|
20-04-2016, 18:11
|
#1
|
Registered User
Join Date: Mar 2014
Posts: 5
|
Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defender
Windows 10 Defender (up to date) blocked my attempt to install OpenCPN from OpenCPN.org a few minutes ago, identifying opencpn_4.2.0_setup.exe as the location of the problem, and Trojan Varpes.M!cl as the exact malware.
I did a full scan, reboot, and re-downloaded the file, getting the exact same result.
Here's the download link I used (from the opencpn.org site):
http://opencpn.navnux.org/4.2.0/opencpn_4.2.0_setup.exe
Here's the virus description:
https://www.microsoft.com/security/p...ID=-2147258324
I'm guessing this isn't a false alarm, but I am setting up a computer and installing other software, so it's possible this came from a different install. (Not sure where to post it to bring it to the attention of the powers that be, so I created this thread.)
Brad
|
|
|
20-04-2016, 18:47
|
#2
|
Marine Service Provider
Join Date: Mar 2008
Posts: 7,404
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Brad...
Probably a false positive. The MD5 sum of the download whose URL you provided matches that of the archived original distribution, so I doubt the CDN copy has been tampered with. We have received no other indications of virus infection on this image after many thousands of current installations.
Code:
$ md5sum opencpn_4.2.0_setup.exe
e68d6f7fdf304bbf8107ca9a1f0ce923 opencpn_4.2.0_setup.exe
Thanks for checking, though, and keeping us on our toes. Malicious people will not go away on their own. We must be vigilant.
Dave
|
|
|
20-04-2016, 22:43
|
#3
|
Registered User
Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 4,751
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
To help it would be interesting to report a "false positive" to Microsoft
|
|
|
21-06-2016, 15:10
|
#4
|
Registered User
Join Date: Jan 2016
Posts: 1
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
I just got the exact same thing on my install.
|
|
|
21-06-2016, 17:05
|
#5
|
Registered User
Join Date: Apr 2009
Location: CT
Boat: C&C 34
Posts: 1,052
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Same thing here on 4.4
|
|
|
28-06-2016, 14:05
|
#6
|
Registered User
Join Date: Dec 2015
Posts: 1
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Yeah, same thing here. Maybe the image needs to be submitted for review or something to MS? How do you resolve a false positive?
|
|
|
28-06-2016, 15:09
|
#7
|
Registered User
Join Date: Aug 2009
Location: oriental
Boat: crowther trimaran 33
Posts: 4,418
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
maybe just change the program slightly to get a different md5sum?
|
|
|
02-07-2016, 08:28
|
#8
|
Registered User
Join Date: Mar 2011
Location: Panschwitz, Germany
Boat: Woods Mira 35 Catamaran
Posts: 4,273
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Same here. Interesting enough I did not have the issue 3days ago.
Sent from my D5503 using Cruisers Sailing Forum mobile app
|
|
|
02-07-2016, 09:10
|
#9
|
Registered User
Join Date: Nov 2015
Location: Ireland
Posts: 468
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
I installed 4.4 when it first came out and got no warning. I then uninstalled 4.4 and reinstalled 4.2. Last night I installed 4.4 again and did get the warning. Windows 10, fully updated in both cases.
Sent from my iPhone using Cruisers Sailing Forum
|
|
|
02-07-2016, 15:44
|
#10
|
Registered User
Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 17,650
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Try scanning it with vieustotal.com and post the SHA here. I will then scan it.
|
|
|
02-07-2016, 15:44
|
#11
|
Registered User
Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 17,650
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Sorry virustotal.com
|
|
|
04-07-2016, 01:52
|
#12
|
Registered User
Join Date: Nov 2015
Location: Ireland
Posts: 468
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Quote:
Originally Posted by rgleason
Try scanning it with vieustotal.com and post the SHA here. I will then scan it.
|
I went to do this just now but decided to scan it again with Windows Defender first, just to make sure the problem was still there. Nothing was reported, so I downloaded V4.4 again and this time there were no warnings. Hopefully this means that Windows Defender has updated itself in the meantime and the problem has gone away.
|
|
|
04-07-2016, 04:06
|
#13
|
Registered User
Join Date: Jul 2016
Posts: 7
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
I had the same problem with 4.4.0 and Windows 10 Defender. Even though virustotal.com said "Microsoft" does not detect it. It is unclear what they mean with "Microsoft" because MS has several antimalware products.
I tried to submit it as a false positive (this is an option under Help in Windows Defender), but they have an upload limit of only 10 MB and this one is 23 MB. You cannot submit something without uploading at least 1 file, so I uploaded a README.TXT with explanation and a link to the opencpn_4.4.0_setup.exe. This morning I got a report: they had scanned my README.TXT and it did not contain any malware. There are a lot of smilies next to this editor window, but not one with smoke coming out of its ears.....
The good news is that as of definitions 1.225.370.0 opencpn_4.4.0_setup.exe is not detected as malware anymore.
|
|
|
04-07-2016, 05:33
|
#14
|
Registered User
Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 17,650
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
From my cell phone I just checked the win v4.4 download file by going to opencpn download link, pressing the link and selecting copy url from the popup. Then going to virustotal selecting url and pasting in the url of the download file. Then enter and wait for the result.
Here is the result:
SHA256: fe2711422821589855c122489686072bcf0eccb8bc9efbf734 6c3c539e5a42ff
File name: opencpn_4.4.0_setup.exe
Detection ratio: 0 / 53
Analysis date: 2016-07-03 23:46:07 UTC ( 12 hours, 39 minutes ago )
I think the download path you were using had a rogue server that was malicious and changed the file OR it was a false positive.
What this exercise illustrates is that you can even check a file remotely without ever downloading it an risking infection. You can even do this from your cell phone!
|
|
|
05-07-2016, 04:21
|
#15
|
Registered User
Join Date: Jul 2016
Posts: 7
|
Re: Open CPN 4.2 for Windows flaggged as containing Trojan: Varpes.M!cl by Win Defend
Yesterday I wrote:
Quote:
Originally Posted by willemb2
The good news is that as of definitions 1.225.370.0 opencpn_4.4.0_setup.exe is not detected as malware anymore.
|
Today I received an email from Microsoft Malware Protection Center with a confirmation that the new definitions were issued to fix this false positive and apologies for the inconvenience.
|
|
|
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Advertise Here
Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
Vendor Spotlight |
|
|
|
|
|