You are here

OpenOffice.org Portable 3 Beta 1 Released has a trojan

6 posts / 0 new
Last post
raulh76
Offline
Last seen: 14 years 5 months ago
Joined: 2008-06-13 18:29
OpenOffice.org Portable 3 Beta 1 Released has a trojan

I install OpenOffice.org Portable 3 Beta 1 Released and my antivirus detect a trojan keyloger. Be Carefull portableapps. My antivirus is PC Tools Internet Security and my portable antivirus is ClamWin Portable and both detect the virus.

USBman
Offline
Last seen: 7 months 3 days ago
Joined: 2006-10-11 17:43
False positive?

As can often be the case, this may simply be a "false positive." Make sure you're not jumping to false conclusions.

I might suggest you:

1) make sure your definition files are always up to date before scanning
2) simply try an online scanner, one that scans a particular uploaded file using multiple AV programs. I might suggest something like: http://www.virustotal.com or http://www.virscan.org or http://virusscan.jotti.org/

George Yves
Offline
Last seen: 8 years 5 months ago
Joined: 2008-04-21 08:37
A keyloger? Where exactly?

Give, please, more information about:

1) Your antiviruses' versions and their databases;

2) The exact text of the warnings they show;

3) The exact name and the exact location of the file they declare dangerous.

May the FOSS be with you!

raulh76
Offline
Last seen: 14 years 5 months ago
Joined: 2008-06-13 18:29
This is the virus

My antivirus portable is ClamWin and the version of databases is 17/06/08, my other antivirus is PC Tools Internet Security an d the databases is 16/06/08.

This is the problem detect for the both antivirus:
D:\ProtableApps\PortableApps\OpenOfficePortableTest\App\OpenOffice.org\Basis 3.0\program\scmi.dll: Trojan.Hupigon-9851 FOUND

Is not my intention to damage the reputation, because I am user of you, I just want to report something I think should be fixed.

My name is Raul Hernandez, i'm from venezuela.
Sorry for my english, but is not good.

ZachHudock
ZachHudock's picture
Offline
Last seen: 4 years 10 months ago
Developer
Joined: 2006-12-06 18:07
This is most likely a false

This is most likely a false positive. The compression techniques used to make the PortableApps.com applications smaller will sometimes be detected as malicious, but they are not.

I recommend uploading the file to VirusTotal and report back how many scanners detected the file as being a virus.

The developer formerly known as ZGitRDun8705

onestoploser
onestoploser's picture
Offline
Last seen: 1 year 8 months ago
Joined: 2008-06-23 16:09
I had this same problem so I

I had this same problem so I uploaded the file to VirusTotal like you suggested. Three programs registered it as a virus: ClamAV, eSafe and Sunbelt. The summary is here: http://www.virustotal.com/analisis/8a3c8b2c50fb95a065efa8e57bd3e0dc

Here is ClamWin Portable's report:

Scan Started Fri Jul 18 13:35:58 2008
-------------------------------------------------------------------------------

G:\PortableApps\OpenOfficePortableTest\App\OpenOffice.org\Basis 3.0\program\scmi.dll: moved/scheduled to 'G:\PortableApps\ClamWinPortable\Data\quarantine\infected.scmi.dll'

G:\PortableApps\OpenOfficePortableTest\App\OpenOffice.org\Basis 3.0\program\scmi.dll: Trojan.Hupigon-9851 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 357471
Engine version: 0.93.1
Scanned directories: 1626
Scanned files: 11666
Infected files: 1

Data scanned: 1186.39 MB
Time: 729.750 sec (12 m 9 s)
--------------------------------------
Completed
--------------------------------------

I would say it's a false positive. I moved the file back to it's proper directory.

Log in or register to post comments