Does this sounds familiar(?) to anybody:
(These programs I downloaded 2 weeks ago, untill...,
when I discovered that my Computer was acting strange.)
D:\[PortableApps.com]Software\Command_Prompt_Portable_1.0.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\Mines-Perfect_Portable_1.4.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\MPlayer_Portable_1.0_RC1.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\On-Screen_Keyboard_Portable_1.0.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\PokerTH_Portable_0.5.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\PuTTY_Portable_0.60.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\Virtual_Magnifying_Glass_Portable_3.3.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\VLC_Portable_0.8.6c.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
D:\[PortableApps.com]Software\winMd5Sum_Portable_1.0.1.55.paf.exe:
Trojan.Downloader.Zlob-1548 FOUND
??? Please respond.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
sometimes it's because of a bad scanner, but it's not malware. I mean, some scanners are so bad, they detect themselves as a virus :P! What scanner did you use, and your PC is acting strange how?
Insert original signature here with Greasemonkey Script.
Huh?
But it is the ClamAV scanner you deliver yourself app de PortableApps Suite !
·~{Z0W!E}~·
It is only false positive: http://www.viruslist.com/en/glossary?glossid=153654932
hi there again
thanks for answering but,
what about the false positive ? How do you recon this?
By what? Does software has a 'false positive stamp' or a kind of recognition?
·~{Z0W!E}~·
https://portableapps.com/support
Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!
Does software from PortableApps has a false positive 'stamp' or a kind of false positive recognition?
That should be: NO!
Thanks for your help man! Have a nice Sunday.
·~{Z0W!E}~·
A false positive is something that is detected as a virus but truly does not contain a virus. NONE of the anti-virus applications are perfect, they make mistakes and detect things that aren't really problems, and also don't detect some things that are problems. ClamWin included. For that application, we simply wrote a launcher to make it portable their virus definitions come from the base version of ClamWin.
We can assure you that none of the official applications on this site contain viruses, but if it would make you feel more comfortable, I would recommend also scanning the file with a few other virus scanners. If most of them report it as an issue, let us know, also, if after checking, ClamWin is the only scanner that says it's an issue, let us know.
Links to some online scanners:
http://www.virustotal.com/ (will ask you to upload the file that you think is infected)
http://www.kaspersky.com/scanforvirus (also requires you to upload the file)
http://housecall.trendmicro.com/ (an excellent scanner that will scan your entire PC, or only the selected folders)
The developer formerly known as ZGitRDun8705
Now I am feeling so stupid:
=========================================
Scan taken on 02 Mar 2008 15:32:50 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Trojan.Downloader.Zlob-1548
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure AntiVirus Found nothing
Fortinet Found nothing
Ikarus Scan taken on 02 Mar 2008 15:32:50 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found Trojan.Downloader.Zlob-1548
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Scanning, please wait...
Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Scanning, please wait...
·~{Z0W!E}~·
It is not stupid to be careful, and to research virus warnings carefully. Only you can determine whether a program is safe to run on your machine. If there is a warning, don't assume it is a false positive and go ahead and run it.
Besides checking on virustotal or scanning with a second virus scanner, there are some other things you can do. One is right-click on the program from "My Computer" (Explorer) and check for a tab marked "digital signature". The programs released recently (but not in the suite yet) are signed. If the signature on a recently downloaded program is missing or bad, it could be infected. If the signature is good, that doesn't mean absolutely that the program is virus-free, but the person who signs the code is very careful to check things before he signs them. It is like adding a "seal" to an envelope. If the digital signature is intact, your confidence should be much higher (but not necessarily 100%).
MC
Wow, thanks everybody.
This forum is awesome, there is so much speed in it.
-
Keep up the good work guys, super!
·~{Z0W!E}~·
Hint:
Did you know you can go back and edit the subject/title of this topic (since you are the owner/author)? The one that's there might be a bit alarmist.
You can even delete the whole thing, I believe.
MC
Mark,
Welcome to PortableApps.com and thank you for bringing this to our attention.
As of 11:30 am today, Chicago Time
Using the latest definition updates from ClamAV [6077]
The only trojan detected was in:
MPlayer_Portable_1.0_RC1.paf.exe from 7/13/07
I have not as yet downloaded the most recent release from 2/26/08
All other installers that I have a copy of from the last week are clean.
I note from your first report that you had MPlayer_Portable_1.0_RC1.paf.exe
Was this what you submitted to the online scanners?
If so, could you download the latest version:
MPlayer Portable 1.0 RC2
and test, after updating ClamWin, and report back.
I'm on a modem so downloading it, and if necessary uploading to ClamAV for analysis, would be a bit of a chore.
@All, As it may take him time to read this if anyone else has a copy of the latest "MPlayer Portable 1.0 RC2" installer and ClamWin if you could test and let me know.
