I started this morning
Manage Apps -- Check for updates
I have got LibreOffice 3.3.3 and via downloading my virus scanner stoped the action and gives the following Virus error:
TR/Kazy.21485.7
Whats up?
is PortableApps hacked?
New: Kanri (Oct 9, '24), Platform 29.5.3 (Jun 27, '24)
1,100+ portable packages, 1.1 billion downloads
No Ads November!, Please donate today
I started this morning
Manage Apps -- Check for updates
I have got LibreOffice 3.3.3 and via downloading my virus scanner stoped the action and gives the following Virus error:
TR/Kazy.21485.7
Whats up?
is PortableApps hacked?
That will be a false positive. Take a look at https://portableapps.com/support#false_positive for more information and what you can do about it.
I am a Christian and a developer and moderator here.
“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1
It's not a false positive. I downloaded LibO_3.4.4_Win_x86_install_multi.exe from the LibreOffice site. Running this installer caused a browser hijack to be installed. This hijack caused search result links to be redirected to get-answers-fast.com. It's apparently a clickthrough scam. TrendMicro detected the exploit but could not remove it. ComboFix got rid of it. Beware.
That's nothing to do with what was reported here. And it's nothing to do with PortableApps.com.
I am a Christian and a developer and moderator here.
“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1
The download you are referring to is the LibreOffice installer (not LibreOffice Portable). We have nothing to do with the LibreOffice installer.
Additionally, I find it exceedingly unlikely that LibreOffice would have anything bad in it and far more likely that TrendMicro detected a browser hijack installer in some other product, not in LibreOffice. TrendMicro often has issues. If LibreOffice itself had a browser hijack in it, EVERYONE would be screaming about it as it's used by millions.
Sometimes, the impossible can become possible, if you're awesome!
No offense or accusation intended - just reporting my experience. Chill.
In addition to the website Virustotal Avira also provides an Upload page of the virus lab. Do you suspect that Avira mistakenly identify a clean file as malware, you can choose the entry "Verdacht auf Fehlalarm" of the pull-down menu.
As can be expected in the present case with very high probability of a false alarm, there is the possibility of preventing the display of such false alarms. As described below, this can be set via the configuration of your Avira antivirus program:
With the measures described under No. 1 -13 are now no files in the folder "LibreOfficePortable" ckecked for viruses.
I have also a problem with the installation !!! On my system is the G Data Internet Security2012 running.
Virus: Gen:Variant.Kazy.21485 (Engine A)
Datei: regmerge.exe
Prozess: LibreOfficePortable_3.3.3_MultilingualNormal.paf.exe
Unfortunately, the mode of operation of some antivirus programs is very superficial. In particular, erroneously interpreted some portable programs from this website because their file structure (these are NSIS-based programs) as a virus.
Similarly, many programs made by NirSoft be interpreted as a virus, although these utilities are all clean. The reason for the classification of such tools as a virus or trojan is the fact, that it can be used by bad guys, even when most users need it and use it for good purposes. For more information about this topic I recommend that you read the article Antivirus companies cause a big headache to small developers by NirSoft.
Artemis ("enhanced heuristic detection component") flagged both regview.exe and regmerge.exe. I've submitted the report to McAfee for analysis, along with a pointer to portableapps.com. If I get a response, I'll post it here.
Mark
No response from McAfee. Installed 3.4.1 without any complaints.
I installed the new 2.0 preview yesterday and when I used the Manage Apps -> Get More Apps to download and install apps, when it came up to LibreOffice, Norton Internet Security came up with something above the Notification Area (I use Windows 7 Home Premium 64bit) saying that Auto Protect was processing threats. When it finished putting the threats in Quarantine, I clicked for more details and this is what came up (the Get More Apps program still kept installing LibreOffice and other programs afterwards, I guess Norton found the files after LibreOffice files were put on the USB):
Security History (left pane of screen)
=========================
Severity Activity Status Date & Time
* High scalc.exe (Suspicious.Cloud) Quarantined Thursday, 21 July 2011
detected by Auto-Protect 10:28 PM
* High sbase.exe (Suspicious.Cloud) Quarantined Thursday, 21 July 2011
detected by Auto-Protect 10:28 PM
Details (when scalc.exe is clicked)
========================
Recommended Action:
Resolved - No Action Required
scalc.exe contained threat
Suspicious.Cloud
Risk: High
Origin:
Not Available
Activity:
Threat Actions performed: 6
Details (when sbase.exe is clicked)
========================
Recommended Action:
Resolved - No Action Required
scalc.exe contained threat
Suspicious.Cloud
Risk: High
Origin:
Not Available
Activity:
Threat Actions performed: 1
When clicking More Details for scalc.exe, NIS 2011 brings up File Insight, which shows:
scalc.exe (Suspicious.Cloud)
This threat has been removed.
