I've been using portableapps for a long time now but today my Kaspersky sounded off that my portable firefox 3.0.4 had a trojan (trojan.win32.pakes.lth). Seemed that several paf.exe files were affected and new downloads from portableapps alarmed. I don't know if its a false positive but please let me know if anyone else has seen anything like this. Thanks.
New: DesktopSnowOK (Jan 6, 2025), Platform 29.5.3 (Jun 27, 2024)
1,100+ portable packages, 1.1 billion downloads
No Ads Nov/Dec!, Please donate today
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
I can confirm that F-Secure also reports the same trojan.
It's quite definitely a false positive. I have Kaspersky too, and it, too, detects those trojans in PortableApps Installer Files. But since I usually keep a backup of my PA-Installers I checked older ones, too... Most of them, too, are now recognised as being infected.
I won't trust Kaspersky as far as I trust PortableApps to be safe.
(Wouldn't be the first bug in Kaspersky...)
My Kaspersky (Kaspersky Antivirus 6.0. for Windows Workstations) today also said that he found a Trojan.Win32.Pakes.lth in:
aMSN_Portable_0.97.2.paf.exe//stream//data0001
aMSN_Portable_0.97.2.paf.exe//stream//data0006//stream//data0004
Pidgin_Portable_2.5.2.paf.exe//stream//data0001
Pidgin_Portable_2.5.2.paf.exe//stream//data0006//stream//data0002
Fretsonfire_portable_1.2.451.paf.exe//stream//data0006//stream//data0001
Fretsonfire_portable_1.2.451.paf.exe//stream//data0001
Celestia_portable_1.5.1.paf.exe//stream//data0006//stream//data0001
Celestia_portable_1.5.1.paf.exe//stream//data0001
Keepass_portable_1.14.paf.exe//stream//data0006//stream//data0001
Keepass_portable_1.14.paf.exe//stream//data0001
ConvertAll_Portable_0.4.2.paf.exe//stream//data0006//stream//data0001
ConvertAll_Portable_0.4.2.paf.exe//stream//data0001
all of this inslalled applications were also infected.
And I also check older versions of .paf.exe files (such as Pidgin_Portable_2.4.1.0.paf.exe, Pidgin_Portable_2.4.2.paf.exe, Pidgin_Portable_2.4.3.paf.exe, Pidgin_Portable_2.5.1.paf.exe) - they were not infected.
Right now try to download InfraRecorder 0.46.1 and Stellarium 0.10 - Kaspersky is crying!
>> It's quite definitely a false positive.
Sure ?
Because I do only get messages from my F-Secure for PA files I downloaded during the last 5 days:
Mozilla Firefox 3.0.4
Notepad++ 5.1.1
KeePass 1.14
All older installations are OK.
Seems that the files on server have been infected ?!
It's happened before. It's bound to happen again.
I think it was AntiVir and Avast! before?
Through virusscan.jotti.org (I think I have the url correct) it shows only Kaspersky and F-Secure finding this, and through virustotal.com, it shows the same thing :
File FirefoxPortable.exe received on 11.18.2008 10:18:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 2/36 (5.56%)
and I assume it would be the same with the following :
Firefox31Portable.exe
Notepad++Portable.exe
PidginPortable.exe
VLCPortable.exe
We've been hit in a recent virus definition update:
https://portableapps.com/node/16758
"If you're not part of the solution, you're part of the precipitate."