Trojan Zlob-7844 in MP setup 1.0 RC2 (1 Viewer)

[John_London]

Currently still running MP 0.2.3.0 RC2

Just downloaded MediaPortal_Setup_1.0_RC2.exe and scanned it with Clam AV results below:

Scan Started Fri Aug 29 20:44:16 2008
-------------------------------------------------------------------------------

C:\MediaPortal_Setup_1.0_RC2.exe: Trojan.Zlob-7844 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 403063
Engine version: 0.93.1
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 60.55 MB
Time: 19.671 sec (0 m 19 s)
--------------------------------------
Completed
--------------------------------------

What shall I do?


TV-Server Version NA:
MediaPortal Version MP 0.2.3.0 RC2:
MediaPortal Skin blue:
Windows Version XP sp3:
CPU Type intel 6600 core2duo:
HDD 2TB various:
Memory 2 GB:
Motherboard Asus PW5 DH Delux :
Video Card ATI 1950 pro 256 mb:
Video Card Driver ATI:
Sound Card Built in Realtek:
Sound Card AC3 Built in:
Sound Card Driver Built in:
TV Card Hauppage Nova T PCI:
TV Card Type DVB:
TV Card Driver Hauppage :
MPEG2 Video Codec default:
MPEG2 Audio Codec default:
h.264 Video Codec ATI:
Satelite/CableTV Provider NA:
HTPC Case Antec Sonata:
Cooling 2x 120cm:
Power Supply 500 watt:
Remote Hauppage :

 

[nfox]

Get some new AV software?

 

[John_London]

It is new and up to date!

 

[ronilse]

Hi,
John_London, where did you download setup from(only valid place should be from sourceforge)?

Regards
Roy

 

[nfox]

...but seems to be finding false positives. I assume you downloaded the install from the MP site (not that I'm aware of anywhere else to get it), so checking it with some other AV software, such as AVG and/or Norton, would give you a better idea of what's going on.

 

[John_London]

I'm reporting in to clam av as a possible false positive. (via ClamAV VirusDB submission)

Reading their forum other installers seem to sometimes generate such results. I'll report back when they have had a look at it.

meantime.

File was downloaded from the SourceForge site, just prior to scanning it. I have also now scanned my entire network and all systems both windows and linux (mainly) and they all report clean.

MediaPortal_Setup_1.0_RC2.exe generates
a MD5 digest of: e3ba3fbfc0fbc19a539c354af00d127a
and
a SAH-1 digest of a0d42635f8765abc57c4d8ef3f2e471a44a4d2cc

(Using digestit 2004)

are these correct?

interestingly windows properties shows "This file came from another computer and might be blocked to protect this computer"

can someone confirm that the file I have is in fact the right one. (it is 22,261,949 bytes long)

 

[ronilse]

Hi,
File it's identical here, AVG & Norton does not report anything when testing here so should be fine.
We have had some reports earlier about nsis installer it's detected as virus & it could be a false this time too......

Regards
Roy

 

[John_London]

Hi, Ronilse

Identical MD5 digests too?

Regards,
John

 

[ronilse]

Hi,
Yup, all identical to what you had (i used digestit 2004 to verify)

Regards
Roy

 

[John_London]

I think my 'panic' is over and I hope that Clam AV updates its lists soon, but this thread will help others, I hope.

Thanks everyone.

John