Today Sophos has detected a virus in the Kompozer.exe file (and probably most of the other exe's as well) - It was fine on Friday so I guess this is down to a very recent definition update.
I have run it through Virus Total and got the following responses (23/30 have detected a 'virus'):
Antivirus Version Last Update Result
AhnLab-V3 2007.11.12.0 2007.11.12 Win32/Virut
AntiVir 7.6.0.34 2007.11.12 W32/Virut.AQ
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.11 Win32:Virtob
AVG 7.5.0.503 2007.11.12 Win32/Virut
BitDefender 7.2 2007.11.12 Win32.Virtob.BF
CAT-QuickHeal 9.00 2007.11.12 W32.Virut.V
ClamAV 0.91.2 2007.11.12 W32.Virut-12
DrWeb 4.44.0.09170 2007.11.12 Win32.Virut.25
eSafe 7.0.15.0 2007.11.08 suspicious Trojan/Worm
eTrust-Vet 31.2.5289 2007.11.12 Win32/Virut.6561
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.12 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 W32/Injector.A.gen!Eldorado
F-Secure 6.70.13030.0 2007.11.12 Virus.Win32.Virut.aq
Ikarus T3.1.1.12 2007.11.12 Virus.Win32.Virut.au
McAfee 5160 2007.11.09 W32/Virut.gen.a
Microsoft 1.3007 2007.11.12 Virus:Win32/Virut.Y
NOD32v2 2653 2007.11.12 Win32/Virut.AQ
Norman 5.80.02 2007.11.09 W32/Virut.AC
Panda 9.0.0.4 2007.11.11 W32/Virutas.AD
Prevx1 V2 2007.11.12 -
Rising 20.18.02.00 2007.11.12 Win32.Virut.ae
Sunbelt 2.2.907.0 2007.11.12 VIPRE.Suspicious
Symantec 10 2007.11.12 W32.Virut.W
TheHacker 6.2.9.124 2007.11.12 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.12 Win32.Virut.Gen.4
Webwasher-Gateway 6.0.1 2007.11.12 Win32.Virut.AQ
It's fine suggesting that the Checker is getting it wrong, but if the majority of them are detecting a problem I doubt if Sophos will do anything about it...
Unfortunately I have a corporate version of Sophos so neither can I turn it off nor can I report an issue directly to them - basically I now have no way of running Kompozer!
Any suggestions?
Does it allow you an exception?
Why can't you report the error to Sophos? Just because it is a corporate version should not mean that you don't have support.
Life is about the journey not the destination!
The Kazoo Spartan
I just downloaded and installed Kompozer from this site, and had no problem. I uploaded it to Virustotal, and only one of the lines is similar to yours.
You did not include the lines from virustotal that include important information like file size and hash, so I can't tell if you have the same version of the file that I have. However, it looks doubtful. So I'd recommend you download it from the menu on the left and install it again, and see if that doesn't help.
If you upload it to Virustotal and get a different result, you might want to include the last few lines of the virustotal report, where it includes the "additional information", as I have done below.
MC
I think you only uploaded what I assume is the Portableapps 'shell' exe (which is in the root of the install) rather than the 'actual' kompozer.exe file (which is under \App\kompozer\).
The 'additional info' for the shell is:
File size: 127896 bytes
MD5: eb824e2c73b8108443af58c6604abdb4
SHA1: ad472f88451e36a705778f102e13a6d2a2d2fd2d
and it does not trigger any virus alerts.
The 'additional info' for the 'actual' exe is:
Additional information
File size: 124928 bytes
MD5: 1d2f6ab052e187d695a737bec08900f1
SHA1: 8c5049116da116277259c74ea7f9814e11d15692
packers: UPX
I've just downloaded the whole thing again (using the link to the left) and the files are identical to the ones I already had. I don't understand how this is different to your file?
You're making my point exactly. I just downloaded the KompoZer_Portable_0.77_en-us.paf.exe (md5 d046200b6ad4f8b9734bf487b7374c6e) using the menu at the left. I installed it fresh. The Launcher (named KompoZerPortable.exe) has md5 eb824e2c73b8108443af58c6604abdb4 (which matches yours) but the kompozer.exe file has md5 86eaa9d33d0dd94f4aea09297660a44a, same as before. It is 117,760 bytes.
Either you downloaded and installed a different version than I did, or something changed the kompozer.exe file after it was installed on one or both of our machines.
John has begun signing his releases, which will make this all much easier to manage for future releases. But for right now, about all we can conclude is that you and I have submitted different copies of kompozer.exe to VirusTotal. We both claim to have downloaded it from the same place. We are both using the same launcher.
(Perhaps one or more others can try the same experiment, and see which MD5 is more common...)
Someone who downloads KompoZer and installs it and uses winMd5Sum (also from the left hand menu) or VirusTotal and gets the same MD5 you do will get lots of warnings about possible malware. Someone who downloads KompoZer and installs it and uses winMd5Sum or VirusTotal and gets the same MD5 I got will only see a couple of minor warnings.
Oh, I did try one more test. I used 7zip to "test" the KompoZer_Portable_0.77_en-us.paf.exe file; it was reported to have no errors. I then opened it in 7zip's explorer, and noted that the CRC for kompozer.exe is BE04B382. I then used 7zip to create an archive from the kompozer in the installed directory, opened it with 7zip's explorer, and saw that it has the same CRC. This suggests to me that I am in fact running the test on the kompozer.exe that is inside the installer.
MC