jumaris / cnpack

Automatically exported from code.google.com/p/cnpack
0 stars 0 forks source link

Malware (False-)Positive in .569 and .574 #17

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I had been warned by Kaspersky Anti-Virus about a positive detection inside
the .569 and the .574 releases.

In the .569 AsciiChart.exe and Setup.exe inside of the NSIS packed
installer are flagged. In .574 only Setup.exe is flagged.

Detected Types:
Trojan.Win32.Agent2.csez
Trojan.Win32.Agent2.csfa

Virus Total detection for .569 (Setup.exe):
http://www.virustotal.com/analisis/8a0e63e5952217faee35d7ce7a8b2bdb8619f5bfc74b2
43dde61b5e37799035f-1275851355

Virus Total detection for .569 (AsciiChart.exe):
http://www.virustotal.com/analisis/cb65f909c81d73868dd19ca36df27d51c232f10ad7e2f
6a32dba0cb9abc1842a-1275687989

Virus Total detection for .574 (Setup.exe):
http://www.virustotal.com/analisis/c550f37ba53e1d1ab6d6f4e5820dea2a9a7cd8783ed01
a7a5737173a6ed613f4-1275828362

As this is likely a false-positive (being found only by KAV), I would
suggest contacting Kaspersky and allow them re-checking the related files.

Original issue reported on code.google.com by winkelsdorf on 6 Jun 2010 at 7:15

GoogleCodeExporter commented 9 years ago
I rebuild a new nightly build version 575. Please try it?
I also wonder why Trojan alarm.

Original comment by liuxiaos...@gmail.com on 9 Jun 2010 at 4:09

GoogleCodeExporter commented 9 years ago
I just checked the .575 and don't get any alerts. Thank you!

I think it's a false positive for .569 and .574 due to the scanner heuristics 
(despite it's been flagged by about 15% of the malware scanners).

Cheers,
Arvid

Original comment by winkelsdorf on 9 Jun 2010 at 4:29

GoogleCodeExporter commented 9 years ago
Thanks

We think it's truly a false alarm for CnWizards because we upload the same 
"warning" setup.exe to virustotal.com. In Kap's latest(06.09) virus defs, our 
setup.exe in 569 seems ok. It means Kap fix the false report.

http://www.virustotal.com/analisis/8a0e63e5952217faee35d7ce7a8b2bdb8619f5bfc74b2
43dde61b5e37799035f-1276121168

Though serveral antivirus also report similar problems, I think they'll fix 
soon, too.

Original comment by liuxiaos...@gmail.com on 10 Jun 2010 at 3:52

GoogleCodeExporter commented 9 years ago
As another datapoint on this issue: I just ran a scan with McAfee 
SecurityCenter and it reports the CNWIZARDS_0.9.6.569.EXE installer and the 
ASCIICHART.EXE applet as having the "Artemis!E47120CF53Fc" trojan.

Stephen Posey
stephenlposey@earthlink.net 

Original comment by stephenl...@gmail.com on 10 Jun 2010 at 7:25

GoogleCodeExporter commented 9 years ago
Now we use D7 to recompile setup.exe and asciichart.exe. Should avoid this 
false report.

Original comment by liuxiaos...@gmail.com on 16 Jul 2010 at 1:20

GoogleCodeExporter commented 9 years ago

Original comment by liuxiaos...@gmail.com on 30 Mar 2012 at 1:17