You are here

PortableApps.com Installer 3.1

2 posts / 0 new
Last post
Freehunter
Offline
Last seen: 2 weeks 3 days ago
Joined: 2014-06-26 10:21
PortableApps.com Installer 3.1

sixth time tried to post this, keep being blocked.

XP, SP3, 32bit, SSE2

using PortableApps.com Installer 3.1 keep getting same 3 warnings at virustotal

using PortableApps.com Installer 3.0.20 don't get errors

same happens making installers from some of the recent PAc App releases

added:
since this went through see if can add some detail, files tried:

Made a GPG 1.4.20 plugin and when check with VirusTotal get warnings:
Bkav = HW32.Packed.F972
McAfee-GW-Edition = BehavesLike.Win32.Dropper.tc
Qihoo-360 = HEUR/QVM20.1.Malware.Gen

PAcInstaller 3.1 warnings, redo with PAcInstaller 3.0.20 no warning

redo installers for:
gpg4usbPortable_0.3.3-2.paf.exe
7-ZipPortable_15.14.paf.exe
PWGenPortable_2.7.0.paf.exe
and get warnings

WinScan2PDFPortable_3.08_Dev_Test_1.paf.exe had warnings, redo with PAcInstaller 3.0.20 no warning

John T. Haller
John T. Haller's picture
Offline
Last seen: 1 hour 11 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Only Two, Only One Matters

Here is the current scan at VirusTotal: https://www.virustotal.com/en/file/99cd4214a68090876fa5ef645fb89d7f5ecc5...

There are two false positives: McAfee-GW-Edition and Rising. For the unfamiliar, Rising is a small antivirus in China that appears to be shutting down all non-Chinese operations, possibly going out of business. False positive reports have been submitted to both.

You'll find many Windows installers will have these issues as they switch to NSIS3 to mitigate a DLL hijack attack over the next few weeks. You should no longer use PA.c Installer 3.0.20 or any version of NSIS before 2.50 or 3.0b3 as it is vulnerable to a DLL hijack for end users that use Google Chrome and Microsoft Edge. Both browsers permit all websites to download infected DLLs with no user interaction. Chrome has had this vulnerability for 7 years. So, websites can download fake DLLs directly to the Downloads directory on Chrome user's PCs without their approval and then a vulnerable installer will use it while running. About 80% of Windows installers are vulnerable.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments