Apache Friends Support Forum


https://community.apachefriends.org/f/

Virus in Xampp developer???

https://community.apachefriends.org/f/viewtopic.php?f=16&t=31170

Page 1 of 1

Virus in Xampp developer???

PostPosted: 11. September 2008 20:41
by Galdhrim
Well, I have seen false alarms before, due to false positives.... but this time, there are several AV reporting the presence of a virus in sha256t.exe (part of OpenSSH folder):

From virustotal.com

AntiVir 7.8.1.28 2008.09.11 BDS/Padodor.IL
Authentium 5.1.0.4 2008.09.11 W32/Backdoor.XMA
Avast 4.8.1195.0 2008.09.11 Win32:Trojan-gen {Other}
BitDefender 7.2 2008.09.11 Backdoor.Padodor.IL
F-Prot 4.4.4.56 2008.09.11 W32/Backdoor.XMA
Fortinet 3.113.0.0 2008.09.11 PossibleThreat
GData 19 2008.09.11 Backdoor.Padodor.IL
K7AntiVirus 7.10.452 2008.09.11 Backdoor.Win32.Padodor.IL
McAfee 5382 2008.09.11 Generic BackDoor
Panda 9.0.0.4 2008.09.11 Bck/Webber.BU
Prevx1 V2 2008.09.11 Worm
Rising 20.61.32.00 2008.09.11 Backdoor.Agent.iba
Sunbelt 3.1.1628.1 2008.09.11 Backdoor.Padodor.IL
VBA32 3.12.8.5 2008.09.10 Backdoor.Win32.Padodor.gen
Webwasher-Gateway 6.6.2 2008.09.11 Trojan.Backdoor.Padodor.IL

So... maybe this time it is not a false alarm... can somebody confirm if it is a virus, or a lot of false positives? The advantage of opensource software is it can be checked, compiled, and scanned... but "checking" the code is far beyond my capability.

PostPosted: 11. September 2008 20:53
by glitzi85
First you should exactly define what file you have downloaded. I don't know a developer Version of XAMPP as XAMPP is in general for developers. Also there is no SSH shipped with XAMPP and i could not find an OpenSSH folder in my XAMPP.

glitzi

PostPosted: 11. September 2008 21:10
by Galdhrim
Devel Package 1.6.7:
Development Package with Include and Lib-Files from the Apache 2.2.9, MySQL 5.0.51b, PHP 5.2.6 + 4.4.8, OpenSSL 0.9.8h, zlib 1.2.3..

It is in the addons section. I am not sure the use of that package, and the AV warned me about it before I could ask about the subject.

PostPosted: 11. September 2008 21:45
by glitzi85
OK, now i got it. Virus Scanner here in the company also deleted the file immediately. ClamAV says the file is clean.

I found some other posts regarding this problem here in forum, they say it is recognised by the signature scanner because the file routines have some compareable functions to trojans which are needed by OpenSSL.

It's already known by OpenSSL: http://www.mail-archive.com/openssl-use ... 43471.html

glitzi
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/