clicking the download link
server name http://voxel.dl.sourceforge.net/sourceforge/portableapps/KompoZer_Portab...
clicking again
server name http://hivelocity.dl.sourceforge.net/sourceforge/portableapps/KompoZer_P...
sourceforge has no *****.dl. before sourceforge
file infected with trojan spy.winflux
do not download...
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
These are valid. These are download mirrors for SourceForge - that's how SourceForge works. Anyhow, there is no way which another entity could hijack the sourceforge.net name. If the domain ends in sourceforge.net, it's sourceforge.net
The spy.winflux is a false positive. Try it with other antivirus products.
I am a Christian and a developer and moderator here.
“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1
My browsers (ie and firefox)were getting hijacked and redirected from pages I clicked on through google. Opera no problem. Scanned and deleted suspected files - Kompozer, Nvu, and another - sorry, can't remember which - I downloaded a bunch of apps from home page.
Now, no issues with searches or browsing.
Bbible, Clamwin, Cornice, firefox, gimp, infrarecorder, vlc, jkdefrag, keepass, and notepadpp registered as "clean".
Anyone else have an issue? Using registered, and up to date version of Spyware Doctor with Antivirus. Seems a little strange that deleting a false positive would solve my problems.
We've had issues with Spyware Doctor causing false positives in the past. Whenever you come across a file you think might be infected, run it by one of the online services that uses a dozen or more virus engines. It's a better indication of what's what. We link to them from our Support page directly.
When you download an app from us, you will be linked to SourceForge.net which will then redirect you to a mirror. SF uses mirrors all over the world to host the files. They have names like voxel and internap. You can see the full list here:
http://apps.sourceforge.net/trac/sourceforge/wiki/Mirrors
You actually could be directed to a non-legit SF site by a third party, but only if your computer is already infected and the infection is linking to a server that is fully mirroring all our files from SourceForge.net, which would be difficult and is highly unlikely.
In any case, you could double-check it just by right-clicking on the file and selecting Properties. You'll find a Digital Signatures tab and it's signed by Rare Ideas, LLC (our parent legal entity). You can also check the MD5 sum which we publish on the site. Our updater (currently in the Beta forum) checks these for you automatically.
False positives will occur from time to time in some antivirus products. Some smaller ones like Spyware Doctor have had more issues as have some of the free ones like AVG. Just follow the steps above and you can ensure it is a false positive and report it to your antivirus provider for them to fix in their next list of updates.
Sometimes, the impossible can become possible, if you're awesome!
Thanks for the info. Thanks for the apps.
Hi, I ran a scan with Malwarebytes, and this came up:
Files Infected:
KompoZerPortable\App\kompozer\msvcr70.dll (Malware.Packer.Gen)
www.wolfcrane.com
I will report it to the MBAM team
Reported: http://forums.malwarebytes.org/index.php?showtopic=40377
Sorry to keep editing...
jamiesandhillcrane,
Please can you remove the link from your signature, it is against forum guidelines and is in the 'Homepage link next to your name anyway...
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman
Sorry, I didn't realize a web page couldn't be put in the signature. I had seen this under the signature box: Web page addresses and e-mail addresses turn into links automatically., and had assumed otherwise.
It's been removed.
www.wolfcrane.com
nosirrah has replied in the thread, saying it will be fixed.
@John (or any other Dev that knows - because I don't ;))
However, he has said they are modified somehow, which was what caused the detection.
a) Do you think there is a way to avoid this?
b) Aren't they closed source files, so they shouldn't be modified?
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman