Thank you for the rapid response Stefan Baur, Although I do agree that those AV names are, shall we say, 'less reputable', I was only emailing for due diligence in that both FF and Chrome flagged it as malicious.
Thank you for addressing my concerns, Josh Conway On Fri, Feb 28, 2020 at 9:32 AM <[email protected]> wrote: > Send x2go-user mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.x2go.org/listinfo/x2go-user > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of x2go-user digest..." > > > Today's Topics: > > 1. Credible warning of infected / trojaned X2go windows binary > (Josh Conway) > 2. Re: Credible warning of infected / trojaned X2go windows > binary (Stefan Baur) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 28 Feb 2020 09:09:17 -0500 > From: Josh Conway <[email protected]> > To: [email protected] > Subject: [X2Go-User] Credible warning of infected / trojaned X2go > windows binary > Message-ID: > <CACxuvT5Pp7tSgc29tdeurqynrn=wwijRYJi_mb7_k7W6OVL=_ > [email protected]> > Content-Type: text/plain; charset="utf-8" > > Greetings, > > Upon downloading the file: > > > https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe > > MD5 8b1ac4cb969d116c9303ab3fafe50a01 > SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d > SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0 > > Firefox *and* Google Chrome both throw errors for detected malware. > > Running said file through Virustotal shows the 6 AV products' results: > > Bkav: HW32.Packed. > > Panda: PUP/RemoteAdmin > > Trapmine: Malicious.moderate.ml.score > > Webroot: W32.Ransom.Gen > > Yandex: Trojan.Agent!RIMR9kcXEpU > > Zillya: Trojan.Generic.Win32.1026149 > > > I've attempted to ping people in the freenode #x2go irc room to no avail. > > > Josh Conway > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/1d0d8bf8/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Fri, 28 Feb 2020 15:31:48 +0100 > From: Stefan Baur <[email protected]> > To: [email protected] > Subject: Re: [X2Go-User] Credible warning of infected / trojaned X2go > windows binary > Message-ID: <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Am 28.02.20 um 15:09 schrieb Josh Conway: > > Greetings, > > > > Upon downloading the file: > > > > > https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe > > > > MD5 8b1ac4cb969d116c9303ab3fafe50a01 > > SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d > > SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0 > > > > Firefox *and* Google Chrome both throw errors for detected malware. > > > > Running said file through Virustotal shows the 6 AV products' results: > > > > Bkav: HW32.Packed. > > Panda: PUP/RemoteAdmin > > Trapmine: Malicious.moderate.ml.score > > Webroot: W32.Ransom.Gen > > Yandex: Trojan.Agent!RIMR9kcXEpU > > Zillya: Trojan.Generic.Win32.1026149 > > > Josh, > > these scanners are a) not exactly the most reliable ones and b) they are > throwing "generic" names, which means it's their heuristic detection > that is giving the alarm. > > The total amount of scanners at Virustotal that scanned the file is 57 - > as long as only 6 out of 57 trigger the alarm, and there's not a single > reputable name amongst those being triggered, there's nothing to worry > about. I'd start worrying once Avast, AVG, Avira, BitDefender, F-Prot, > F-Secure, Kaspersky, G-Data, Malwarebytes, McAfee, Microsoft, Sophos, > Symantec or TrendMicro start throwing warnings. As of now, this can > safely be dismissed as a false alarm. > > Also, next to our download, in the same directory > < > https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/ > >, > you can find MD5, SHA1 and SHA256 checksums *as well as a GPG signature* > from us. Do check that signature - if it matches, there's nothing to > worry about. > > The reason why Firefox and Chrome trigger an alert, and what to do about > it, has been discussed on this mailing list before, see this thread: > <https://www.mail-archive.com/[email protected]/msg03640.html> > > Kind Regards, > Stefan Baur > > -- > BAUR-ITCS UG (haftungsbeschränkt) > Geschäftsführer: Stefan Baur > Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 > Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: 0x6EDDF418CDBE5119.asc > Type: application/pgp-keys > Size: 56524 bytes > Desc: not available > URL: < > http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.key > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 488 bytes > Desc: OpenPGP digital signature > URL: < > http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.sig > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > x2go-user mailing list > [email protected] > https://lists.x2go.org/listinfo/x2go-user > > > ------------------------------ > > End of x2go-user Digest, Vol 70, Issue 24 > ***************************************** >
_______________________________________________ x2go-user mailing list [email protected] https://lists.x2go.org/listinfo/x2go-user
