Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
That doesn't answer the question or give any less importance to it. How do I know the version you have with no viruses is the same version I downloaded? There are many locations people might have obtained a pygame binary. It would be useful to have checksums and/or GPG signatures of the files for verification. On mar, 2014-09-16 at 21:38 +0530, diliup gabadamudalige wrote: As Far as I can see there is NO VIRUS in PYGAME. scanned for virus, malware. Nothing. On Tue, Sep 16, 2014 at 5:22 AM, d...@amberfisharts.com wrote: Would it be a lot of work to provide checksums for the installers and tarballs? Then we could at least verify that we have the pygame version the developers intended and that it was not tampered with. signature.asc Description: This is a digitally signed message part
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
I can mail you the version I have On Wed, Sep 17, 2014 at 6:52 PM, Sam Bull sam.hack...@sent.com wrote: That doesn't answer the question or give any less importance to it. How do I know the version you have with no viruses is the same version I downloaded? There are many locations people might have obtained a pygame binary. It would be useful to have checksums and/or GPG signatures of the files for verification. On mar, 2014-09-16 at 21:38 +0530, diliup gabadamudalige wrote: As Far as I can see there is NO VIRUS in PYGAME. scanned for virus, malware. Nothing. On Tue, Sep 16, 2014 at 5:22 AM, d...@amberfisharts.com wrote: Would it be a lot of work to provide checksums for the installers and tarballs? Then we could at least verify that we have the pygame version the developers intended and that it was not tampered with. -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. **
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
As Far as I can see there is NO VIRUS in PYGAME. scanned for virus, malware. Nothing. On Tue, Sep 16, 2014 at 5:22 AM, d...@amberfisharts.com wrote: Would it be a lot of work to provide checksums for the installers and tarballs? Then we could at least verify that we have the pygame version the developers intended and that it was not tampered with. Cheers, Lorenz Am 2014-09-03 12:41, schrieb Little Bird: Jeffrey Kleykamp wrote I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp Greetings. I believe that I may be using the exact version of Pygame that Jeffrey Kleykamp has encountered a potential virus in. Is there anyway to confirm that this was a false positive? Has anyone else encountered this problem? This has me really worried. T_T I'm new to using mailing lists, so I'm treating it like a forum. If that is incorrect than please mention it as I do not wish to offend. Thank you for your time. ___ Little Bird -- View this message in context: http://pygame-users.25799.x6.nabble.com/pygame-Potential- Malware-in-Pygame-1-9-2a0-win32-py3-2-tp1315p1412.html Sent from the pygame-users mailing list archive at Nabble.com. -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. **
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
Would it be a lot of work to provide checksums for the installers and tarballs? Then we could at least verify that we have the pygame version the developers intended and that it was not tampered with. Cheers, Lorenz Am 2014-09-03 12:41, schrieb Little Bird: Jeffrey Kleykamp wrote I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp Greetings. I believe that I may be using the exact version of Pygame that Jeffrey Kleykamp has encountered a potential virus in. Is there anyway to confirm that this was a false positive? Has anyone else encountered this problem? This has me really worried. T_T I'm new to using mailing lists, so I'm treating it like a forum. If that is incorrect than please mention it as I do not wish to offend. Thank you for your time. ___ Little Bird -- View this message in context: http://pygame-users.25799.x6.nabble.com/pygame-Potential-Malware-in-Pygame-1-9-2a0-win32-py3-2-tp1315p1412.html Sent from the pygame-users mailing list archive at Nabble.com.
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
Thank you both for responding so quickly and putting my fears to rest. I'll continue my journey into programming with Pygame without worry. ^_^ ___ Little Bird -- View this message in context: http://pygame-users.25799.x6.nabble.com/pygame-Potential-Malware-in-Pygame-1-9-2a0-win32-py3-2-tp1315p1415.html Sent from the pygame-users mailing list archive at Nabble.com.
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
Jeffrey Kleykamp wrote I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp Greetings. I believe that I may be using the exact version of Pygame that Jeffrey Kleykamp has encountered a potential virus in. Is there anyway to confirm that this was a false positive? Has anyone else encountered this problem? This has me really worried. T_T I'm new to using mailing lists, so I'm treating it like a forum. If that is incorrect than please mention it as I do not wish to offend. Thank you for your time. ___ Little Bird -- View this message in context: http://pygame-users.25799.x6.nabble.com/pygame-Potential-Malware-in-Pygame-1-9-2a0-win32-py3-2-tp1315p1412.html Sent from the pygame-users mailing list archive at Nabble.com.
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
Hi, It seems very likely that it was a false positive. Nobody else reported that issue, and I scanned the same file on virustotal, which checks with lots of different scanners, and none of them found anything. It's impossible to be 100% certain without understanding exactly what was going on on Jeffrey's computer, but I wouldn't worry about using it. Of course, on windows it's a good idea to have an up to date virus scanner installed anyway, as a general precaution. Thomas On 3 Sep 2014 03:56, Little Bird wanderingswordsman-littleb...@yahoo.ca wrote: Jeffrey Kleykamp wrote I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp Greetings. I believe that I may be using the exact version of Pygame that Jeffrey Kleykamp has encountered a potential virus in. Is there anyway to confirm that this was a false positive? Has anyone else encountered this problem? This has me really worried. T_T I'm new to using mailing lists, so I'm treating it like a forum. If that is incorrect than please mention it as I do not wish to offend. Thank you for your time. ___ Little Bird -- View this message in context: http://pygame-users.25799.x6.nabble.com/pygame-Potential-Malware-in-Pygame-1-9-2a0-win32-py3-2-tp1315p1412.html Sent from the pygame-users mailing list archive at Nabble.com.
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
I'm pretty sure it was a false positive. On Wed, Sep 3, 2014 at 10:28 AM, Thomas Kluyver tak...@gmail.com wrote: Hi, It seems very likely that it was a false positive. Nobody else reported that issue, and I scanned the same file on virustotal, which checks with lots of different scanners, and none of them found anything. It's impossible to be 100% certain without understanding exactly what was going on on Jeffrey's computer, but I wouldn't worry about using it. Of course, on windows it's a good idea to have an up to date virus scanner installed anyway, as a general precaution. Thomas On 3 Sep 2014 03:56, Little Bird wanderingswordsman-littleb...@yahoo.ca wrote: Jeffrey Kleykamp wrote I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp Greetings. I believe that I may be using the exact version of Pygame that Jeffrey Kleykamp has encountered a potential virus in. Is there anyway to confirm that this was a false positive? Has anyone else encountered this problem? This has me really worried. T_T I'm new to using mailing lists, so I'm treating it like a forum. If that is incorrect than please mention it as I do not wish to offend. Thank you for your time. ___ Little Bird -- View this message in context: http://pygame-users.25799.x6.nabble.com/pygame-Potential-Malware-in-Pygame-1-9-2a0-win32-py3-2-tp1315p1412.html Sent from the pygame-users mailing list archive at Nabble.com. -- Jeffrey Kleykamp
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
The file itself doesn't trip any alarms for me either. After installing and doing 'import pygame' I get the warning. The md5sum is the same for my file. Jeffrey On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver tak...@gmail.com wrote: Did you download this from the pygame website? I've just downloaded that same file and checked it with virustotal (which scans with a load of different AV engines), and it was all clear: https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/ So I'd suspect it's a false positive, although it's possible that someone is doing a MITM attack to give you a modified download. Check the md5sum of the file you downloaded - it should be: 71e8d3d1679a9d803302ff2923406def Thomas On 30 June 2014 07:44, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: It also said it was Win32 Malware Gen. http://www.ehow.com/info_12106213_win32-malwaregen.html Who made the msi? On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige dili...@gmail.com wrote: this could be potentially dangerous! does anyone else have more info? i am using this version. On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ** -- Jeffrey Kleykamp -- Jeffrey Kleykamp
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
