Differences between revisions 1 and 12 (spanning 11 versions)
Revision 1 as of 2015-01-14 21:28:19
Size: 599
Editor: ?ilgiz
Comment:
Revision 12 as of 2021-09-01 03:15:33
Size: 1743
Editor: PaulWise
Comment: cleanup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
## page was renamed from DebianInstaller/Loader/Discussion
{{{#!wiki important
It is common for virus scanners to report false positives with win32-loader.exe because it uses the [[https://nsis.sourceforge.io/Builtin_NSISdl_plug-in|NSISdl plugin]] from [[DebianPackage:nsis|NSIS]] which is often also used by malware writers. Incompetent anti-virus authors mistake NSISdl for being part of the malware and then report it as being the virus instead of the other parts of the malware. Below are some examples of the resulting false positives.
}}}
Line 3: Line 8:
Symantec antivirus considered win32-loader.exe infected with Trojan.ADH.SMH, Symantec antivirus considered win32-loader.exe infected with Trojan.ADH.SMH:
Line 5: Line 11:
http://http.debian.net/debian/tools/win32-loader/stable/win32-loader.exe https://deb.debian.org/debian/tools/win32-loader/stable/win32-loader.exe
Line 19: Line 25:
~~~
-- [[ilgiz]] <<DateTime(2015-01-14T17:28:18-0400)>> <<DateTime(2015-01-14T17:28:18-0400)>>
-- [[ilgiz]] <<DateTime(2015-01-14T17:30:33-0400)>>

 * My online scan of the file showed 4 scanners detecting a security issue in the file:

{{{
McAfee-Gateway 906 ms Aug 15 2014 (More than 21 weeks ago) Artemis!37A1016D0D97

DrWebGateway 2501 ms Aug 15 2014 (More than 21 weeks ago) Tool.Vpatch.2

Symantec 2859 ms Aug 14 2014 (More than 21 weeks ago) Trojan.ADH.SMH

Norman 1172 ms Aug 14 2014 (More than 21 weeks ago) winpe/Suspicious_Gen4.GUKNW
}}}

  https://www.metascan-online.com/en/scanresult/file/cef4b16c0c004bc2ad8568c5cd122c21
  -- [[ilgiz]]

== Windows 7 ==

A unetbootin project worked on Windows 7:

https://launchpad.net/unetbootin

-- [[ilgiz]]

It is common for virus scanners to report false positives with win32-loader.exe because it uses the NSISdl plugin from NSIS which is often also used by malware writers. Incompetent anti-virus authors mistake NSISdl for being part of the malware and then report it as being the virus instead of the other parts of the malware. Below are some examples of the resulting false positives.

Suspected virus in win32-loader.exe

Symantec antivirus considered win32-loader.exe infected with Trojan.ADH.SMH:

https://deb.debian.org/debian/tools/win32-loader/stable/win32-loader.exe


Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Trojan.ADH.SMH
File: C:\Users\XXX\Downloads\win32-loader.exe
Location: Unknown Storage
Computer: YYY
User: XXX
Action taken: Cleaned by Deletion
Date found: Wednesday, January 14, 2015  12:31:00 PM

-- ?ilgiz 2015-01-14 21:30:33

  • My online scan of the file showed 4 scanners detecting a security issue in the file:

McAfee-Gateway  906 ms  Aug 15 2014 (More than 21 weeks ago)    Artemis!37A1016D0D97

DrWebGateway    2501 ms Aug 15 2014 (More than 21 weeks ago)    Tool.Vpatch.2

Symantec        2859 ms Aug 14 2014 (More than 21 weeks ago)    Trojan.ADH.SMH

Norman  1172 ms Aug 14 2014 (More than 21 weeks ago)    winpe/Suspicious_Gen4.GUKNW

Windows 7

A unetbootin project worked on Windows 7:

https://launchpad.net/unetbootin

-- ?ilgiz