You are here

Possible Trojan in Gimp Portable?

6 posts / 0 new
Last post
blepoxp
Offline
Last seen: 17 years 12 months ago
Joined: 2006-12-01 12:27
Possible Trojan in Gimp Portable?

Hello,
I've noticed popups on any computer that my portable apps suite is running on and haven't been able to find any discussion of that in the forums here. Is this something that I just have to deal with. None of the computers have experienced popup trouble before or continue to do so w/o my device plugged in.

I realize that another option is that the popups are coming from my device but not part of the portable apps suite.

Anyway, I ran a spyware detection on my device and it flagged the following file in the portable gimp folder. Is this a legitimate part of portable gimp or should I delete it?

downloader.vbs.aqu in %portabledevice%PortableApps\GIMPPortable\App\gtk\bin\gspawn-win32-helper.exe

Thanks.

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 40 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
No, no, no, no

Once again... as stated in about 5 other topics... and as stated clearly at the very top of the support page (the FIRST place you should check) it's an error in your spyware detector. Report it to them and get them to fix it.

Sometimes, the impossible can become possible, if you're awesome!

yehuda186
Offline
Last seen: 17 years 12 months ago
Joined: 2006-12-03 01:20
be carefull - it might be

be carefull - it might be real trojan.

i've tested a few mirror's of sourceforge.net last night

at least in one of them the zip file was 18M instead of 10M -
the file loaded from this site reported the trojan.

loading from dublin mirror gave the expected size and no problem was reported by the untivirus software.

sorry but i didn't record the problematic site ....

UrbanMyth
Offline
Last seen: 17 years 11 months ago
Joined: 2006-12-06 17:19
Sigh...

Came up positive in my Grisoft AVG too. Reported.

NorwegianBlue
Offline
Last seen: 17 years 11 months ago
Joined: 2006-12-11 04:49
Positive in Norman virus control too

The file gspawn-win32-helper.exe is reported as containing a trojan by Norman virus control too (http://www.norman.com/en-uk). I downloaded the PortableGimp in April/May 2006, probably from the Dublin mirror, althought I'm not absolutely certain. I may have neglected to check the md5-sum. The main .exe (after unpacking) has file date and time 19. April 2006, 17:56.

I became aware of this discussion, and of previous reports of trojans, followed by rather emphatic denials, today after googling for "gspawn-win32-helper.exe". In light of the info above that this file has been observed to be larger when downloaded from some mirrors than from others, this observation should definitely not be dismissed as "yet another false positive".

-- NorwegianBlue

-- NorwegianBlue

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 40 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Check your MD5s

The MD5 sums are on the pages for a reason. If you get the file, it should match the size reported and the MD5 sum reported. If it does, you can be sure you have the legit file. If it doesn't, you can be sure your download is corrupt.

Sometimes, the impossible can become possible, if you're awesome!

Topic locked