You are here

virus in Kompozer and other files

9 posts / 0 new
Last post
null001
Offline
Last seen: 9 years 1 month ago
Joined: 2009-05-05 23:05
virus in Kompozer and other files

clicking the download link
server name http://voxel.dl.sourceforge.net/sourceforge/portableapps/KompoZer_Portab...
clicking again
server name http://hivelocity.dl.sourceforge.net/sourceforge/portableapps/KompoZer_P...

sourceforge has no *****.dl. before sourceforge

file infected with trojan spy.winflux

do not download...

Chris Morgan
Chris Morgan's picture
Offline
Last seen: 3 years 2 days ago
Joined: 2007-04-15 21:08
Valid

These are valid. These are download mirrors for SourceForge - that's how SourceForge works. Anyhow, there is no way which another entity could hijack the sourceforge.net name. If the domain ends in sourceforge.net, it's sourceforge.net

The spy.winflux is a false positive. Try it with other antivirus products.

I am a Christian and a developer and moderator here.

“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1

null001
Offline
Last seen: 9 years 1 month ago
Joined: 2009-05-05 23:05
false positive

My browsers (ie and firefox)were getting hijacked and redirected from pages I clicked on through google. Opera no problem. Scanned and deleted suspected files - Kompozer, Nvu, and another - sorry, can't remember which - I downloaded a bunch of apps from home page.
Now, no issues with searches or browsing.
Bbible, Clamwin, Cornice, firefox, gimp, infrarecorder, vlc, jkdefrag, keepass, and notepadpp registered as "clean".
Anyone else have an issue? Using registered, and up to date version of Spyware Doctor with Antivirus. Seems a little strange that deleting a false positive would solve my problems.

John T. Haller
John T. Haller's picture
Offline
Last seen: 2 hours 29 min ago
AdminDeveloperModerator
Joined: 2005-11-28 22:21
Spyware Doctor False Positives

We've had issues with Spyware Doctor causing false positives in the past. Whenever you come across a file you think might be infected, run it by one of the online services that uses a dozen or more virus engines. It's a better indication of what's what. We link to them from our Support page directly.

When you download an app from us, you will be linked to SourceForge.net which will then redirect you to a mirror. SF uses mirrors all over the world to host the files. They have names like voxel and internap. You can see the full list here:
http://apps.sourceforge.net/trac/sourceforge/wiki/Mirrors

You actually could be directed to a non-legit SF site by a third party, but only if your computer is already infected and the infection is linking to a server that is fully mirroring all our files from SourceForge.net, which would be difficult and is highly unlikely.

In any case, you could double-check it just by right-clicking on the file and selecting Properties. You'll find a Digital Signatures tab and it's signed by Rare Ideas, LLC (our parent legal entity). You can also check the MD5 sum which we publish on the site. Our updater (currently in the Beta forum) checks these for you automatically.

False positives will occur from time to time in some antivirus products. Some smaller ones like Spyware Doctor have had more issues as have some of the free ones like AVG. Just follow the steps above and you can ensure it is a false positive and report it to your antivirus provider for them to fix in their next list of updates.

Sometimes, the impossible can become possible, if you're awesome!

null001
Offline
Last seen: 9 years 1 month ago
Joined: 2009-05-05 23:05
false positves

Thanks for the info. Thanks for the apps.

jamiesandhillcrane
jamiesandhillcrane's picture
Offline
Last seen: 5 years 11 months ago
Joined: 2006-11-24 15:09
Malwarebytes detected malware in Kompozer

Hi, I ran a scan with Malwarebytes, and this came up:
Files Infected:
KompoZerPortable\App\kompozer\msvcr70.dll (Malware.Packer.Gen)

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 5 years 11 months ago
Joined: 2008-08-26 14:11
Most likely a false positive

I will report it to the MBAM team Smile

Reported: http://forums.malwarebytes.org/index.php?showtopic=40377

Sorry to keep editing...

jamiesandhillcrane,

Please can you remove the link from your signature, it is against forum guidelines and is in the 'Homepage link next to your name anyway...

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

jamiesandhillcrane
jamiesandhillcrane's picture
Offline
Last seen: 5 years 11 months ago
Joined: 2006-11-24 15:09
Sorry, I didn't realize a web

Sorry, I didn't realize a web page couldn't be put in the signature. I had seen this under the signature box: Web page addresses and e-mail addresses turn into links automatically., and had assumed otherwise.
It's been removed.

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 5 years 11 months ago
Joined: 2008-08-26 14:11
Will be fixed...

nosirrah has replied in the thread, saying it will be fixed.

@John (or any other Dev that knows - because I don't ;))
However, he has said they are modified somehow, which was what caused the detection.

a) Do you think there is a way to avoid this?

b) Aren't they closed source files, so they shouldn't be modified?

nosirrahThey modify some of these files when they make these apps portable for some reason , we were detecting the modification and would not detect the real msvcr70.dll .

The modification is not malicious so i have worked around it .

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Log in or register to post comments