No further action is needed.
Details button shows:
(Left Column)
On computers as of:
21/07/2011 at 10:26:49 PM
Last Used:
21/07/2011 at 10:28:40 PM
Startup Item:
No
Launched:
No
(Right Column)
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
High
This file risk is high.
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
Origin button shows:
Source: External Media
Source File: scalc.exe
Activity button shows:
This file has performed 6 actions.
File: k:\portableapps\libreofficeportable\app\libreoffice\program\scalc.exe
Removed
File: k:\portableapps\libreofficeportable\app\libreoffice\program\sdraw.exe
Removed
File: k:\portableapps\libreofficeportable\app\libreoffice\program\simpress.exe
Removed
File: k:\portableapps\libreofficeportable\app\libreoffice\program\smath.exe
Removed
File: k:\portableapps\libreofficeportable\app\libreoffice\program\sweb.exe
Removed
File: k:\portableapps\libreofficeportable\app\libreoffice\program\swriter.exe
Removed
When clicking More Details for sbase.exe, NIS 2011 brings up File Insight, which shows:
sbase.exe (Suspicious.Cloud)
This threat has been removed.
No further action is needed.
Details button shows:
(Left Column)
On computers as of:
21/07/2011 at 10:26:29 PM
Last Used:
21/07/2011 at 10:28:29 PM
Startup Item:
No
Launched:
No
(Right Column)
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
High
This file risk is high.
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
Origin button shows:
Source: External Media
Source File: sbase.exe
Activity button shows:
This file has performed 1 action.
File: k:\portableapps\libreofficeportable\app\libreoffice\program\sbase.exe
Removed
Sorry if this is too long, but I thought I'd put in all I could. I don't know if this is a false positive on Norton Internet Security 2011's part, regardless, I've removed the LibreOffice directory from my USB.
thanks for any responses!
Bradley Eaton
(eltonbrad)
It just marked and removed all the executables for no good reason.
There are no viruses in those files if you got them from this site.
I made this half-pony, half-monkey monster to please you.
Thanks for your reply!
Yeah, I used the PortableApps 2.0 PR1.1 Menu's "Get More Apps" app download it, so I'm assuming it was downloading the files from this site. I don't know what I should do because I'm sure Norton will pick those files up as threats again. I'm downloading OpenOffice.org (through the same program), so I'm hoping Norton won't pick up anything in that, otherwise I won't know what to do.
Any suggestions what I should do about LibreOffice files Norton thinks are threats?
Mum used to use Norton years ago, but after hearing bad things about the new version of Norton (at the time), she changed to AVG and had been happy with that until we both got our new computers at the beginning of the year, which had NIS 2010, we've like Norton ever since, even upgrading to NIS 2011, mainly because of the Norton toolbar for Firefox 4. This is the first time this has happened to me since using Norton again, so it saddens me to think it marked those files as threats for no good reason as it is always scary when this kind of thing happens.
Bradley Eaton
(eltonbrad)
You should report the problem to Symantec as a false positive. From the forum posts I've seen on the Symantec site, though, other people have been submitting this as a false positive for months now and no action from Norton.
There are ways of configuring these files as exceptions in Norton, but it's kind of a pain in the @$$.
I used to like Norton back in the day, but their overly aggressive software doesn't let you decide to keep files if it considers them "high risk", and add to that their poor customer service, and I won't even touch it.
At this point, I think the only way they keep market share is because they've made deals with computer manufacturers to pre-install their product onto new computers.
I made this half-pony, half-monkey monster to please you.