[OctDev] my virusscanner found a Worm in octave.exe
Michael Goffioul
michael.goffioul at gmail.com
Sat Jun 21 08:42:15 CDT 2008
I'm a little bit puzzled by these results. I scanned octave.exe through
http://virscan.org and only 2 (out of 36) AV detected the Zhelatin worm:
Antivir and Ikarus. From user reports, the previous 3.0.0 version also
has the same problem, but this release dates back from December 2007
and has been downloaded more than 70,000 times. Is it imaginable that
a worm was present at that time and that nobody detected it during
6 months...? All this makes me think there's a higher probability that
this is a false positive detection.
Michael.
On Fri, Jun 20, 2008 at 10:55 PM, scott carter nk <scott at nklab.com> wrote:
>
> I found it in 3.0.0 and 3.0.1 with Avira AntiVir, but only with the latest
> VDFs (7.0.4.218 and 7.0.4.232).
> Files that are detected are all in /bin: octave.exe, octave-3.0.0.exe, and
> octave-3.0.1.exe
> For me the installer itself (octave-3.0.1-setup.exe and
> octave-3.0.0-setup.exe) do not trigger a detection.
> I found several copies at what was apparently a Trojan dropper which had the
> same virus signature detection at several points in my System Restore
> checkpoint files, all created since I installed 3.0.0 (but some older than
> my installation of 3.0.1)
>
> Note - neither Symantec nor Trend Micro (web-based scan versions of each)
> report a detection.
>
> Note: installing from the VS2008 installer (octave-3.0.1-vs2008-setup.exe) I
> do not repeat not get any detections.
More information about the Octave-maintainers
mailing list