Tryton - Issues

 

Issue3003

Title Win.Trojan.Tracur-165 FOUND
Priority urgent Status invalid
Superseder Nosy List ced, gb, pilou, ronald
Type Components
Assigned To Keywords neso, win32
Reviews

Created on 2013-02-14.10:20:24 by gb, last changed by ced.

Files
File name Uploaded Type Edit Remove
Bildschirmfoto vom 2013-02-14 09:36:02.png gb, 2013-02-14.10:20:41 image/png
Messages
msg12655 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2013-03-06.16:36:29
No news from Clamav since 2 weeks.
I close the issue, re-open it if you find something wrong.
msg12514 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2013-02-15.21:14:47
Submitted a false positive report to http://cgi.clamav.net/sendfp.cgi
msg12501 (view) Author: [hidden] (ronald) Date: 2013-02-14.13:27:22
I have tested on:

1. Windows XP running Microsoft Security Essentials and not threats were 
detected.
2. Windows 7 running Microsoft Security Essentials and not threats were 
detected.
3. Windows 7 running Avira and no threats were detected.

in all three instances I scan the exe file and also extracted the exe and 
scanned the individual files and folders.

The exe installs correctly on both Windows XP and 7
msg12496 (view) Author: [hidden] (pilou) (Tryton committer) Date: 2013-02-14.12:30:11
I tested with my own build of Tryton client and Win.Trojan.Tracur-165 is also
found
(https://www.virustotal.com/file/da93d8229f0d1d0e79ff8d1d0bfacb0cb325ea8400b83f33186d803959bb60ea/analysis/1360840216/)

About py2exe and false positive, see also:
http://comments.gmane.org/gmane.comp.python.py2exe/1687
http://sourceforge.net/mailarchive/forum.php?thread_name=67dd1f930705250854j13424e18ub11c827c546e1f40%40mail.gmail.com&forum_name=py2exe-users
msg12495 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2013-02-14.11:18:48
It seems that only ClamAV detect something
https://www.virustotal.com/file/bc1747f10fdb74d8efaaf4f94f8ff8b3a10984c104269ee259a14cfe01c560ef/analysis/1360834857/

I tried on the previous exe which was clear for ClamAV, now it has the same
detection.

https://www.virustotal.com/file/f0bb9e8c9710b6b8d9599222b1e2ced55730f169f8a0bb0b191792140976fa08/analysis/1360836889/

It looks more like a false positive detection.
msg12494 (view) Author: [hidden] (gb) Date: 2013-02-14.10:22:17
Downloaded today Client 2.6 exe from your server.
msg12493 (view) Author: [hidden] (gb) Date: 2013-02-14.10:20:23
After downloading my antifirus ClamTK found an virus.
Is the file on your server infected?
History
Date User Action Args
2013-03-06 16:36:30cedsetstatus: deferred -> invalid
messages: + msg12655
2013-02-15 21:14:48cedsetstatus: chatting -> deferred
messages: + msg12514
2013-02-14 13:27:22ronaldsetnosy: + ronald
messages: + msg12501
2013-02-14 12:30:12pilousetnosy: + pilou
messages: + msg12496
2013-02-14 11:18:48cedsetnosy: + ced
messages: + msg12495
2013-02-14 10:22:18gbsetstatus: unread -> chatting
messages: + msg12494
2013-02-14 10:20:41gbsetfiles: + Bildschirmfoto vom 2013-02-14 09:36:02.png
2013-02-14 10:20:24gbcreate

Showing 10 items. Show all history (warning: this could be VERY long)