[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582825#comment-16582825 ] design_dolphin edited comment on NETBEANS-1114 at 8/16/18 4:56 PM: --- Thank you # Used the https link to download the PHP 64 bit version. Then scanned the installer with Windows Defender. It came up clean. # During installation looked at the Temp file directory 54 where the hit was before (for OP). The folder 54 is not (or no longer) present in the download. It installed with no incidents. After installation the Temp parent directory for the installation was removed automatically. Temporary Conclusion: # The issue is possibly in folder 54 (of some variants of Netbeans) # The issue might be cause by http security issues, which do not occur when using SSL. was (Author: design_dolphin): Thank you # Used the https link to download the PHP 64 bit version. Then scanned the installer with Windows Defender. It came up clean. # During installation looked at the Temp file directory 54 where the hit was before. The folder 54 is not (or no longer) present in the download. It installed with no incidents. After installation the Temp parent directory for the installation was removed automatically. Temporary Conclusion: # The issue is possibly in folder 54 (of some variants of Netbeans) # The issue might be cause by http security issues, which do not occur when using SSL. > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582797#comment-16582797 ] Eduardo Quintanilla edited comment on NETBEANS-1114 at 8/16/18 4:38 PM: In the [Downloads|https://netbeans.org/downloads/start.html?platform=windows=en=all] the links are HTTP but if you change them to HTTPS the downloads works. [https://download.netbeans.org/netbeans/8.2/final/bundles/netbeans-8.2-php-windows-x64.exe] [https://download.netbeans.org/netbeans/8.2/final/bundles/netbeans-8.2-windows.exe] I tested the PHP bundle with VirusTotal and it is clean. [https://www.virustotal.com/es/file/1aacd9f89beae4fe2974987d09e278145217b9de56ff2cec21e2dded82e632e3/analysis/1534437151/] was (Author: eduardo quintanilla): In the [Downloads|https://netbeans.org/downloads/start.html?platform=windows=en=all] the links are HTTP but if you change them to HTTPS the downloads works. [https://download.netbeans.org/netbeans/8.2/final/bundles/netbeans-8.2-php-windows-x64.exe] [https://download.netbeans.org/netbeans/8.2/final/bundles/netbeans-8.2-windows.exe] > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582780#comment-16582780 ] design_dolphin edited comment on NETBEANS-1114 at 8/16/18 4:28 PM: --- There is a few things with that: # This Trojan virus isn't something that pops up a lot from what I can tell so far. Could mean that it's new, or that it is a real threat. # Both people reporting it had a recent issue with it, possibly suggesting that this is something that is only occurring now # From what I can tell the issue seems to be relegated to the Temp folder when installing and for some of the bundled software? # All Netbeans software was removed pending discovery of what is going on. I'm not downloading an installer that may or may not be phoning home over an unsecure line. I hadn't noticed it was not SSL, my bad. Thanks for posting install instructions, my bad sorry. I don't like installing Java seperately (slow, takes up resources, and updating is a pain) so might pass on this one. Just noticed the Oracle site doesn't use SSL for the Java downloads either, while their website is on SSL. So, I'm not going to download Java based off of that. So, yeah, that could be the problem, and where someone possibly is using to inject something. I don't understand why Oracle is using non SSL for this stuff anyway. They need to improve that. It might not be a Netbeans thing, but one of the includes. Odd though that you can't duplicate it, but it has happened to multiple users. You'd think if it was a (false) positive then you would get it too? was (Author: design_dolphin): There is a few things with that: # This Trojan virus isn't something that pops up a lot from what I can tell so far. Could mean that it's new, or that it is a real threat. # Both people reporting it had a recent issue with it, possibly suggesting that this is something that is only occurring now # From what I can tell the issue seems to be relegated to the Temp folder when installing and for some of the bundled software? # All Netbeans software was removed pending discovery of what is going on. I'm not downloading an installer that may or may not be phoning home over an unsecure line. I hadn't noticed it was not SSL, my bad. Thanks for posting install instructions, my bad sorry. I don't like installing Java seperately (slow, takes up resources, and updating is a pain) so might pass on this one. Just noticed the Oracle site doesn't use SSL for the Java downloads either, while their website is on SSL. So, yeah, that could be the problem, and where someone possibly is using to inject something. I don't understand why Oracle is using non SSL for this stuff anyway. They need to improve that. It might not be a Netbeans thing, but one of the includes. Odd though that you can't duplicate it, but it has happened to multiple users. You'd think if it was a (false) positive then you would get it too? > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582780#comment-16582780 ] design_dolphin edited comment on NETBEANS-1114 at 8/16/18 4:25 PM: --- There is a few things with that: # This Trojan virus isn't something that pops up a lot from what I can tell so far. Could mean that it's new, or that it is a real threat. # Both people reporting it had a recent issue with it, possibly suggesting that this is something that is only occurring now # From what I can tell the issue seems to be relegated to the Temp folder when installing and for some of the bundled software? # All Netbeans software was removed pending discovery of what is going on. I'm not downloading an installer that may or may not be phoning home over an unsecure line. I hadn't noticed it was not SSL, my bad. Thanks for posting install instructions, my bad sorry. I don't like installing Java seperately (slow, takes up resources, and updating is a pain) so might pass on this one. Just noticed the Oracle site doesn't use SSL for the Java downloads either, while their website is on SSL. So, yeah, that could be the problem, and where someone possibly is using to inject something. I don't understand why Oracle is using non SSL for this stuff anyway. They need to improve that. It might not be a Netbeans thing, but one of the includes. Odd though that you can't duplicate it, but it has happened to multiple