Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 16-03-2016, 17:14   #1
Registered User

Join Date: Sep 2010
Location: Puget Sound and San Juan Islands
Boat: Beneteau 423
Posts: 11
Warning - Trojans in S-63 Plugin

Trojans are downloading with the S-63 windows plugin. I have found Spallowz.A!plock and Varpes.M!plock
__________________

__________________
dcan39 is offline   Reply With Quote
Old 16-03-2016, 17:26   #2
Marine Service Provider

Join Date: May 2013
Location: Norway
Posts: 571
Re: Warning - Trojans in S-63 Plugin

Quote:
Originally Posted by dcan39 View Post
Trojans are downloading with the S-63 windows plugin. I have found Spallowz.A!plock and Varpes.M!plock
False positives, well known. please report to your anti virus vendor.
__________________

__________________
petter5 is offline   Reply With Quote
Old 16-03-2016, 17:28   #3
Registered User

Join Date: Feb 2010
Location: On the go. Not in Prague.
Posts: 4,019
Re: Warning - Trojans in S-63 Plugin

dcan39...
Could you share the secret and tell us how you did it? The current analysis of the S63 plugin from opencpn.org is available at https://www.virustotal.com/en/url/fc...is/1458170790/ and https://www.virustotal.com/en/file/5...is/1458170794/

Pavel
__________________
nohal is offline   Reply With Quote
Old 17-03-2016, 02:31   #4
bcn
Registered User

Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 2,768
Re: Warning - Trojans in S-63 Plugin

Quote:
Originally Posted by dcan39 View Post
Trojans are downloading with the S-63 windows plugin. I have found Spallowz.A!plock and Varpes.M!plock
Dcan,

can you please tell us the Windows version and if in this case the warning came from Windows Defender? We have a notice from another W10 user.
We cannot reproduce this on our W8.1 machines.

In case your warning came from the same environment it would be helpful to inform MS about a false positive. The page to start from is here:
https://www.microsoft.com/en-us/secu...on/submit.aspx

Hubert
__________________
bcn is online now   Reply With Quote
Old 17-03-2016, 06:08   #5
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 9,414
Re: Warning - Trojans in S-63 Plugin

I had an uninstall.exe for Opencpn that would open au-.exe and was caught by antivirus. I ended up removing it. We are going to have check SHA more religiously.

Thanks for the website.
__________________
rgleason is online now   Reply With Quote
Old 17-03-2016, 08:35   #6
Registered User

Join Date: Sep 2010
Location: Puget Sound and San Juan Islands
Boat: Beneteau 423
Posts: 11
Re: Warning - Trojans in S-63 Plugin

More info: My Windows version is 10.1511. The executable s63_pi_1.4.0_42_setup.exe was quarantined after updating Windows Defender to definition 1.215.1919.0 (3/16/2016). The S63 executable was on my computer for a number of weeks and passed all previous scans until this latest definition update.
__________________
dcan39 is offline   Reply With Quote
Old 17-03-2016, 08:43   #7
bcn
Registered User

Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 2,768
Re: Warning - Trojans in S-63 Plugin

Interesting:
tested two W10 PCs in the meantime (one as upgrade from 8.1 to W10) and no issues.
The Defender Definition is the same as yours.

You might want to check against the SHA256 hash posted at o-charts.org/downloads
__________________
bcn is online now   Reply With Quote
Old 17-03-2016, 09:13   #8
Registered User

Join Date: Sep 2010
Location: Puget Sound and San Juan Islands
Boat: Beneteau 423
Posts: 11
Re: Warning - Trojans in S-63 Plugin

Downloaded the executable from o-charts.org and trojan was not detected. Tried to download from the official OpenCPN plugins page and executable was quarantined. The infected download was from opencpn.navnux.org
__________________
dcan39 is offline   Reply With Quote
Old 17-03-2016, 09:43   #9
Registered User

Join Date: Feb 2010
Location: On the go. Not in Prague.
Posts: 4,019
Re: Warning - Trojans in S-63 Plugin

dcan39...
The plugin linked from opencpn.org is not infected by anything, as you can see at https://www.virustotal.com/en/file/5...is/1458170794/
It is also not quarantined on my W10 system updated to the same Defender definitions as you have. Could you please post the executable you have somewhere so we can have a look at it?

