[Instantrails-users] Trojan in Windows Download File -- Psyme.R
Jim Mazdra
jim.mazdra at gmail.com
Sun Jan 8 17:21:07 EST 2006
Bitdefender log follows:
//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.0
//
// Created on: 07/01/2006 19:18:09
//
//-----------------------------------------------------------------
Statistics
Scan path : D:\Documents and Settings\Jim
Mazdra\Desktop\Executables\InstantRails-1.0-final-win.zip
Folders : 0
Files : 19891
Archives : 209
Packed files : 1147
Identified viruses : 1
Infected files : 4
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 4
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 0
Scan time : 00:01:17
Scan speed (files/sec) : 258
Virus definitions : 250844
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[ ] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[X] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: D:\Program
Files\Softwin\BitDefender9\Logs\vscan_1136683089.log
Summary:
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
13) Infected: Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
13) Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb
Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
14) Infected: Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
14) Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb
Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0
/ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem=>data.tar.gz Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack-
1.11.2.gem Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 13) Infected:
Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 13) Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 14) Infected:
Trojan.Psyme.R
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 14) Deleted
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack-
1.11.2/test/template/url_helper_test.rb Update
D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
1.0-final-win.zip Update
On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
>
> I just did a virus scan on Instant Rails using AVG, McAfee, and
> BitDefender (latest versions of each), and it came up clean in all three
> cases. I think this is a false positive.
>
> Curt
>
> On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
> >
> > I've received one report wit McAfee. I thing its a false alarm, but I
> > want to get rid of it just the same. Jim, did it tell you what files?
> >
> > Curt
> >
> > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote:
> > >
> > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:
> > > > Hopefully I am just getting an error from my AV program
> > > (bitdefenderPro
> > > > 9.0).
> > > >
> > > > When unzipping InstantRails-1.0, in directory "
> > > > .../ruby/gems/1.8/cache/actionpack", bitdefender
> > > > reports 4 instances of Trojan.Psyme.R are attemping to install.
> > > >
> > > > Is bitdefender nuts?
> > > > Is rubyn00b nuts?
> > >
> > > I'd say bit defender. I'm getting no errors with McAfee and Norton,
> > > but I have seen in the past cases where they recognised valid ruby /
> > > zip files as having a virus signature. Just whack it over the head :-)
> > >
> > >
> > > Cheers,
> > > Assaph
> > >
> > > _______________________________________________
> > > Instantrails-users mailing list
> > > Instantrails-users at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/instantrails-users
> > >
> >
> >
>
> _______________________________________________
> Instantrails-users mailing list
> Instantrails-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/instantrails-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060108/b9e065b8/attachment-0001.htm
More information about the Instantrails-users
mailing list