[Instantrails-users] Trojan in Windows Download File -- Psyme.R

Curt Hibbs curt.hibbs at gmail.com
Sun Jan 8 18:52:22 EST 2006


I scanned the unzipped directory tree, but it looks like you scanned the zip
file itself. I don't know why that should make a difference.

Curt

On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:
>
> Bitdefender log follows:
>
> //-----------------------------------------------------------------
> //
> //    Product: BitDefender 9 Professional Plus
> //    Version: 9.0
> //
> //    Created on:    07/01/2006    19:18:09
> //
> //-----------------------------------------------------------------
>
>
> Statistics
>
> Scan path    : D:\Documents and Settings\Jim
> Mazdra\Desktop\Executables\InstantRails-1.0-final-win.zip
> Folders    : 0
> Files    :  19891
> Archives    : 209
> Packed files    : 1147
> Identified viruses    : 1
> Infected files    : 4
> Warnings    : 0
> Suspect files    : 0
> Disinfected files    : 0
> Deleted files    : 4
> Copied files    : 0
> Moved files    : 0
> Renamed files    : 0
> I/O errors    : 0
> Scan time    : 00:01:17
> Scan speed (files/sec)    : 258
>
> Virus definitions    : 250844
> Scan plugins    : 13
> Archive plugins    : 39
> Unpack plugins    : 4
> Mail plugins    : 6
> System plugins    : 1
>
> Scan options
>
> Detection
> [X] Scan boot sectors
> [X] Scan archives
> [X] Scan packed files
> [X] Scan email
>
> File mask
> [ ] Programs
> [X] All files
> [ ] User defined extensions:
> [ ] Exclude extensions: ;
>
> Action
>
> Infected objects
> [ ] Ignore
> [ ] Disinfect
> [ ] Delete
> [ ] Copy to quarantine
> [ ] Move to quarantine
> [ ] Rename
> [X] Prompt user
>
> Second action
> [ ] Ignore
> [ ] Delete
> [ ] Copy to quarantine
> [ ] Move to quarantine
> [ ] Rename
> [ ] Prompt user
>
> Scan options
> [X] Enable warnings
> [X] Enable heuristics
> [ ] Show all files in log
> [X] Report file: D:\Program
> Files\Softwin\BitDefender9\Logs\vscan_1136683089.log
>
>
> Summary:
>
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
> 13)    Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
> 13)    Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb    Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz= >
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
> 14)    Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 14)    Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem= >data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb
> Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar     Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz    Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem    Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip    Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 13)    Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 13)    Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb
> Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=> InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 14)    Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 14)    Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb
> Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip    Update
>
>
> On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
> >
> > I just did a virus scan on Instant Rails using AVG, McAfee, and
> > BitDefender (latest versions of each), and it came up clean in all three
> > cases. I think this is a false positive.
> >
> > Curt
> >
> > On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
> > >
> > > I've received one report wit McAfee. I thing its a false alarm, but I
> > > want to get rid of it just the same. Jim, did it tell you what files?
> > >
> > > Curt
> > >
> > > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote:
> > > >
> > > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:
> > > > > Hopefully I am just getting an error from my AV program
> > > > (bitdefenderPro
> > > > > 9.0).
> > > > >
> > > > > When unzipping InstantRails-1.0, in directory "
> > > > > .../ruby/gems/1.8/cache/actionpack", bitdefender
> > > > > reports 4 instances of Trojan.Psyme.R are attemping to install.
> > > > >
> > > > > Is bitdefender nuts?
> > > > > Is rubyn00b nuts?
> > > >
> > > > I'd say bit defender. I'm getting no errors with McAfee and Norton,
> > > > but I have seen in the past cases where they recognised valid ruby /
> > > > zip files as having a virus signature. Just whack it over the head
> > > > :-)
> > > >
> > > > Cheers,
> > > > Assaph
> > > >
> > > > _______________________________________________
> > > > Instantrails-users mailing list
> > > > Instantrails-users at rubyforge.org
> > > > http://rubyforge.org/mailman/listinfo/instantrails-users
> > > >
> > >
> > >
> >
> > _______________________________________________
> > Instantrails-users mailing list
> > Instantrails-users at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/instantrails-users
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060108/88c7b952/attachment.htm


More information about the Instantrails-users mailing list