search

dacap / pocketcpp

Compile C++11 / C++14 / C++17 / C++20 snippets with Notepad++ and MinGW/gcc 9.2.0
82 stars 17 forks source link

Virus issue?? #16

Closed tempusrevolutio closed 6 years ago

tempusrevolutio commented 6 years ago

Everytime I have downloaded this I get some kind of rootkit or malware that starts making remote connections to my network. Does anyone else have this issue? I have a brand new hard drive (this virus has taken over my old one and I don't have time to deal with it right now, its finals week) and this is the only thing I've downloaded besides all the updates through microsoft update, windows defender, and sophos anti-virus software. All directly from their sites. This is the only third party I've downloaded but it seems to malicious.

dacap commented 6 years ago

From VirusTotal the file pocketcpp-0.7.exe is free of virus as far I known. Anyway this is a bundle of third party software (not compiled by me):

Might be a false positive in Sophos AV (it looks like this AV is disabled in virustotal.com, maybe it contains too many false positives)

tempusrevolutio commented 6 years ago

Idk, I'm not super great with computers, just know the basics and stuff. But my computer was fine and this was the only file that I've downloaded not straight from microsoft or Sophos and it's now doing the same thing my computer was doing before. It's already opened up access points to my modem and started it's own homegroup. Its changed settings on my end so I can't download anything now (the second step in its process, I've been fighting this thing for weeks now). And soon I won't be able to access the internet, then it'll take admin control and I'm done at that point. I don't mean to be negative towards something you stand behind, and I appreciate the work you guys do letting guys like me have access to your hard work, but something is wrong with this file somewhere. Nothing happens until I unzip the file though, and it really only ever downloads at 200kbps the whole time, which is extremely weird for my computer and network. Idk if those are indicators of something but that's just what I've noticed.

On Sun, May 6, 2018, 8:44 PM David Capello notifications@github.com wrote:

From VirusTotal https://www.virustotal.com/#/url/3e4e1058a655b71a75e27669538dced3491e54185e0d7e06b341ae831c4c6e14/detection the file pocketcpp-0.7.exe is free of virus as far I known. Anyway this is a bundle of third party software (not compiled by me):

- https://notepad-plus-plus.org/repository/6.x/6.8.3/npp.6.8.3.bin.minimalist.7z

Might be a false positive in Sophos AV (it looks like this AV is disabled in virustotal.com, maybe it contains too many false positives)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dacap/pocketcpp/issues/16#issuecomment-386935302, or mute the thread https://github.com/notifications/unsubscribe-auth/AlOwUwFjk2b6Bl2cBshlEXTIIMJcHcHgks5tv6cDgaJpZM4T0Sb2 .

tempusrevolutio commented 6 years ago

Also, as a side note. I've run pretty much every anti-virus scanner you can and the only one to find anything was GMER which found a rootkit on my mbr. Sophos. Windows defender, windows essentials, Rogue killer (found a few pups), tdss killer, malwarebytes, malwarebytes rootkit, avast, adware cleaner, junkware removal tool, everything I can find. Nothing has found anything wrong. I even paid geek squad to come out and they were as useless as I thought they'd be. I'm not a pro at this or even an intermediate user at this but I'm trying what I can and this file is ground zero for my issues.

On Sun, May 6, 2018, 8:44 PM David Capello notifications@github.com wrote:

From VirusTotal https://www.virustotal.com/#/url/3e4e1058a655b71a75e27669538dced3491e54185e0d7e06b341ae831c4c6e14/detection the file pocketcpp-0.7.exe is free of virus as far I known. Anyway this is a bundle of third party software (not compiled by me):

- https://notepad-plus-plus.org/repository/6.x/6.8.3/npp.6.8.3.bin.minimalist.7z

Might be a false positive in Sophos AV (it looks like this AV is disabled in virustotal.com, maybe it contains too many false positives)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dacap/pocketcpp/issues/16#issuecomment-386935302, or mute the thread https://github.com/notifications/unsubscribe-auth/AlOwUwFjk2b6Bl2cBshlEXTIIMJcHcHgks5tv6cDgaJpZM4T0Sb2 .

dacap commented 6 years ago

The scan I gave you is wrong, it has a status code 404 (virustotal downloaded a 404 page and reported as the scan was just fine 😮). The real analysis for pocketcpp-0.7.exe is this one. See that SHA-256 is 18062517977f55bcd5bb697e5389f7d01e9f89c12e845eefbe4a41dd9a2e8b02. Anyway still it doesn't look like it contains a trojan.

Can you check if the SHA-256 of your downloaded file pocketcpp-0.7.exe is 18062517977f55bcd5bb697e5389f7d01e9f89c12e845eefbe4a41dd9a2e8b02?

Also it's strange that this issue wasn't reported by other user, maybe someone accessed to your modem and is using your network. Are you using Wi-Fi? Is using your Wi-Fi network WPA2? Did you use an USB stick? Or installed something with a DVD? (I also guess that your copy of Windows is completely legal (the same for Sophos AV).)

tempusrevolutio commented 6 years ago

Now that you mention it, I am using a USB to keep all my school work and this program on. Since no one else has reported anything and you've done plenty of checks to verify its clean I bet whatever this is attached itself to my USB the first time this happened. Idk where it would've come from but I bet this is an isolated problem with my USB not your program. Sorry for the accusation and thanks for getting me on track.

dacap commented 6 years ago

No problem @tempusrevolutio, with viruses we never know, so it's nice to continue testing these packages for viruses. Good luck!