Virus in download?

jyparker · Sat 03/01/2009 00:13:07

I went to http://files.filefront.com/Heartland+Deluxeexe/;6236233;/fileinfo.html and downloaded Hartland_Deluxe.exe. My AVG antivirus says it contains worm/feebs.ki... Can someone checkout this to be sure if this is a false alarm or what. Thank you for your time.
Jerry Parker

Ghost · Sat 03/01/2009 01:00:08

Hm, Avira Antivir says the same. Still, occasionally antivirus software will mistake an uninfected file for a virus, so you should wait for a few other oppinions.

Vince Twelve · Sat 03/01/2009 02:17:17

Oh yeah, my mirror of that is down. I've stopped paying for that old site. I'll make a new mirror on xiigames tomorrow. Limpy, could you email me the latest version? Email on http://www.xiigames.com right column. (Just in case that other mirror does have a virus.)

Edit: I just DLed and got a virus warning too.

LimpingFish · Sat 03/01/2009 02:33:29

Hmm. That's odd. AVG says it's clean. $:-\$

Worm/feebs usually spreads via email (according to the AVG virus encyclopedia), but I suppose an .exe could become infected. Regardless, I don't see how it could have suddenly affected that file, since it's the same one that's always been available on FileFront, and this is the first time I've ever heard of a virus warning.

Until we get more information about the FileFront one, you could try downloading from here. I've scanned that one too and it comes back clean.

EDIT: No problem, Vince. There's a copy on BforS above. And many thanks for your continued hosting generosity (two years and counting!).

EDIT: Ah, now this is interesting. I just updated AVG and now it says the file is infected. But here's what's really weird: it says the BforS file is also infected. Which makes me think it may be a false positive, because neither of those files have been changed in the past two years.

Heartland Deluxe is available from a few other sources, so I'll check those too.

EDIT: They're all coming back as positive. WTF.

EDIT: Unbound is coming back positive too! This could be related to the version of 7-zip that was used to compress them as self-extracting archives. More investigating is needed...

Ishmael · Sat 03/01/2009 12:58:36

Sounds like a false positive. I've had Antivir find the most interesting viruses on the most unusual files. One such was some downloader trojan or worm or whatever on mIRC.exe, appeared mid-runtime. It was gone after the next Antivir virus database update.

Oliwerko · Sat 03/01/2009 13:53:11

Negative on Avast, totally clean here.

Stupot · Sat 03/01/2009 14:46:09

Nothing detected with Norton 360.

OneDollar · Sat 03/01/2009 15:39:29

Clean with Panda Antivirus

jyparker · Sat 03/01/2009 15:45:04

Thank all of you for your input. Virus and worms are getting so sophisticated that I try to be careful, but sometimes the anti virus misses.

Stupot · Sat 03/01/2009 16:14:14

Quote from: jyparker on Sat 03/01/2009 15:45:04...sometimes the anti virus misses.

I'm still trying to develop an anti-missus virus $:-\$

Pumaman · Sat 03/01/2009 18:52:56

Quote from: Stupot on Sat 03/01/2009 16:14:14
I'm still trying to develop an anti-missus virus $:-\$

Chlamydia should do the trick.

LimpingFish · Sat 03/01/2009 21:37:19

Thanks everybody for taking the time to check the file.

It does seem to be triggering a false positive in AVG (I use the free version myself) and Avira, but I can't track down exactly what's causing it.

Newer zipped versions don't seem to trigger it, so I'll replace the uploaded versions in a bit.

EDIT: Both files have been replaced, and I've removed the filefront link from the Heartland Deluxe entry. As far as I can tell, the new versions don't result in a false postive.

Virus in download?

Ghost