Virus

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Virus

DaveMac01
Hi,
I have just downloaded the latest version of GIMP fro the GIMP downloads page.
On trying to install the software, Windows Defender popped up with a messge that
there was a virus. I said to run anyway. AVG blocked the download and
quarantined it. I then downloaded GIMP from the bittorrent on the downloads page
and came up with exactly the same problems.

I have ran AVG, Malware, CCleaner etc and am left with a file in my downloads
fold which I cannot delete. It says that it needs administrator rights to delete
it which it should have as there is only administrator on my laptop. The fie
says it is 0kb in size but actually it is not. If I right clight and run as
administrator, I get the message that the operation did not complete successfuly
as the file contains potentially unwanted software or a virus.

I have tried to delete the file with IObit shredder but it i says that it is
occupied by another program.

The file name is gimp-2.10.0-x64-setup

Can anyone please help?
Thanks

--
susanem (via www.gimpusers.com/forums)
_______________________________________________
gimp-user-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list
Reply | Threaded
Open this post in threaded view
|

Re: Virus

Michael Schumacher


On 04/29/2018 11:25 AM, susanem wrote:

> Hi, I have just downloaded the latest version of GIMP fro the GIMP
> downloads page. On trying to install the software, Windows Defender
> popped up with a messge that there was a virus. I said to run anyway.
> AVG blocked the download and quarantined it. I then downloaded GIMP
> from the bittorrent on the downloads page and came up with exactly
> the same problems.

This is because both methods get you the same file - the torrent is set
up to use various mirror servers as web seeds.

The initial anti-virus reports have been a common sight for years, and
are due to the fact that antivirus software is at least partially based
on whitelists and more recently on reputation-based scores, meaning
users of the antivirus software can report whether they consider a file
trustworthy (this is the "FileRep" or "Reputation" 'virus' reports you
might see popping up).

And yes, this means people can attempt to poison such scores.

There more on that here:
https://www.reddit.com/r/GIMP/comments/8fputy/was_gimp_hacked_and_replaced_by_malware/

> I have ran AVG, Malware, CCleaner etc and am left with a file in my
> downloads fold which I cannot delete. It says that it needs
> administrator rights to delete it which it should have as there is
> only administrator on my laptop. The fie says it is 0kb in size but
> actually it is not. If I right clight and run as administrator, I get
> the message that the operation did not complete successfuly as the
> file contains potentially unwanted software or a virus.

It's likely that your AV software is now preventing you from doing
anything with the file, including to delete it. You should update it to
make sure that the false positive is gone.

--
Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD
_______________________________________________
gimp-user-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list
Reply | Threaded
Open this post in threaded view
|

Re: Virus

Joel Rees
On Mon, Apr 30, 2018 at 6:22 PM, Michael Schumacher <[hidden email]> wrote:

>
>
> On 04/29/2018 11:25 AM, susanem wrote:
>
>> Hi, I have just downloaded the latest version of GIMP fro the GIMP
>> downloads page. On trying to install the software, Windows Defender
>> popped up with a messge that there was a virus. I said to run anyway.
>> AVG blocked the download and quarantined it. I then downloaded GIMP
>> from the bittorrent on the downloads page and came up with exactly
>> the same problems.
>
> This is because both methods get you the same file - the torrent is set
> up to use various mirror servers as web seeds.
>
> The initial anti-virus reports have been a common sight for years, and
> are due to the fact that antivirus software is at least partially based
> on whitelists and more recently on reputation-based scores, meaning
> users of the antivirus software can report whether they consider a file
> trustworthy (this is the "FileRep" or "Reputation" 'virus' reports you
> might see popping up).
>
> And yes, this means people can attempt to poison such scores.
>
> There more on that here:
> https://www.reddit.com/r/GIMP/comments/8fputy/was_gimp_hacked_and_replaced_by_malware/
>> I have ran AVG, Malware, CCleaner etc and am left with a file in my
>> downloads fold which I cannot delete. It says that it needs
>> administrator rights to delete it which it should have as there is
>> only administrator on my laptop. The fie says it is 0kb in size but
>> actually it is not. If I right clight and run as administrator, I get
>> the message that the operation did not complete successfuly as the
>> file contains potentially unwanted software or a virus.
>
> It's likely that your AV software is now preventing you from doing
> anything with the file, including to delete it. You should update it to
> make sure that the false positive is gone.

Is the MSWindows world that seriously bad these days, that you don't
bother asking what site it was downloaded from, what the hash was,
etc.?


--
Joel Rees

One of these days I'll get someone to pay me
to design a language that combines the best of Forth and C.
Then I'll be able to leap wide instruction sets with a single #ifdef,
run faster than a speeding infinite loop with a #define,
and stop all integer size bugs with my bare cast.
http://defining-computers.blogspot.com/2017/06/reinventing-computers.html

More of my delusions:
http://reiisi.blogspot.com/2017/05/do-not-pay-modern-danegeld-ransomware.html
http://reiisi.blogspot.jp/p/novels-i-am-writing.html
_______________________________________________
gimp-user-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list
Reply | Threaded
Open this post in threaded view
|

Virus

DaveMac01
In reply to this post by Michael Schumacher
>This is because both methods get you the same file - the torrent is
>set
>up to use various mirror servers as web seeds.
>
>The initial anti-virus reports have been a common sight for years, and
>are due to the fact that antivirus software is at least partially
>based
>on whitelists and more recently on reputation-based scores, meaning
>users of the antivirus software can report whether they consider a
>file
>trustworthy (this is the "FileRep" or "Reputation" 'virus' reports you
>might see popping up).
>
>And yes, this means people can attempt to poison such scores.
>
>There more on that here:
>https://www.reddit.com/r/GIMP/comments/8fputy/was_gimp_hacked_and_replaced_by_malware/
>It's likely that your AV software is now preventing you from doing
>anything with the file, including to delete it. You should update it
>to
>make sure that the false positive is gone.

Many thanks for your reply Muchael. I have managed to get rid of the file. I ran
Windows Malicious Software removal too then cleaned the machine again and
rebooted. Then I was able to delete the file.

My AVG is always kept bang up to date adn I will add the GIMP site to it's
whiltelist adn have another go at the download
Regards
Susan

--
susanem (via www.gimpusers.com/forums)
_______________________________________________
gimp-user-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list
Reply | Threaded
Open this post in threaded view
|

Re: Virus

Steve Kinney
In reply to this post by Joel Rees


On 04/30/2018 06:28 AM, Joel Rees wrote:

> Is the MSWindows world that seriously bad these days, that you don't
> bother asking what site it was downloaded from, what the hash was,
> etc.?

That bad and worse.

"If you want a vision of the future, imagine a boot stamping on a human
face - forever." - George Orwell

User said the file came from gimp.org, and a spoofing or MITM attack is
/most/ unlikely.  The problem described will prevent the file from being
read, so no hash can be calculated.

As for repairs, I'm sure there are ways:  And that they are more
complicated, harder for a non-professional user to get right, and FAR
less reliable than just installing Linux and having done with all that
nonsense once and for all.

:o/








_______________________________________________
gimp-user-list mailing list
List address:    [hidden email]
List membership: https://mail.gnome.org/mailman/listinfo/gimp-user-list
List archives:   https://mail.gnome.org/archives/gimp-user-list