: 
 45e01e0eba641b02874d84fafceefac2b53a28add31ceeef2a4bfce13c1440d7
Code signing would help protect against this. Norton also takes whether a file has code signing into account (though I believe you need a class 3 for it to really help your rating).
Jan 21
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 1/21/2016 10:46 AM, Dominikus Dittes Scherkl wrote:
 I'm using Norton Security from Symantec, and it claims that the current
compiler
 dmd-2.069.2.exe is infected with the "Trojan.Gen.2". Not a particularly harmful
 virus, but nevertheless I hope that's not true or you can fix that rather soon!
I've had virus checkers claim Digital Mars software had viruses before. They were all false positives. That doesn't prove this one is a false positive, but I've heard "wolf" cried enough times that I'm pretty jaundiced about it.
Jan 21
parent Dominikus Dittes Scherkl <Dominikus.Scherkl continental-corporation.com> writes:
On Thursday, 21 January 2016 at 19:23:50 UTC, Walter Bright wrote:
 On 1/21/2016 10:46 AM, Dominikus Dittes Scherkl wrote:
 I'm using Norton Security from Symantec, and it claims that 
 the current compiler
 dmd-2.069.2.exe is infected with the "Trojan.Gen.2". Not a 
 particularly harmful
 virus, but nevertheless I hope that's not true or you can fix 
 that rather soon!
I've had virus checkers claim Digital Mars software had viruses before. They were all false positives. That doesn't prove this one is a false positive, but I've heard "wolf" cried enough times that I'm pretty jaundiced about it.
Yeah. The problem is, Norton is rather wide-spread and it put a big warning before this site now, which is rather annoing even if you are convinced it's a false positive :-( I suspect this can do much harm to the D community if we can't manage to get rid of the warning. But only the site-owner can get a re-evaluation from Norton.
Jan 21