I extracted fastevent.pyd, the first file you saw a problem with (md5 cb274a3f1a83260d82957409855ca077), and checked it with virustotal. Still nothing: https://www.virustotal.com/en-gb/file/30d7c47d4385ff2b16b23544c4525e6699dddcaa7c3ddf3c66f302f78e78c333/analysis/1404149051/ Another possibility is that you have a virus elsewhere on the system which is infecting those files as they get installed. Thomas On 30 June 2014 10:01, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: The file itself doesn't trip any alarms for me either. After installing and doing 'import pygame' I get the warning. The md5sum is the same for my file. Jeffrey On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver tak...@gmail.com wrote: Did you download this from the pygame website? I've just downloaded that same file and checked it with virustotal (which scans with a load of different AV engines), and it was all clear: https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/ So I'd suspect it's a false positive, although it's possible that someone is doing a MITM attack to give you a modified download. Check the md5sum of the file you downloaded - it should be: 71e8d3d1679a9d803302ff2923406def Thomas On 30 June 2014 07:44, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: It also said it was Win32 Malware Gen. http://www.ehow.com/info_12106213_win32-malwaregen.html Who made the msi? On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige dili...@gmail.com wrote: this could be potentially dangerous! does anyone else have more info? i am using this version. On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ** -- Jeffrey Kleykamp -- Jeffrey Kleykamp
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
That could be but this computer is only a month old. I think this may just be a false positive... On Mon, Jun 30, 2014 at 1:26 PM, Thomas Kluyver tak...@gmail.com wrote: I extracted fastevent.pyd, the first file you saw a problem with (md5 cb274a3f1a83260d82957409855ca077), and checked it with virustotal. Still nothing: https://www.virustotal.com/en-gb/file/30d7c47d4385ff2b16b23544c4525e6699dddcaa7c3ddf3c66f302f78e78c333/analysis/1404149051/ Another possibility is that you have a virus elsewhere on the system which is infecting those files as they get installed. Thomas On 30 June 2014 10:01, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: The file itself doesn't trip any alarms for me either. After installing and doing 'import pygame' I get the warning. The md5sum is the same for my file. Jeffrey On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver tak...@gmail.com wrote: Did you download this from the pygame website? I've just downloaded that same file and checked it with virustotal (which scans with a load of different AV engines), and it was all clear: https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/ So I'd suspect it's a false positive, although it's possible that someone is doing a MITM attack to give you a modified download. Check the md5sum of the file you downloaded - it should be: 71e8d3d1679a9d803302ff2923406def Thomas On 30 June 2014 07:44, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: It also said it was Win32 Malware Gen. http://www.ehow.com/info_12106213_win32-malwaregen.html Who made the msi? On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige dili...@gmail.com wrote: this could be potentially dangerous! does anyone else have more info? i am using this version. On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ** -- Jeffrey Kleykamp -- Jeffrey Kleykamp -- Jeffrey Kleykamp
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
Thanks for checking this! Keith Nemitz Principal Developer Mousechief Co. www.mousechief.com From: Sean Felipe Wolfe ether@gmail.com To: pygame-users pygame-users@seul.org Sent: Monday, June 30, 2014 1:06 PM Subject: Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2 Nice to see the pygame list responding to this. Thanks for the report jeffrey and thanks Thomas for the triage :) On Mon, Jun 30, 2014 at 10:35 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: That could be but this computer is only a month old. I think this may just be a false positive... On Mon, Jun 30, 2014 at 1:26 PM, Thomas Kluyver tak...@gmail.com wrote: I extracted fastevent.pyd, the first file you saw a problem with (md5 cb274a3f1a83260d82957409855ca077), and checked it with virustotal. Still nothing: https://www.virustotal.com/en-gb/file/30d7c47d4385ff2b16b23544c4525e6699dddcaa7c3ddf3c66f302f78e78c333/analysis/1404149051/ Another possibility is that you have a virus elsewhere on the system which is infecting those files as they get installed. Thomas On 30 June 2014 10:01, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: The file itself doesn't trip any alarms for me either. After installing and doing 'import pygame' I get the warning. The md5sum is the same for my file. Jeffrey On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver tak...