Page 1 of 1
Trojan Horse in Oolite!
Posted: Mon Jul 23, 2007 12:08 am
by TGHC
If you haven't already picked this up' my AVG found this yesterday:
Trojan Horse Downloader Zlob.MCQ
It's location was C:\ programme files\Oolite\Uninst.exe
I'm still running version 1.65 which was downloaded when it first came out last year, although I did add Dajt's patch for planet textures a while later.
I prompted AVG to heal it, but apparently it is unhealable though it has dropped it into the virus vault.
It's not just me either, it has been picked up by others on the EBBS
here
Has anyone else here had this, and WTF do I do to fix it?
Posted: Mon Jul 23, 2007 6:44 am
by Killer Wolf
that's odd, my avs etc hasn't spotted anything. where did it come from, i can't imagine Giles or Ahruman etc put anything in like that, has someone taken the code, added summat nasty and put it out for download on an official site??
gonna have to do a full rscan of my machines when i get home :-/
Posted: Mon Jul 23, 2007 7:54 am
by Captain Hesperus
Could be a false positive. I run bi-weekly virus scans on my PC and it's never flagged that one up, I use Oolite 1.65-tp for Assassins and 1.68 for everything else.
Captain Hesperus
Posted: Mon Jul 23, 2007 8:07 am
by Killer Instinct
Using McAfee antivirus and Spybot S&D and scanning like wot you should do frequently these days I've found absolutely nothing wrong or untoward with any Oolite application.
Posted: Mon Jul 23, 2007 4:50 pm
by Helvellyn
If something has been sitting around for a long time unchanged and only gets picked up now it's probably going to be a false positive.
Posted: Mon Jul 23, 2007 5:07 pm
by JensAyton
Helvellyn wrote:If something has been sitting around for a long time unchanged and only gets picked up now it's probably going to be a false positive.
Either that, or it’s been infected by something else… in which case it isn’t actually a trojan.
Posted: Mon Jul 23, 2007 5:11 pm
by Captain Hesperus
Ahruman wrote:Either that, or it’s been infected by something else… in which case it isn’t actually a trojan.
But then where would it have come from. Only you and a select group have the ability to upload to the BerliOS site, and none of you would knowingly upload anything even remotely virusy (is that a word? Probably not, but hey).
I think it's just an over-protective AV program.
Captain Hesperus
Posted: Mon Jul 23, 2007 5:22 pm
by JensAyton
There was a time, in deepest, darkest history, when viruses primarily spread between programs on the same computer. I know you can’t remember this, since you’re just an ickle kitty. :-)
Posted: Mon Jul 23, 2007 6:31 pm
by Frame
Ahruman wrote:There was a time, in deepest, darkest history, when viruses primarily spread between programs on the same computer. I know you can’t remember this, since you’re just an
ickle kitty.
ohh i recall that... that was... yeah...
Before The Internet...
Posted: Mon Jul 23, 2007 8:18 pm
by Helvellyn
Ahruman wrote:Helvellyn wrote:If something has been sitting around for a long time unchanged and only gets picked up now it's probably going to be a false positive.
Either that, or it’s been infected by something else… in which case it isn’t actually a trojan.
Hence my use of the word "unchanged". I had AVG report a false positive on C&C Generals once, which was rather obviously such when it gave the same result when I scanned the original CD.
Posted: Mon Jul 23, 2007 9:19 pm
by davcefai
This could be a false positive. Best way to check will be to compare an "infected" file with a fresh download.
If anybody would like to send me an "infected" file I'll gladly investigate.
You can upload the file to
ftp://cloud9.dyndns.tv . Login as anonymous and them PM me.
Note: I am risk free in this as I run Linux.