p.s. the hashes below are for another download, since I deleted the
first one after the malware problem.
On 19/10/2023 11:20, Matthew Ford wrote:
Observed problem.
1 Downloaded and installed 4.1.44 Full installation for Windows,
installed and updated earlier version.
As part of this install all other programs where exited, eg Chrome and
an Android emulator, JEdit etc were closed
2 Downloaded and installed
Apache_OpenOffice_4.1.14_Win_x86_langpack_en-US.exe
At start of installation install found V4.1.14 language pack and said
it would update to V4.1.14 language pack
On clicking install, Windows10 raised a security exception
msiexec.exe accessing \Device\HarddiskVolume3 (the C: drive)
I approved this exception.
Later Windows10 raised another security exception
SrTasks.exe access to \Device\HarddiskVolumeShadowCopy22
I denied this exception and ran MalwareBytes which found a PuP malware.
*1)* The exact file name of the downloaded installation file.
Apache_OpenOffice_4.1.14_Win_x86_langpack_en-US
*2)* The value of the downloaded signature/hash file.
4744101c5252dae3567012016a8e48671afec744d121ffcd87479aeab4b12612
*3)* The processed signature/hash from your computer.
4744101c5252dae3567012016a8e48671afec744d121ffcd87479aeab4b12612
*4)* The exact size of the installation file in byte.
18,705,656
*5)* Have you used a proxy server (yes/no)? No
*6)* The exact URL from the server from where the files was downloaded.
https://sourceforge.net/projects/openofficeorg.mirror/files/4.1.14/binaries/en-US/Apache_OpenOffice_4.1.14_Win_x86_langpack_en-US.exe/download