Thanks

Pavel
__________________
nohal is offline   Reply With Quote
Old 17-03-2016, 09:48   #10
bcn
Registered User

Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 2,768
Re: Warning - Trojans in S-63 Plugin

Pavel..

something is strange here:
we are getting different SHA256 hashes for the two files from the opencpn.org and o-charts.org.
And the file at o-charts has been copied from OCPN.org the first day, so something happened to the file at the plug-in page in the meantime.

Hubert
__________________
bcn is online now   Reply With Quote
Old 17-03-2016, 10:22   #11
Registered User

Join Date: Feb 2010
Location: On the go. Not in Prague.
Posts: 4,019
Re: Warning - Trojans in S-63 Plugin

Hubert...
The current download linked from opencpn.org is from March 2 (And is clean), the one you host on o-charts.org is IMO from February 6 (And is clean as well)
That's why I would like to see the one that's reported infected...

Pavel
__________________
nohal is offline   Reply With Quote
Old 17-03-2016, 11:35   #12
Registered User

Join Date: Oct 2014
Posts: 177
Re: Warning - Trojans in S-63 Plugin

Pavel,

Windows Defender, using the same virus and spyware definition versions (1.215.1919.0) that dcan39 reported, quarantined two OpenCPN beta setup files on my Win 10 system on 04 March 2016. The files are opencpn_4.1.1317_setup.exe and opencpn_4.1.1329_setup. Defender reported that these contain "Trojan: Win32/Varpes.M!plock". I tried to submit these to Microsoft as false positives, but Microsoft rejects the submissions if the files are larger than 10 MB.

I did run the setup files through virustotal.com where both files were reported to have no malware.

Report for "opencpn_4.1.1329_setup.exe"

virustotal.com(opencpn_4.1.1317_setup.exe).pdf

Report for "opencpn_4.1.1329_setup.exe"

virustotal.com(opencpn_4.1.1329_setup.exe).pdf

Paul
__________________
.Paul. is offline   Reply With Quote
Old 20-04-2016, 17:44   #13
Registered User

Join Date: Apr 2016
Posts: 1
Re: Warning - Trojans in S-63 Plugin

I just downloaded 4.2 from
http://opencpn.navnux.org/4.2.0/opencpn_4.2.0_setup.exe

Running Windows 10 w/Defender 1.217.1755.0, I too received the "vap" trojan error. Defender quarantined, so I deleted it. When I downloaded again, Defender deleted it before I could even start the execution. It deleted it before it completed the download with the name change.

Anything happening on the effort to trouble shoot this.
__________________
Seas The Moment is offline   Reply With Quote
Old 20-04-2016, 20:49   #14
Registered User

Join Date: Feb 2010
Location: On the go. Not in Prague.
Posts: 4,019
Re: Warning - Trojans in S-63 Plugin

Seems that all you can do is report a false positive to Microsoft, the download is as clean as it has always been. https://www.virustotal.com/en/url/01...is/1461206834/
__________________

__________________
nohal is offline   Reply With Quote
Reply

Tags
plug

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Are Trojans that much better? kbudd Electrical: Batteries, Generators & Solar 49 09-08-2015 16:31
seeking "smallish" battery boxes for my Trojans jimbim Electrical: Batteries, Generators & Solar 8 07-04-2014 14:26
Troubled Trojans Namoian Electrical: Batteries, Generators & Solar 15 27-09-2010 06:39
Adding new Trojans Islandmike Electrical: Batteries, Generators & Solar 4 29-12-2006 18:10



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 13:33.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.