New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

win32:malware-gen (avast antivirus false-positive?) #58

Closed
zeblau opened this Issue Apr 27, 2015 · 7 comments

Comments

Projects
None yet
4 participants
@zeblau

zeblau commented Apr 27, 2015

Is there a way to know for sure the windows client is not virus infected, e.g. false positive?

@mank319

This comment has been minimized.

Show comment
Hide comment
@mank319

mank319 Apr 27, 2015

Owner

I am going to compile it again and install Avast on my Windows VM that I have set up for the sole purpose of compiling and packaging Go For It! . I have set up a new VM since I built the binaries currently on my download page, so if the old installation was infected by anything, this would be fixed by now. Thanks for reporting - if there was anything wrong, we'd need to fix that as soon as possible!

Owner

mank319 commented Apr 27, 2015

I am going to compile it again and install Avast on my Windows VM that I have set up for the sole purpose of compiling and packaging Go For It! . I have set up a new VM since I built the binaries currently on my download page, so if the old installation was infected by anything, this would be fixed by now. Thanks for reporting - if there was anything wrong, we'd need to fix that as soon as possible!

@mank319

This comment has been minimized.

Show comment
Hide comment
@mank319

mank319 Apr 27, 2015

Owner

You can also compile it with the script winbuild.bat in the windows branch. You need Gtk 3.10 and valac 0.24, which is a pain to install on Windows - but possible.

Owner

mank319 commented Apr 27, 2015

You can also compile it with the script winbuild.bat in the windows branch. You need Gtk 3.10 and valac 0.24, which is a pain to install on Windows - but possible.

@mank319

This comment has been minimized.

Show comment
Hide comment
@mank319

mank319 Apr 27, 2015

Owner

I disabled the Windows download for now, until we got this sorted!

Owner

mank319 commented Apr 27, 2015

I disabled the Windows download for now, until we got this sorted!

@mank319

This comment has been minimized.

Show comment
Hide comment
@mank319

mank319 Apr 28, 2015

Owner

I compiled it again with the newest sources, new GTK release and, as said earlier, on a recently installed VM. Scanning with Avast does not show any suspicious activity.

I have no idea why you have experienced the issue, but it is fixed now! If my old VM was not infected by some sort of malware that attaches itself to binaries, there must be a "harmless" explanation. Maybe the Installer Studio created suspicious patterns of some sort?

I have just composed a blog post to inform users about the incident and about actions to be taken.
Thanks so much for reporting this @zeblau!

By the way: Could you please confirm, that the recent version passes the Avast test on your system too?

Owner

mank319 commented Apr 28, 2015

I compiled it again with the newest sources, new GTK release and, as said earlier, on a recently installed VM. Scanning with Avast does not show any suspicious activity.

I have no idea why you have experienced the issue, but it is fixed now! If my old VM was not infected by some sort of malware that attaches itself to binaries, there must be a "harmless" explanation. Maybe the Installer Studio created suspicious patterns of some sort?

I have just composed a blog post to inform users about the incident and about actions to be taken.
Thanks so much for reporting this @zeblau!

By the way: Could you please confirm, that the recent version passes the Avast test on your system too?

@mank319 mank319 closed this Apr 28, 2015

@zeblau

This comment has been minimized.

Show comment
Hide comment
@zeblau

zeblau Apr 28, 2015

At work we have Symantec Endpoint Protection, which pop-upped saying that the windows build of Go-For-It was "seen" less than 50 times, which makes sense, but otherwise no problems. Now, I scanned with Malwarebytes Anti-malware at work, and there is really no problem here at the moment. So my suspicion is that it is just a false-positive and no worries. I will scan the latest windows build at home with Avast. And let you know.

zeblau commented Apr 28, 2015

At work we have Symantec Endpoint Protection, which pop-upped saying that the windows build of Go-For-It was "seen" less than 50 times, which makes sense, but otherwise no problems. Now, I scanned with Malwarebytes Anti-malware at work, and there is really no problem here at the moment. So my suspicion is that it is just a false-positive and no worries. I will scan the latest windows build at home with Avast. And let you know.

@jamtraks

This comment has been minimized.

Show comment
Hide comment
@jamtraks

jamtraks Sep 2, 2017

my avg anti virus software keeps detecting this "win32:malware-gen" at the end of each launcher download and will not allow openrct to run. I was told that it is a false positive and nothing to worry about, anyone know what this is and why i'm getting this message, is a separate virus/malware injecting or initiating this file, or is this something that is attached to the launcher's download? and if so ... why>?

jamtraks commented Sep 2, 2017

my avg anti virus software keeps detecting this "win32:malware-gen" at the end of each launcher download and will not allow openrct to run. I was told that it is a false positive and nothing to worry about, anyone know what this is and why i'm getting this message, is a separate virus/malware injecting or initiating this file, or is this something that is attached to the launcher's download? and if so ... why>?

@JMoerman

This comment has been minimized.

Show comment
Hide comment
@JMoerman

JMoerman Sep 2, 2017

Collaborator

@jamtraks Did you mean to post here? You're speaking of openrct and a launcher, which doesn't have anything to do with Go For It!.

Collaborator

JMoerman commented Sep 2, 2017

@jamtraks Did you mean to post here? You're speaking of openrct and a launcher, which doesn't have anything to do with Go For It!.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment