Delf.AUY Trojan

For topics about current BETA or future releases, including feature requests.

Delf.AUY Trojan

Postby davidl53 » Mon Oct 02, 2006 5:17 pm

When downloading HTMLV 8 Pro Beta 3 from htmlvalidator.com, f-secure alerts me that the download contains the above listed trojan. I aborted the doenload. I tested my machine and it tested clean

I did a full scan of my test machine and it tested clean. I set f-secure on my test machine to allow the install-file to download. Upon executing the install program I again was alerted to the trojan problem.

I scanned the directory where downloaded the install and it was labeled contaminated. I deleted the install program and rescanned and my drive was reported clean.

Is this a contaminated download? Is f-secure being fooled by something in the download?

Thanks
davidl53
Rank 0 - Newcomer
Rank 0 - Newcomer
 
Posts: 7
Joined: Sun Oct 23, 2005 11:39 am

Postby Albert Wiersch » Mon Oct 02, 2006 9:16 pm

I've received a few, but not many, reports of infection. I believe these are all false positives. Any download from htmlvalidator.com should be clean.

I've scanned the files with Norton and they all tested clean.

I ran the install program through here:
http://virusscan.jotti.org/

And that site found no problems.

Please make sure your virus checker/scanner is up-to-date.
Image
Albert Wiersch
User avatar
Albert Wiersch
Site Admin
Site Admin
 
Posts: 2435
Joined: Sat Dec 11, 2004 10:23 am
Location: Near Dallas, TX

Virus warning

Postby NetHawk » Thu Oct 05, 2006 9:19 am

I'm am using the brand new version of AVK 2007 (gdata.de) which is a combination of two virus scanner (Kaspersky and f-secure?). However it also claims that cse80.exe is infected with Trojan.Win32.Delf.sw. I'm confident, that the file is clean and this is a false alarm (I used McAfee and Norton until yesterday, they both didn't complain).

I'm trying to submit the file to Gdata for examination / confirmation and hope they will update their signatures.
NetHawk
Rank 0 - Newcomer
Rank 0 - Newcomer
 
Posts: 3
Joined: Fri Sep 15, 2006 8:21 am

Re: Virus warning

Postby Albert Wiersch » Thu Oct 05, 2006 10:00 am

NetHawk wrote:I'm am using the brand new version of AVK 2007 (gdata.de) which is a combination of two virus scanner (Kaspersky and f-secure?). However it also claims that cse80.exe is infected with Trojan.Win32.Delf.sw. I'm confident, that the file is clean and this is a false alarm (I used McAfee and Norton until yesterday, they both didn't complain).

I'm trying to submit the file to Gdata for examination / confirmation and hope they will update their signatures.


Hi NetHawk,

Thanks for the info. From the reports I've received, I believe I can narrow this down to a problem with Kaspersky. I do hope they get this fixed soon!
Image
Albert Wiersch
User avatar
Albert Wiersch
Site Admin
Site Admin
 
Posts: 2435
Joined: Sat Dec 11, 2004 10:23 am
Location: Near Dallas, TX

Postby Albert Wiersch » Fri Oct 06, 2006 3:26 pm

UPDATE: I have emailed Kaspersky and F-Secure about this false positive as it is affecting a small number of CSE HTML Validator v8.0 users.

Anyone using Kaspersky or F-Secure may get this false positive.
Image
Albert Wiersch
User avatar
Albert Wiersch
Site Admin
Site Admin
 
Posts: 2435
Joined: Sat Dec 11, 2004 10:23 am
Location: Near Dallas, TX

Postby Albert Wiersch » Wed Oct 11, 2006 7:53 am

I did some tests with F-Secure Anti-Virus this morning and didn't have any problems. Can someone confirm that this issue has been resolved by making sure you have the latest definitions and trying to install or run CSE HTML Validator v8.0?
Image
Albert Wiersch
User avatar
Albert Wiersch
Site Admin
Site Admin
 
Posts: 2435
Joined: Sat Dec 11, 2004 10:23 am
Location: Near Dallas, TX

No more false alarms with GDATA (Avast + Kaspersky)

Postby NetHawk » Wed Oct 11, 2006 8:25 am

I can confirm, that with the signatures of today my GDATA antivirus solution does no longer report cse80.exe as infected.

GDATA consists of a Avast and a Kaspersky engine (not f-secure as I claimed earlier). So Kaspersky standalone should be OK too.
NetHawk
Rank 0 - Newcomer
Rank 0 - Newcomer
 
Posts: 3
Joined: Fri Sep 15, 2006 8:21 am

Re: No more false alarms with GDATA (Avast + Kaspersky)

Postby Albert Wiersch » Wed Oct 11, 2006 8:29 am

NetHawk wrote:I can confirm, that with the signatures of today my GDATA antivirus solution does no longer report cse80.exe as infected.

GDATA consists of a Avast and a Kaspersky engine (not f-secure as I claimed earlier). So Kaspersky standalone should be OK too.


Thanks! Good to hear.

I ran cse80.exe through
http://virusscan.jotti.org/

2006-10-11: The above found that Kaspersky is no longer reporting problems, but now Fortinet and Norman Virus Control are. :-(

2006-10-12: The above found nothing in all scanner results for cse80.exe for pro v8.0011.

Looks like virus programs are getting too aggressive.
Image
Albert Wiersch
User avatar
Albert Wiersch
Site Admin
Site Admin
 
Posts: 2435
Joined: Sat Dec 11, 2004 10:23 am
Location: Near Dallas, TX


Return to CSE BETA Talk

Who is online

Users browsing this forum: No registered users and 2 guests