users. You'd think if it was a (false) positive then you would get it too? was (Author: design_dolphin): There is two things with that: # This Trojan virus isn't something that pops up a lot from what I can tell so far. Could mean that it's new, or that it is a real threat. # Both people reporting it had a recent issue with it, possibly suggesting that this is something that is only occurring now # From what I can tell the issue seems to be relegated to the Temp folder when installing and for some of the bundled software? # All Netbeans software was removed pending discovery of what is going on. I'm not downloading an installer that may or may not be phoning home over an unsecure line. I hadn't noticed it was not SSL, my bad. Thanks for posting install instructions, my bad sorry. I don't like installing Java seperately (slow, takes up resources, and updating is a pain) so might pass on this one. Just noticed the Oracle site doesn't use SSL for the Java downloads either, while their website is on SSL. So, yeah, that could be the problem, and where someone possibly is using to inject something. I don't understand why Oracle is using non SSL for this stuff anyway. They need to improve that. It might not be a Netbeans thing, but one of the includes. Odd though that you can't duplicate it, but it has happened to multiple users. You'd think if it was a (false) positive then you would get it too? > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582457#comment-16582457 ] design_dolphin edited comment on NETBEANS-1114 at 8/16/18 12:49 PM: Thanks for the couple back and assistance. It is very much appreciated. No intent to be insulting, just doing my best and being thorough. Going forward it may be wise to have role information in the profiles of contributors. I'll keep your feedback in mind though. 1. Full scan of PC did not find anything 2. Downloaded 9.0 source and scanned with Comodo Anti Virus and Windows Defender. No positives found. I have no clue how to install and run it on Windows 10 as of this moment. I don't see a manual on the 9.0 'more info' or 'download' page for example. 3. The 8.2 installer was removed from the PC. I was going to download it to help with the ticket, but noticed that the download servers don't use SSL for ftp/http, so I don't want to risk it at this stage. If you have an official SSL link then I can download it and check if you want. The reason being if you are not seeing anything and we are, and it is not a ftps/https connection there maybe something going on there. Hope it helps Please note: it may be a few days before I can look at this and respond back was (Author: design_dolphin): Thanks for the couple back and assistance. It is very much appreciated. No intent to be insulting, just doing my best and being thorough. Going forward it may be wise to have role information in the profiles of contributors. I'll keep your feedback in mind though. 1. Full scan of PC did not find anything 2. Downloaded 9.0 source and scanned with Comodo Anti Virus and Windows Defender. No positives found. I have no clue how to install and run it on Windows 10 as of this moment. I don't see a manual on the 9.0 'more info' or 'download' page for example. 3. The 8.2 installer was removed from the PC. I was going to download it to help with the ticket, but noticed that the download servers doesn't use SSL for ftp/http, so I don't want to risk it at this stage. If you have an official SSL link then I can download it and check if you want. The reason being if you are not seeing anything and we are, and it is not a ftps/https connection there maybe something going on there. Hope it helps Please note: it may be a few days before I can look at this and respond back > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582288#comment-16582288 ] design_dolphin edited comment on NETBEANS-1114 at 8/16/18 9:50 AM: --- Look, I don't know who you are, but you should let someone with experience handle this. # Oracle should be contacted if it is their servers # The issue comes from one of the bundle files, and could be in 9.0 too. How about providing that information instead. Stop being so stubborn and derailing this issue with 9.0 being different, and telling people to download a possible security risk. Get off this ticket please, and let more experienced people handle it. If this is how security is handled with this fork, then I'm done with it. was (Author: design_dolphin): Look, I don't know who you are, but you should let someone with experience handle this. # Oracle should be contacted if it is there servers # The issue comes from one of the bundle files, and could be in 9.0 too. How about providing that information instead. Stop being so stubborn and derailing this issue with 9.0 being different, and telling people to download a possible security risk. Get off this ticket please, and let more experienced people handle it. If this is how security is handled with this fork, then I'm done with it. > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
[jira] [Comment Edited] (NETBEANS-1114) trojan found while installing Netbeans
[ https://issues.apache.org/jira/browse/NETBEANS-1114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16582199#comment-16582199 ] design_dolphin edited comment on NETBEANS-1114 at 8/16/18 8:39 AM: --- Confirmed on Windows 10 and downloading 8.2 PHP 64bit version from netbeans.org and installng it with updates active during installer (without it the updater on it does it too) It gives multiple warnings, Windows Defender removes it, and it gets added again multiple times. Uninstalled Netbeans and doing full scan until this is cleared up. was (Author: design_dolphin): Confirmed on Windows 10 and downloading 8.2 PHP 64bit version from netbeans.org and installng it with updates active during installer. It gives multiple warnings, Windows Defender removes it, and it gets added again multiple times. Uninstalled Netbeans until this is cleared up. > trojan found while installing Netbeans > -- > > Key: NETBEANS-1114 > URL: https://issues.apache.org/jira/browse/NETBEANS-1114 > Project: NetBeans > Issue Type: Bug > Components: platform - LaunchersCLI >Affects Versions: 8.2 > Environment: Win10 64 >Reporter: Johannes Hoffmann >Priority: Major > > found by Windows Defender during the installation > Trojan:Script/Cloxer.D!cl > file: > C:\Users\User\AppData\Local\Temp\tmpnb\var\cache\netigso\org.eclipse.osgi\bundles\54\1\bundlefile -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org For additional commands, e-mail: commits-h...@netbeans.apache.org For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
