Installer Malware #978
Comments
|
The 1.27 bundle is built with a different toolset and includes more, so its What did defender say was the problem? On 28 March 2016 at 13:21, Peter Cox notifications@github.com wrote:
|
|
@eht16 can you check the download is ok, and maybe we should publish a hash for binary downloads. Would be useful even just to confirm no download errors. |
|
It reports a Severe alert as Trojan:win32/Fethar.A!cl with a link to MS' malware detection center. |
|
@eht16 could it be related to the non-msys binaries included (grep, etc) ? |
|
I have just tried rebooting into Windows (10, 64-bit). I made sure Windows Defender had up-to-date virus definitions and scanned the installer Neither of them reports any problems. |
|
The download was also analysed by Virus Total which found no problems. @psccox are you sure your virus signatures are up to date? |
|
I just tried again with the same virus detected. I am running 64bit Windows version 10.0.10586, with the latest definitions from Windows Defender, which is automatically invoked when downloading in Google Chrome. I am downloading directly from the website, i.e. the download link Full Installer including GTK 2.24 |
|
@psccox can you test the downloaded file outside of chrome. |
|
Well I don't have wget or similar on this PC. Firefox and Edge both flag it too. |
|
I have no idea why @psccox 's system think the file is affected. I just checked the MD5 hash of the file available on http://download.geany.org/geany-1.27_setup.exe with the hash mentioned in http://download.geany.org/MD5SUMS and they match. Additionally, I checked the included digital signatures of the file (downloaded freshly from download.geany.org) and they are intact (that's a Windows thing, basically the installer binaries as well as geany.exe and Geany-related .dll files are signed with my cacert.org SSL certificate). If at all, my Windows system I used to build the binaries was already compromised but it didn't happen afterwards. @codebrainz I would not expect the self-compiled grep.exe to be a possible reason, rather the downloaded sort.exe (see http://pastebin.geany.org/T8CxF/). But good idea anyway. @elextr what hashes do we need? We have MD5 and SHA256 of the installer binary on download.geany.org, additionally the installer and all binaries included (except MSYS2 provided, sort.exe and grep.exe) are digitally signed using a Microsoft tool, those signatures can easily be verified with Windows Explorer. @psccox any chance to execute the installer and check whether Windows Defender will then complain about a particular file included in the installer? This would require a somewhat safe, isolated Windows system or just trusting us. |
|
...
|
|
Dear team, I tried downloading 1.27 again and today Windows Defender did not complain. It installed okay. It was definitely a problem last week, downloading from several different browsers. Maybe a glitch in their virus definitions? sorry for the fuss. |
|
Having in mind how "viruses are found" its nothing more than a good guessing. |
You've been compromised.
I tried downloading geany 1.27 for Windows. Windows defender blocked it.
As a hint, look at the file sizes on http://download.geany.org/ for geany-1.27_setup.exe and geany-1.26_setup.exe
The text was updated successfully, but these errors were encountered: