ncsuzyq626 / photograbber

Automatically exported from code.google.com/p/photograbber
Other
0 stars 0 forks source link

VIRUS INSIDE #102

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
c:\users\recojohnson\documents\photograbber-win-r83\pg.exe [MD5: 
48891AC6192036D1F738330138BA15F6] [3/00080000] [W32.Rogue.Gen]

Webroot SecureAnywhere detected it when it tried to execute itself without me 
asking.

Original issue reported on code.google.com by benties...@gmail.com on 20 Feb 2012 at 6:00

GoogleCodeExporter commented 8 years ago
I believe that is a false positive finding from your AV software.  The MD5 
listed matches the checksum for the files hosted on google code so it does not 
appear that you have a corrupted/infected pg.exe.

I submitted the exe to virustotal.com and no malware was detected:

https://www.virustotal.com/file/df4ff5e3236f0359780a06eb26b8ce6806e56c0ab1308796
8f0a1e9e2d69005b/analysis/1329752066/

The windows version of PG is a self extracting exe that will dump a python 
interpreter DLL and associated PG scripts to a temp folder for execution.  This 
behaviour is probably being falsely flagged as malicious.  I suggest 
re-downloading PG from google code and analysing the files with your AV.

NOTE: Always downloading PG from https://code.google.com/p/photograbber.  I 
cannot speak to the integrity of files from other locations.

Original comment by to...@ourbunny.com on 20 Feb 2012 at 3:58