@gmail.com wrote: Did you download this from the pygame website? I've just downloaded that same file and checked it with virustotal (which scans with a load of different AV engines), and it was all clear: https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/ So I'd suspect it's a false positive, although it's possible that someone is doing a MITM attack to give you a modified download. Check the md5sum of the file you downloaded - it should be: 71e8d3d1679a9d803302ff2923406def Thomas On 30 June 2014 07:44, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: It also said it was Win32 Malware Gen. http://www.ehow.com/info_12106213_win32-malwaregen.html Who made the msi? On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige dili...@gmail.com wrote: this could be potentially dangerous! does anyone else have more info? i am using this version. On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ** -- Jeffrey Kleykamp -- Jeffrey Kleykamp -- Jeffrey Kleykamp -- A musician must make music, an artist must paint, a poet must write, if he is to be ultimately at peace with himself. - Abraham Maslow
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
Thanks to all for all valuable information and responses. If not for this kind of sincere and enthusiastic responses on Python/Pygame user groups we will all be in the dark on some matters. Thank you all. May you be well. On Tue, Jul 1, 2014 at 4:33 AM, bw stabbingfin...@gmail.com wrote: Viruses are opportunistic. If your stuff is vulnerable when you encounter one, you will catch the crud. I know someone who loaded Windows from scratch using local media, then patched at MS.com, then downloaded and installed an antivirus product. And the antivirus scan found viruses. =) She did the same routine a second time and no viruses. All within two hours. A mystery! Gumm On 6/30/2014 10:35, Jeffrey Kleykamp wrote: That could be but this computer is only a month old. I think this may just be a false positive... On Mon, Jun 30, 2014 at 1:26 PM, Thomas Kluyver tak...@gmail.com wrote: I extracted fastevent.pyd, the first file you saw a problem with (md5 cb274a3f1a83260d82957409855ca077), and checked it with virustotal. Still nothing: https://www.virustotal.com/en-gb/file/30d7c47d4385ff2b16b23544c4525e6699dddcaa7c3ddf3c66f302f78e78c333/analysis/1404149051/ Another possibility is that you have a virus elsewhere on the system which is infecting those files as they get installed. Thomas On 30 June 2014 10:01, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: The file itself doesn't trip any alarms for me either. After installing and doing 'import pygame' I get the warning. The md5sum is the same for my file. Jeffrey On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver tak...@gmail.com wrote: Did you download this from the pygame website? I've just downloaded that same file and checked it with virustotal (which scans with a load of different AV engines), and it was all clear: https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/ So I'd suspect it's a false positive, although it's possible that someone is doing a MITM attack to give you a modified download. Check the md5sum of the file you downloaded - it should be: 71e8d3d1679a9d803302ff2923406def Thomas On 30 June 2014 07:44, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: It also said it was Win32 Malware Gen. http://www.ehow.com/info_12106213_win32-malwaregen.html Who made the msi? On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige dili...@gmail.com wrote: this could be potentially dangerous! does anyone else have more info? i am using this version. On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ** -- Jeffrey Kleykamp -- Jeffrey Kleykamp -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally
[pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp
Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2
this could be potentially dangerous! does anyone else have more info? i am using this version. On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp jeffrey.kleyk...@gmail.com wrote: I just downloaded and installed pygame-1.9.2a0.win32-py3.2.msi and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log, Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:35:57 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)... Deleting File c:\python32\lib\site-packages\pygame\fastevent.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:05 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)... Deleting File c:\python32\lib\site-packages\pygame\rwobject.pyd Automated Cleanup Engine Starting Cleanup at 29/06/2014 - 21:36:13 GMT Starting Routine Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)... Deleting File c:\python32\lib\site-packages\pygame\surflock.pyd -- Jeffrey Kleykamp -- Diliup Gabadamudalige http://www.diliupg.com http://soft.diliupg.com/ ** This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. **