PortableApps.com Wins Big in the 2009 SourceForge Community Choice Awards and hits 100 million portable apps served!

Home » Forums » Support Forums » Nvu Portable & KompoZer Portable

virus in Kompozer and other files

Submitted by null001 on May 5, 2009 - 10:24pm

clicking the download link
server name http://voxel.dl.sourceforge.net/sourceforge/portableapps/KompoZer_Portab...
clicking again
server name http://hivelocity.dl.sourceforge.net/sourceforge/portableapps/KompoZer_P...

sourceforge has no *****.dl. before sourceforge

file infected with trojan spy.winflux

do not download...

‹ KompoZer & German language pack -> no localisation Use Nvu to Create BlogSpot Templates? ›

»
( categories: )

Valid

Chris Morgan's picture
Chris Morgan (Homepage) - May 6, 2009 - 2:27am

These are valid. These are download mirrors for SourceForge - that's how SourceForge works. Anyhow, there is no way which another entity could hijack the sourceforge.net name. If the domain ends in sourceforge.net, it's sourceforge.net

The spy.winflux is a false positive. Try it with other antivirus products.

Christian, developer, moderator

false positive

null001 - May 6, 2009 - 9:14am

My browsers (ie and firefox)were getting hijacked and redirected from pages I clicked on through google. Opera no problem. Scanned and deleted suspected files - Kompozer, Nvu, and another - sorry, can't remember which - I downloaded a bunch of apps from home page.
Now, no issues with searches or browsing.
Bbible, Clamwin, Cornice, firefox, gimp, infrarecorder, vlc, jkdefrag, keepass, and notepadpp registered as "clean".
Anyone else have an issue? Using registered, and up to date version of Spyware Doctor with Antivirus. Seems a little strange that deleting a false positive would solve my problems.

Spyware Doctor False Positives

John T. Haller's picture
John T. Haller (Homepage) - May 6, 2009 - 11:14am

We've had issues with Spyware Doctor causing false positives in the past. Whenever you come across a file you think might be infected, run it by one of the online services that uses a dozen or more virus engines. It's a better indication of what's what. We link to them from our Support page directly.

When you download an app from us, you will be linked to SourceForge.net which will then redirect you to a mirror. SF uses mirrors all over the world to host the files. They have names like voxel and internap. You can see the full list here:
http://apps.sourceforge.net/trac/sourceforge/wiki/Mirrors

You actually could be directed to a non-legit SF site by a third party, but only if your computer is already infected and the infection is linking to a server that is fully mirroring all our files from SourceForge.net, which would be difficult and is highly unlikely.

In any case, you could double-check it just by right-clicking on the file and selecting Properties. You'll find a Digital Signatures tab and it's signed by Rare Ideas, LLC (our parent legal entity). You can also check the MD5 sum which we publish on the site. Our updater (currently in the Beta forum) checks these for you automatically.

False positives will occur from time to time in some antivirus products. Some smaller ones like Spyware Doctor have had more issues as have some of the free ones like AVG. Just follow the steps above and you can ensure it is a false positive and report it to your antivirus provider for them to fix in their next list of updates.

Sometimes, the impossible can become possible, if you're awesome!

false positves

null001 - May 6, 2009 - 2:28pm

Thanks for the info. Thanks for the apps.

RSS FeedFirefox 3.5©2005-2009  |  Privacy Policy  |  Developed by Rare Ideas, LLC
Designed by [THIRDSHIFT] and Rare Ideas, LLC  |  Powered by Drupal