GPSFileDepot Forums

General Category => Map Making Support => Topic started by: smith on January 18, 2009, 08:35:31 AM

Title: Trojan found by Bit Defender in NSIS
Post by: smith on January 18, 2009, 08:35:31 AM
Not sure why? Haven't used NSIS yet.  I installed NSIS on 1/4/09 and Bit defender scans every night.  Here's some info from the log file:


Resolved issues:Object Name Threat Name Final Status
C:\Program Files\NSIS\Stubs\lzma_solid Trojan.Generic.1328988 Deleted
C:\Program Files\NSIS\uninst-nsis.exe Trojan.Generic.1328988 Deleted
C:\RECYCLER\S-1-5-21-357464061-516276246-1282138258-1007\Dc22.exe Trojan.Generic.1328988 Deleted
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2237\A0108544.exe Trojan.Generic.1328988 Deleted
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2237\A0108545.exe Trojan.Generic.1328988 Deleted



Title: Re: Trojan found by Bit Defender in NSIS
Post by: krellor on January 18, 2009, 08:45:37 AM
If you downloaded form sourceforge than it is very unlikely that it is a real virus/trojan.  Most likely it is a false positive by your av software.  The following is a link to a list of av software that has been known to give a false positive when scanning NSIS.  Bitdefender is number 20 on the list.

http://nsis.sourceforge.net/NSIS_False_Positives

Lots of software gets incorrectly called a virus by av software, and as long as you downloaded it from a reputable place, you should be fine.
Title: Re: Trojan found by Bit Defender in NSIS
Post by: smith on January 18, 2009, 09:16:42 AM
I don't understand why it got fingered last night.  It's been installed on my computer for 2 weeks.  I did install the free version of Google Earth yesterday.  And looking at my browsing history from yesterday, It's pretty pedestrian.  I'd think that if something was determined to be a threat t would have happened 2 weeks ago.  Unless those hourly updates for BitDefender recently included NSIS.
???
Title: Re: Trojan found by Bit Defender in NSIS
Post by: krellor on January 18, 2009, 10:51:03 AM
It can be hard to understand sometimes why and when antivirus software picks up on something, because of the secrecy around the products.  They don't exactly talk about how their software works.  :)  For example, I put JohntheRipper on one of my computers recently and it took the Norton about 2 weeks to flag it as a virus (a false positive).  It could be that bitdefender does incremental background system scans and only found it after two weeks.  Often times av software won't find something until it is in use, or if it gets scanned on its way onto the system, such as email scans or download scans.  It is possible that NSIS was packaged in a way that bit defender couldn't scan it well on its way in, so only caught it during a system scan later.  Also realize that these AV software companies pad the number of "viruses" that they can find by adding software that isn't really a virus (such as johntheripper) to their lists.  They will also lock onto software that behaves in a certain way, such as creating a bunch of process hooks, etc...

Anyway, I wouldn't worry about it.  It is probably just a false positive.  I would re-install it from sourceforge and then tell bit defender to leave it alone.
Title: Re: Trojan found by Bit Defender in NSIS
Post by: -Oz- on January 18, 2009, 08:55:23 PM
I have nod32; its honestly the best out there and it never flagged it.  I wouldn't worry. I had norton delete a program I made because it was "a virus" when obviously it wasn't since I had programmed it.