Tim
Things have got to get better, they can't get worse, or can they?
Okay,
I remote desktoped to my work machine and updated ClamWinPortable to the newest definitions.
MPlayer_Portable_1.0_RC2.paf.exe reports Clean
MPlayer_Portable_1.0_RC1.paf.exe reports Infected
So now I'm not sure what to do.
Should I summit MPlayer_Portable_1.0_RC1.paf.exe to ClamAV just to clear it up?
Should I say, "Never mind it's the old version"?
In any case, Mark, you should update your ClamWinPortable definitions and also download MPlayer_Portable_1.0_RC2.paf.exe, unless you have a reason to keep the older version.
Tim
The "Malware Checker" Checker for ClamWinPortable
Things have got to get better, they can't get worse, or can they?
cause old versnos keep floating around after an update. If you consider that there are still about 20 people downloading it each day...
My up-to-date Clamwin found the same Trojan in the Java Portabaliser.
Should I report them so you dont have to jam yuo internet?
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Definitively Report "Java Portableizer" as that is an app I do not use or have.
If you want to upload MPlayer_Portable_1.0_RC1.paf.exe as well go ahead.
You will have to do it as two separate submissions.
The link is:
http://cgi.clamav.net/sendvirus.cgi
You will need to give an e-mail address.
Be sure to request a reply/update request so they will let you know when its been addressed.
Be Very Polite in your "short description"
Tim
Things have got to get better, they can't get worse, or can they?
Reporting Java-Portabaliser, I said that it is the Trojan.Downloader.Zlob-1548 virus and they said
Does that mean I have to submit it again or do they know I clicked the false positive checkbox?
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Was the above their e-mail reply?
My last e-mail reply for a FP submission was like this:
=======================
Dear ClamAV user,
The following submissions have been processed and published:
- 2687920
See http://cvdpedia.clamav.net/daily/6046
--
Best regards,
The ClamAV team
========================
The message they sent you would "seem" to imply that either they think you submitted a virus submission and not a FP report, or that they feel that it is in fact a virus!
I would suggest resubmitting it, making Extra sure you:
1. Click the "A false positive"
2. In the "Virus name" box put "FALSE POSITIVE for Trojan.Downloader.Zlob-1548"
3. Note in the description box that you already submitted this but that you are confused by the response. Ask if they could please clarify if their response indicates that the file does contain a virus, or if perhaps it was just an automated response indicating the current status while it is being investigated or what?
Again, be very Polite in your request.
Very Strange Indeed!
Tim
Things have got to get better, they can't get worse, or can they?
it was on the website after I submitted it.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Okay,
I just submitted a dummy submission and the resultant page said:
======================
Result:
Submission completed!
ProxyGet.exe has been successfully sent to the virusdb maintainer team...
Thank you for helping the ClamAV project
=======================
My guess is that your resultant page merely indicated that it was already in their database.
I would recommend that you resubmit using points 1-3 that I indicated above.
Also Check for e-mail at the address you gave them (be sure to check you SPAM/BULK folder or filters.
Tim
p.s. /OT could you link to a bigger picture of yourself, your Avatar is intriguing, or is that not you?
Things have got to get better, they can't get worse, or can they?
this time I got the same response you got. I just hope i was polite enough and the don't deny me updates in the future
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Since Java_Portablizer_1.1.paf.exe was a small file I downloaded it and made a submission as well, My note was as follows:
==============
Greetings,
Several program installers from PortableApps.com, a respected OSS group, are being detected by the latested definitions of ClamAV [6080] as having Trojan.Downloader.Zlob-1548.
We are sure these are false positives.
I am including a sample:
Java_Portablizer_1.1.paf.exe
Your investigation of this is appreciated. If you could inform me of your conclusions I would appreciate it so I may inform the group that everything is ok.
Gratefully,
Timothy Clark
Moderator, PortableApps.com
================
Let's see what happens after the next couple of updates.
Did you submit the MPlayer RC1 as well?
Tim
Things have got to get better, they can't get worse, or can they?
I didn't have any problems submitting MPlayer although I think I submitted it the exact same way (same checkboxes/comments etc). But your note is way more polite than mine and your a mod so I think its good that you did it.
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
I think I'm kind of known for that
But those "way more polite" messages/posts take forever to write
I don't like to use/push the mod thing but I figured it could help/couldn't hurt.
I also thought referencing PortableApps and OSS was a good idea too.
We have to wait and see.
So, is your Avatar You, and can you link to a bigger picture?
I'm glad John changed his, the current one is clearer than the last one. I think I once posted asking folks to link to better images of their "photo" Avatars, but I think only one person replied.
Many of the "Photo" Avatars are so hard to see clearly, Even with MagnifyingGlassPortable
Tim
Things have got to get better, they can't get worse, or can they?
