[Instantrails-users] Trojan in Windows Download File -- Psyme.R

Jim Mazdra jim.mazdra at gmail.com
Sun Jan 8 17:21:07 EST 2006


Bitdefender log follows:

//-----------------------------------------------------------------
//
//    Product: BitDefender 9 Professional Plus
//    Version: 9.0
//
//    Created on:    07/01/2006    19:18:09
//
//-----------------------------------------------------------------


Statistics

Scan path    : D:\Documents and Settings\Jim
Mazdra\Desktop\Executables\InstantRails-1.0-final-win.zip
Folders    : 0
Files    :  19891
Archives    : 209
Packed files    : 1147
Identified viruses    : 1
Infected files    : 4
Warnings    : 0
Suspect files    : 0
Disinfected files    : 0
Deleted files    : 4
Copied files    : 0
Moved files    : 0
Renamed files    : 0
I/O errors    : 0
Scan time    : 00:01:17
Scan speed (files/sec)    : 258

Virus definitions    : 250844
Scan plugins    : 13
Archive plugins    : 39
Unpack plugins    : 4
Mail plugins    : 6
System plugins    : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[ ] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[X] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: D:\Program
Files\Softwin\BitDefender9\Logs\vscan_1136683089.log


Summary:

D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
13)    Infected: Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
13)    Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb
Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
14)    Infected: Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
14)    Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb
Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar    Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz    Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem    Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip    Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 13)    Infected:
Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 13)    Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb    Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 14)    Infected:
Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 14)    Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb    Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip    Update


On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
>
> I just did a virus scan on Instant Rails using AVG, McAfee, and
> BitDefender (latest versions of each), and it came up clean in all three
> cases. I think this is a false positive.
>
> Curt
>
> On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
> >
> > I've received one report wit McAfee. I thing its a false alarm, but I
> > want to get rid of it just the same. Jim, did it tell you what files?
> >
> > Curt
> >
> > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote:
> > >
> > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:
> > > > Hopefully I am just getting an error from my AV program
> > > (bitdefenderPro
> > > > 9.0).
> > > >
> > > > When unzipping InstantRails-1.0, in directory "
> > > > .../ruby/gems/1.8/cache/actionpack", bitdefender
> > > > reports 4 instances of Trojan.Psyme.R are attemping to install.
> > > >
> > > > Is bitdefender nuts?
> > > > Is rubyn00b nuts?
> > >
> > > I'd say bit defender. I'm getting no errors with McAfee and Norton,
> > > but I have seen in the past cases where they recognised valid ruby /
> > > zip files as having a virus signature. Just whack it over the head :-)
> > >
> > >
> > > Cheers,
> > > Assaph
> > >
> > > _______________________________________________
> > > Instantrails-users mailing list
> > > Instantrails-users at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/instantrails-users
> > >
> >
> >
>
> _______________________________________________
> Instantrails-users mailing list
> Instantrails-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/instantrails-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060108/b9e065b8/attachment-0001.htm


More information about the Instantrails-users mailing list