Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 20-04-2016, 19:11   #1
Registered User

Join Date: Mar 2014
Posts: 5
Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defender

Windows 10 Defender (up to date) blocked my attempt to install OpenCPN from OpenCPN.org a few minutes ago, identifying opencpn_4.2.0_setup.exe as the location of the problem, and Trojan Varpes.M!cl as the exact malware.

I did a full scan, reboot, and re-downloaded the file, getting the exact same result.

Here's the download link I used (from the opencpn.org site):

http://opencpn.navnux.org/4.2.0/opencpn_4.2.0_setup.exe

Here's the virus description:

https://www.microsoft.com/security/p...ID=-2147258324

I'm guessing this isn't a false alarm, but I am setting up a computer and installing other software, so it's possible this came from a different install. (Not sure where to post it to bring it to the attention of the powers that be, so I created this thread.)

Brad
__________________

__________________
bjbest is offline   Reply With Quote
Old 20-04-2016, 19:47   #2
Marine Service Provider
 
bdbcat's Avatar

Join Date: Mar 2008
Posts: 4,878
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Brad...

Probably a false positive. The MD5 sum of the download whose URL you provided matches that of the archived original distribution, so I doubt the CDN copy has been tampered with. We have received no other indications of virus infection on this image after many thousands of current installations.

Code:
$ md5sum opencpn_4.2.0_setup.exe
e68d6f7fdf304bbf8107ca9a1f0ce923  opencpn_4.2.0_setup.exe
Thanks for checking, though, and keeping us on our toes. Malicious people will not go away on their own. We must be vigilant.

Dave
__________________

__________________
bdbcat is offline   Reply With Quote
Old 20-04-2016, 23:43   #3
bcn
Registered User

Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 2,753
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

To help it would be interesting to report a "false positive" to Microsoft
__________________
bcn is online now   Reply With Quote
Old 21-06-2016, 16:10   #4
Registered User

Join Date: Jan 2016
Posts: 1
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

I just got the exact same thing on my install.
__________________
chrisnmandy is offline   Reply With Quote
Old 21-06-2016, 18:05   #5
Senior Cruiser
 
Opie91's Avatar

Join Date: Apr 2009
Location: CT
Boat: C&C 34
Posts: 811
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Same thing here on 4.4
__________________
Opie91 is offline   Reply With Quote
Old 28-06-2016, 15:05   #6
Registered User

Join Date: Dec 2015
Posts: 1
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Yeah, same thing here. Maybe the image needs to be submitted for review or something to MS? How do you resolve a false positive?
__________________
dbdb is offline   Reply With Quote
Old 28-06-2016, 16:09   #7
Registered User
 
boat_alexandra's Avatar

Join Date: Aug 2009
Location: Masachusetts
Boat: bristol 27
Posts: 2,803
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

maybe just change the program slightly to get a different md5sum?
__________________
boat_alexandra is offline   Reply With Quote
Old 02-07-2016, 09:28   #8
Registered User
 
Franziska's Avatar

Join Date: Mar 2011
Location: Harlingen, The Netherlands
Boat: Woods Mira 35 Catamaran
Posts: 513
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Same here. Interesting enough I did not have the issue 3days ago.

Sent from my D5503 using Cruisers Sailing Forum mobile app
Franziska is offline   Reply With Quote
Old 02-07-2016, 10:10   #9
Registered User

Join Date: Nov 2015
Location: Ireland
Posts: 159
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

I installed 4.4 when it first came out and got no warning. I then uninstalled 4.4 and reinstalled 4.2. Last night I installed 4.4 again and did get the warning. Windows 10, fully updated in both cases.


Sent from my iPhone using Cruisers Sailing Forum
__________________
AedanC is offline   Reply With Quote
Old 02-07-2016, 16:44   #10
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 9,320
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Try scanning it with vieustotal.com and post the SHA here. I will then scan it.
__________________
rgleason is offline   Reply With Quote
Old 02-07-2016, 16:44   #11
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 9,320
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Sorry virustotal.com
__________________
rgleason is offline   Reply With Quote
Old 04-07-2016, 02:52   #12
Registered User

Join Date: Nov 2015
Location: Ireland
Posts: 159
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Quote:
Originally Posted by rgleason View Post
Try scanning it with vieustotal.com and post the SHA here. I will then scan it.
I went to do this just now but decided to scan it again with Windows Defender first, just to make sure the problem was still there. Nothing was reported, so I downloaded V4.4 again and this time there were no warnings. Hopefully this means that Windows Defender has updated itself in the meantime and the problem has gone away.
__________________
AedanC is offline   Reply With Quote
Old 04-07-2016, 05:06   #13
Registered User

Join Date: Jul 2016
Posts: 7
Thumbs up Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

I had the same problem with 4.4.0 and Windows 10 Defender. Even though virustotal.com said "Microsoft" does not detect it. It is unclear what they mean with "Microsoft" because MS has several antimalware products.

I tried to submit it as a false positive (this is an option under Help in Windows Defender), but they have an upload limit of only 10 MB and this one is 23 MB. You cannot submit something without uploading at least 1 file, so I uploaded a README.TXT with explanation and a link to the opencpn_4.4.0_setup.exe. This morning I got a report: they had scanned my README.TXT and it did not contain any malware. There are a lot of smilies next to this editor window, but not one with smoke coming out of its ears.....

The good news is that as of definitions 1.225.370.0 opencpn_4.4.0_setup.exe is not detected as malware anymore.
__________________
willemb2 is offline   Reply With Quote
Old 04-07-2016, 06:33   #14
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 9,320
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

From my cell phone I just checked the win v4.4 download file by going to opencpn download link, pressing the link and selecting copy url from the popup. Then going to virustotal selecting url and pasting in the url of the download file. Then enter and wait for the result.
Here is the result:
SHA256: fe2711422821589855c122489686072bcf0eccb8bc9efbf734 6c3c539e5a42ff
File name: opencpn_4.4.0_setup.exe
Detection ratio: 0 / 53
Analysis date: 2016-07-03 23:46:07 UTC ( 12 hours, 39 minutes ago )

I think the download path you were using had a rogue server that was malicious and changed the file OR it was a false positive.
What this exercise illustrates is that you can even check a file remotely without ever downloading it an risking infection. You can even do this from your cell phone!
__________________
rgleason is offline   Reply With Quote
Old 05-07-2016, 05:21   #15
Registered User

Join Date: Jul 2016
Posts: 7
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend

Yesterday I wrote:

Quote:
Originally Posted by willemb2 View Post
The good news is that as of definitions 1.225.370.0 opencpn_4.4.0_setup.exe is not detected as malware anymore.
Today I received an email from Microsoft Malware Protection Center with a confirmation that the new definitions were issued to fix this false positive and apologies for the inconvenience.
__________________

__________________
willemb2 is offline   Reply With Quote
Reply

Tags
fender, open cpn, wind

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
win 8 and open cpn dipage OpenCPN 7 17-02-2013 14:08
Open CPN Win 7 franksingleton OpenCPN 9 19-05-2011 04:40
Open CPN and Windows CE rontom OpenCPN 0 30-11-2010 20:10
Open CPN and 64 bit Windows 7 rappjeffrey OpenCPN 2 24-11-2010 13:38
Open CPN for Windows 7 elleandi355 OpenCPN 3 09-09-2010 16:19



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 07:54.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.