 |
 | Strange trojan detected in new tor bundle. |  |
|
basilah
|
|
I had no viruses.
Than I downloaded the new portable tor bundle and scanned my thumbdrive with clamwin afterwards. It showed: Z:\Tor-NEW\Tor Browser\App\tor-resolve.exe: Trojan.Fakesec-310 FOUND Z:\Tor-NEW\Tor Browser\App\tor.exe: Trojan.Fakesec-310 FOUND Z:\Tor-NEW\Tor Browser\App\vidalia.exe: Trojan.Fakesec-310 FOUND Z:\Tor-NEW\Tor Browser\App\mingwm10.dll: Trojan.Fakesec-310 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 1075019 Engine version: 0.96 Infected files: 4 I checked the files with virustotal, only two are showing result for first file: Z:\Tor-NEW\Tor Browser\App\tor-resolve.exe: Trojan.Fakesec-310 FOUND: ByteHero 1.0.0.1 2011.11.14 Trojan-Downloader.win32.Agent.bmzd CAT-QuickHeal 12.00 2011.11.25 (Suspicious) – DNAScan One is showing result for second file: Z:\Tor-NEW\Tor Browser\App\vidalia.exe: Trojan.Fakesec-310 FOUND ByteHero1.0.0.12011.11.14Trojan-Downloader.win32.Agent.bmzd There are no positivie results for : - Z:\Tor-NEW\Tor Browser\App\tor-resolve.exe: Trojan.Fakesec-310 FOUNDZ:\Tor-NEW\Tor Browser\App\mingwm10.dll: Trojan.Fakesec-310 FOUND No results on virus total for these two, everything was: - I deleted the new tor browser, scanned again, everything was kosher. Than I downloaded the new tor again and got the same problem. lavasoft, adaware, antimalware and avg do not pick up the virus. The new tor was downloaded from the tor.org web site. Can anyone help me with this? Thank you. |
|||||||||||
|
|||||||||||||
 |
| |
|
basilah
|
|
Does anyone know of a forum where torproject.org is discussed?
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
I don't know of any Tor forum, but it sounds like there was a false positive detection if only 2 AVs see an infection (unless it is a very new virus). If you still have the virus file quarantined, do another scan on Virus Total in case it is very new. By now, other AVs should detect it also in that case.
If there is no big change on Virus Total, upload the file to Clam AV at https://cgi.clamav.net/sendvirus.cgi on the web. Change the type of submission from "virus" to false positive. Tell them that only 2 AVs on Virus Total say it is infected. You can zip multiple files. Cat and ByteHero have high heuristics to make up for signatures. I like to see 2 of these AVs spot an infection before I believe it: AntiVir, Bitdefender, NOD32, Kaspersky, and Sophos. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
basilah
|
|
None of the big five found anything. I tried jotti too and nothing apart from the ByteHero. So it's a false positive 100 %?
I submitted it to clamwin and am awaiting response. Thank you G Bob. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Even those 5 "trigger" AVs are not perfect, but they are pretty good. If you are looking at something besides a Windows PE file virus, like Java, Javascript, PDF, Flash, or HTML, you can be less strict because many AVs don't cover them as well. I would go with at least 2 of any AV then.
Wepawet at https://wepawet.iseclab.org/ on the web is a good place to check out javascript, PDF, and Flash files. Regards, |
|||||||||||
|
|||||||||||||
|
 | Strange trojan detected in new tor bundle. | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.