[Instantrails-users] Trojan in Windows Download File -- Psyme.R
Curt Hibbs
curt.hibbs at gmail.com
Sun Jan 8 18:52:22 EST 2006
I scanned the unzipped directory tree, but it looks like you scanned the zip
file itself. I don't know why that should make a difference.
Curt
On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:
>
> Bitdefender log follows:
>
> //-----------------------------------------------------------------
> //
> // Product: BitDefender 9 Professional Plus
> // Version: 9.0
> //
> // Created on: 07/01/2006 19:18:09
> //
> //-----------------------------------------------------------------
>
>
> Statistics
>
> Scan path : D:\Documents and Settings\Jim
> Mazdra\Desktop\Executables\InstantRails-1.0-final-win.zip
> Folders : 0
> Files : 19891
> Archives : 209
> Packed files : 1147
> Identified viruses : 1
> Infected files : 4
> Warnings : 0
> Suspect files : 0
> Disinfected files : 0
> Deleted files : 4
> Copied files : 0
> Moved files : 0
> Renamed files : 0
> I/O errors : 0
> Scan time : 00:01:17
> Scan speed (files/sec) : 258
>
> Virus definitions : 250844
> Scan plugins : 13
> Archive plugins : 39
> Unpack plugins : 4
> Mail plugins : 6
> System plugins : 1
>
> Scan options
>
> Detection
> [X] Scan boot sectors
> [X] Scan archives
> [X] Scan packed files
> [X] Scan email
>
> File mask
> [ ] Programs
> [X] All files
> [ ] User defined extensions:
> [ ] Exclude extensions: ;
>
> Action
>
> Infected objects
> [ ] Ignore
> [ ] Disinfect
> [ ] Delete
> [ ] Copy to quarantine
> [ ] Move to quarantine
> [ ] Rename
> [X] Prompt user
>
> Second action
> [ ] Ignore
> [ ] Delete
> [ ] Copy to quarantine
> [ ] Move to quarantine
> [ ] Rename
> [ ] Prompt user
>
> Scan options
> [X] Enable warnings
> [X] Enable heuristics
> [ ] Show all files in log
> [X] Report file: D:\Program
> Files\Softwin\BitDefender9\Logs\vscan_1136683089.log
>
>
> Summary:
>
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
> 13) Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
> 13) Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz= >
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT
> 14) Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 14) Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem= >data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb
> Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=>
> InstantRails-1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 13) Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 13) Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=>InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb
> Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip=> InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 14) Infected: Trojan.Psyme.R
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT
> 14) Deleted
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip= >InstantRails-1.0
> /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb
> Update
> D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-
> 1.0-final-win.zip Update
>
>
> On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
> >
> > I just did a virus scan on Instant Rails using AVG, McAfee, and
> > BitDefender (latest versions of each), and it came up clean in all three
> > cases. I think this is a false positive.
> >
> > Curt
> >
> > On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:
> > >
> > > I've received one report wit McAfee. I thing its a false alarm, but I
> > > want to get rid of it just the same. Jim, did it tell you what files?
> > >
> > > Curt
> > >
> > > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote:
> > > >
> > > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:
> > > > > Hopefully I am just getting an error from my AV program
> > > > (bitdefenderPro
> > > > > 9.0).
> > > > >
> > > > > When unzipping InstantRails-1.0, in directory "
> > > > > .../ruby/gems/1.8/cache/actionpack", bitdefender
> > > > > reports 4 instances of Trojan.Psyme.R are attemping to install.
> > > > >
> > > > > Is bitdefender nuts?
> > > > > Is rubyn00b nuts?
> > > >
> > > > I'd say bit defender. I'm getting no errors with McAfee and Norton,
> > > > but I have seen in the past cases where they recognised valid ruby /
> > > > zip files as having a virus signature. Just whack it over the head
> > > > :-)
> > > >
> > > > Cheers,
> > > > Assaph
> > > >
> > > > _______________________________________________
> > > > Instantrails-users mailing list
> > > > Instantrails-users at rubyforge.org
> > > > http://rubyforge.org/mailman/listinfo/instantrails-users
> > > >
> > >
> > >
> >
> > _______________________________________________
> > Instantrails-users mailing list
> > Instantrails-users at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/instantrails-users
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060108/88c7b952/attachment.htm
More information about the Instantrails-users
mailing list