|
16-03-2016, 16:14
|
#1
|
Registered User
Join Date: Sep 2010
Location: Puget Sound and San Juan Islands
Boat: Beneteau 423
Posts: 11
|
Warning - Trojans in S-63 Plugin
Trojans are downloading with the S-63 windows plugin. I have found Spallowz.A!plock and Varpes.M!plock
|
|
|
16-03-2016, 16:26
|
#2
|
Marine Service Provider
Join Date: May 2013
Location: Norway
Posts: 719
|
Re: Warning - Trojans in S-63 Plugin
Quote:
Originally Posted by dcan39
Trojans are downloading with the S-63 windows plugin. I have found Spallowz.A!plock and Varpes.M!plock
|
False positives, well known. please report to your anti virus vendor.
|
|
|
17-03-2016, 01:31
|
#4
|
Registered User
Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 4,683
|
Re: Warning - Trojans in S-63 Plugin
Quote:
Originally Posted by dcan39
Trojans are downloading with the S-63 windows plugin. I have found Spallowz.A!plock and Varpes.M!plock
|
Dcan,
can you please tell us the Windows version and if in this case the warning came from Windows Defender? We have a notice from another W10 user.
We cannot reproduce this on our W8.1 machines.
In case your warning came from the same environment it would be helpful to inform MS about a false positive. The page to start from is here:
https://www.microsoft.com/en-us/secu...on/submit.aspx
Hubert
|
|
|
17-03-2016, 05:08
|
#5
|
Registered User
Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 17,494
|
Re: Warning - Trojans in S-63 Plugin
I had an uninstall.exe for Opencpn that would open au-.exe and was caught by antivirus. I ended up removing it. We are going to have check SHA more religiously.
Thanks for the website.
|
|
|
17-03-2016, 07:35
|
#6
|
Registered User
Join Date: Sep 2010
Location: Puget Sound and San Juan Islands
Boat: Beneteau 423
Posts: 11
|
Re: Warning - Trojans in S-63 Plugin
More info: My Windows version is 10.1511. The executable s63_pi_1.4.0_42_setup.exe was quarantined after updating Windows Defender to definition 1.215.1919.0 (3/16/2016). The S63 executable was on my computer for a number of weeks and passed all previous scans until this latest definition update.
|
|
|
17-03-2016, 07:43
|
#7
|
Registered User
Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 4,683
|
Re: Warning - Trojans in S-63 Plugin
Interesting:
tested two W10 PCs in the meantime (one as upgrade from 8.1 to W10) and no issues.
The Defender Definition is the same as yours.
You might want to check against the SHA256 hash posted at o-charts.org/downloads
|
|
|
17-03-2016, 08:13
|
#8
|
Registered User
Join Date: Sep 2010
Location: Puget Sound and San Juan Islands
Boat: Beneteau 423
Posts: 11
|
Re: Warning - Trojans in S-63 Plugin
Downloaded the executable from o-charts.org and trojan was not detected. Tried to download from the official OpenCPN plugins page and executable was quarantined. The infected download was from opencpn.navnux.org
|
|
|
17-03-2016, 08:43
|
#9
|
Registered User
Join Date: Feb 2010
Location: Tierra del Fuego
Boat: Phantom 19
Posts: 6,145
|
Re: Warning - Trojans in S-63 Plugin
dcan39...
The plugin linked from opencpn.org is not infected by anything, as you can see at https://www.virustotal.com/en/file/5...is/1458170794/
It is also not quarantined on my W10 system updated to the same Defender definitions as you have. Could you please post the executable you have somewhere so we can have a look at it?
Thanks
Pavel
|
|
|
17-03-2016, 08:48
|
#10
|
Registered User
Join Date: May 2011
Location: underway whenever possible
Boat: Rangeboat 39
Posts: 4,683
|
Re: Warning - Trojans in S-63 Plugin
Pavel..
something is strange here:
we are getting different SHA256 hashes for the two files from the opencpn.org and o-charts.org.
And the file at o-charts has been copied from OCPN.org the first day, so something happened to the file at the plug-in page in the meantime.
Hubert
|
|
|
17-03-2016, 09:22
|
#11
|
Registered User
Join Date: Feb 2010
Location: Tierra del Fuego
Boat: Phantom 19
Posts: 6,145
|
Re: Warning - Trojans in S-63 Plugin
Hubert...
The current download linked from opencpn.org is from March 2 (And is clean), the one you host on o-charts.org is IMO from February 6 (And is clean as well)
That's why I would like to see the one that's reported infected...
Pavel
|
|
|
17-03-2016, 10:35
|
#12
|
Registered User
Join Date: Oct 2014
Posts: 274
|
Re: Warning - Trojans in S-63 Plugin
Pavel,
Windows Defender, using the same virus and spyware definition versions (1.215.1919.0) that dcan39 reported, quarantined two OpenCPN beta setup files on my Win 10 system on 04 March 2016. The files are opencpn_4.1.1317_setup.exe and opencpn_4.1.1329_setup. Defender reported that these contain "Trojan: Win32/Varpes.M!plock". I tried to submit these to Microsoft as false positives, but Microsoft rejects the submissions if the files are larger than 10 MB.
I did run the setup files through virustotal.com where both files were reported to have no malware.
Report for "opencpn_4.1.1329_setup.exe"
virustotal.com(opencpn_4.1.1317_setup.exe).pdf
Report for "opencpn_4.1.1329_setup.exe"
virustotal.com(opencpn_4.1.1329_setup.exe).pdf
Paul
|
|
|
20-04-2016, 16:44
|
#13
|
Registered User
Join Date: Apr 2016
Location: Pacific Panama
Boat: Beneteau 473
Posts: 46
|
Re: Warning - Trojans in S-63 Plugin
I just downloaded 4.2 from
http://opencpn.navnux.org/4.2.0/opencpn_4.2.0_setup.exe
Running Windows 10 w/Defender 1.217.1755.0, I too received the "vap" trojan error. Defender quarantined, so I deleted it. When I downloaded again, Defender deleted it before I could even start the execution. It deleted it before it completed the download with the name change.
Anything happening on the effort to trouble shoot this.
|
|
|
20-04-2016, 19:49
|
#14
|
Registered User
Join Date: Feb 2010
Location: Tierra del Fuego
Boat: Phantom 19
Posts: 6,145
|
Re: Warning - Trojans in S-63 Plugin
Seems that all you can do is report a false positive to Microsoft, the download is as clean as it has always been. https://www.virustotal.com/en/url/01...is/1461206834/
|
|
|
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Advertise Here
Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
Vendor Spotlight |
|
|
|