Virus in Xampp developer???

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Virus in Xampp developer???

Postby Galdhrim » 11. September 2008 20:41

Well, I have seen false alarms before, due to false positives.... but this time, there are several AV reporting the presence of a virus in sha256t.exe (part of OpenSSH folder):

From virustotal.com

AntiVir 7.8.1.28 2008.09.11 BDS/Padodor.IL
Authentium 5.1.0.4 2008.09.11 W32/Backdoor.XMA
Avast 4.8.1195.0 2008.09.11 Win32:Trojan-gen {Other}
BitDefender 7.2 2008.09.11 Backdoor.Padodor.IL
F-Prot 4.4.4.56 2008.09.11 W32/Backdoor.XMA
Fortinet 3.113.0.0 2008.09.11 PossibleThreat
GData 19 2008.09.11 Backdoor.Padodor.IL
K7AntiVirus 7.10.452 2008.09.11 Backdoor.Win32.Padodor.IL
McAfee 5382 2008.09.11 Generic BackDoor
Panda 9.0.0.4 2008.09.11 Bck/Webber.BU
Prevx1 V2 2008.09.11 Worm
Rising 20.61.32.00 2008.09.11 Backdoor.Agent.iba
Sunbelt 3.1.1628.1 2008.09.11 Backdoor.Padodor.IL
VBA32 3.12.8.5 2008.09.10 Backdoor.Win32.Padodor.gen
Webwasher-Gateway 6.6.2 2008.09.11 Trojan.Backdoor.Padodor.IL

So... maybe this time it is not a false alarm... can somebody confirm if it is a virus, or a lot of false positives? The advantage of opensource software is it can be checked, compiled, and scanned... but "checking" the code is far beyond my capability.
Galdhrim
 
Posts: 35
Joined: 28. March 2008 05:20

Postby glitzi85 » 11. September 2008 20:53

First you should exactly define what file you have downloaded. I don't know a developer Version of XAMPP as XAMPP is in general for developers. Also there is no SSH shipped with XAMPP and i could not find an OpenSSH folder in my XAMPP.

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim

Postby Galdhrim » 11. September 2008 21:10

Devel Package 1.6.7:
Development Package with Include and Lib-Files from the Apache 2.2.9, MySQL 5.0.51b, PHP 5.2.6 + 4.4.8, OpenSSL 0.9.8h, zlib 1.2.3..

It is in the addons section. I am not sure the use of that package, and the AV warned me about it before I could ask about the subject.
Galdhrim
 
Posts: 35
Joined: 28. March 2008 05:20

Postby glitzi85 » 11. September 2008 21:45

OK, now i got it. Virus Scanner here in the company also deleted the file immediately. ClamAV says the file is clean.

I found some other posts regarding this problem here in forum, they say it is recognised by the signature scanner because the file routines have some compareable functions to trojans which are needed by OpenSSL.

It's already known by OpenSSL: http://www.mail-archive.com/openssl-use ... 43471.html

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 36 guests