I know but I think if you want to get noticed in the huge amount of notifications its a good thing to "push the mod"
Makes it more official and trustworthy.
And no the Avatar isn't me. Its Daniel Craig whom I love since Casino Royale 8)
But with the Avatars so tiny, face recognition becomes complicated. haha clever to try MGP on the Avatars. I'm sure its fun
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Ahh,
"Bond, James Bond"
If by "MGP" you mean "Movie Gallery Post"
Yes, it was fun
I'm guessing this is it:
http://www.myvideostore.com/images/content/people/pics/daniel_craig.jpg
or at least it's close
and I guess that explains your .sig too
"Shocking. Positively shocking."
4 updates to ClamAV so far, still not fixed
Tim
Things have got to get better, they can't get worse, or can they?
MGP is MagnifyingGlassPortable. I never heard of "Movie Gallery Post"
But you're right about the pic. I'm impressed you found it. And yes I got tired of my Feynman signatures and wanted something else. Maybe its time to change it to "Change we can believe in"... I really adore Obama but I think that should go in the off topic forum
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
I never, and I mean NEVER have had a false positive on PortableApps.com... and I use ClamWin, both portable and installed...
Am I lucky or what?
If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report
but, quite frankly, until today I never run ClamWin on one of Johns installers. I just trusted him so this one was my first False Positive from PortableApps too
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Andres,
"I use ClamWin, both portable and installed"
Ahh, but how often do you update it and how often do you run it
I update several times a day and run a full system scan a Least 3 times a week for just this reason. As CWP is my backup scanner which may come into play in the event of a crisis I want to make sure there are no FPs floating around.
The FPs are sporadic and usually fixed very quickly. Unless you run the program in paranoid mode
or are very unlucky 
you will rarely see anything. If the OP had not brought this to our attention we might never know about it [my PA installers are on my flash drive not my hard drive].
Tim
Things have got to get better, they can't get worse, or can they?
Okay,
As of 4:00pm Chicago Time
MPlayer_Portable_1.0_RC1.paf.exe
and
Java_Portablizer_1.1.paf.exe
are in the clear with the ClamAV Team.
Current Definition update is 6083
Still no e-mail reply or credit in the updates posting
But things seem to be Okay now.
So Unless someone has another CWP FP on a PortableApps.com App ???
This Thread is done,
Unless of course you want to discuss Avatars, James Bond, or Barack Obama?
]
[The above was a joke, in case you didn't get it
What a day !!!
and thanks to Simeon for all his help.
Tim
Things have got to get better, they can't get worse, or can they?
that's good news. Haven't heard from them either.I sometimes don't get jokes I find soooo obvious reading them the second time... And it was nice talking to you bout Avatars
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Looks like Eraser Drop Target Portable is on the ClamWin list now, as an autoit.obfus-1
Main 45, Daily 6083.
MC
I just ran CWP [main version: 45, daily version: 6083] on:
Eraser_Portable_5.82_Rev_3.paf.exe
and it came back clean
[edit:
Wait, you said "Eraser Drop Target Portable", that's something else right?
I'm really only trying to keep an eye on the Official Releases.
Tim
Things have got to get better, they can't get worse, or can they?
The Eraser Portable isn't written in Autoit, while the EraserDropTarget is.
MC
You might want wraithdu to look into this,
As this is still not an official app and I've never used it.
If he is confident of its safety/cleanliness he could submit it using the address [and suggestions] above.
I'm much more confident in verifying the Official Releases than the betas because who knows, it could have a virus, not that I think it does, but who knows? Have you uploaded to the test sites?
Tim
Things have got to get better, they can't get worse, or can they?
Another autoit application being tested, cafemod, is also being targetted, apparently. I think it is more of the AV companies not trusting AutoIT programs.
MC
Yeah, AVs like to pick on AutoIt sometimes cause it *can* be used for bad things (what language can't?).
But it's clean. Results from Virustotal -
1. The name is calling this site a virus
2. The name is not entirely clear
3. Why is this in Apps development?
4. What is the point of this thread now, the problem was solved
Simplifying daily life through technology
1. The OP choose a poor title for the post
2. See 1. Above
3. The OP choose the Wrong forum
4. Correct, now if you had not replied to this Thread it would have passed into obscurity
So let's let it die
Tim
Things have got to get better, they can't get worse, or can they?
Use your awesome forum-god powers. (You have those, right :P)
Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world
Only the Meta-Mods can Edit/Lock/Delete a Initial Topic/Node that they did not create.
The permissions you are thinking of only apply to Follow up comments as far as the ordinary moderators are concerned.
Tim
Things have got to get better, they can't get worse, or can they?
Darn it. Drupal 6 supports that, though.
Sorry for that.
Now, I let this topic die.
Too many lonely hearts in the real world
Too many bridges you can burn
Too many tables you can't turn
Don't wanna live my life in the real world