Re: [eclipse-dev] Virus detected in launcher.exe?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [eclipse-dev] Virus detected in launcher.exe?

From: Carsten Reckord <reckord@xxxxxxxx>
Date: Tue, 03 Feb 2015 13:17:03 +0100
Delivered-to: eclipse-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/eclipse-dev>
List-help: <mailto:eclipse-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/eclipse-dev>, <mailto:eclipse-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/eclipse-dev>, <mailto:eclipse-dev-request@eclipse.org?subject=unsubscribe>
Organization: Yatta Solutions GmbH
User-agent: None of your business

I got a virus definition update yesterday evening and after that the scan
comes up clean again. So it seems this was just bad timing on my end :(

Thank you all for checking, and sorry for the noise.

Carsten

PS: and agreed on the general rule. I'll file a bug next time.

On 03.02.2015 10:15, Daniel Megert wrote:
> I downloaded both files and checked them in their archived form, and also 
> after extracting the files to disk. No viruses found.
> 
> Dani
> 
> 
> 
> From:   David M Williams <david_williams@xxxxxxxxxx>
> To:     "General development mailing list of the Eclipse project." 
> <eclipse-dev@xxxxxxxxxxx>
> Date:   03.02.2015 09:10
> Subject:        Re: [eclipse-dev] Virus detected in launcher.exe?
> Sent by:        eclipse-dev-bounces@xxxxxxxxxxx
> 
> 
> 
> Neither my Norton's "360" program, nor Windows Defender detects any 
> problems on my (Windows 7) machine with any file associated with those 
> URLs. 
> 
> But, I'd suggest, as a general rule, if anyone thinks they have found a 
> virus in any program from "eclipse.org" (from a mirror, or not)  that they 
> open a bug (I suggest "Eclipse Foundation, website" component) since then 
> it can receive proper discussion and investigation than it might otherwise 
> receive from a post to this mailing list. 
> 
> If you do open such a bug, you might better describe how you "get" code 
> from those URLs (in general, they are not designed for "web browser 
> download", but for p2 download, for example) as well as better describe 
> how you  "verified that these are the original bits coming from the 
> Eclipse Servers" (that's not always easy, so would deserve a detailed step 
> by step description). 
> 
> Another item to report, is exactly with version of Windows, which version 
> of Windows Defender, when last updated, etc. You might also report 
> relevant settings (such as if Defender's "heuristics" is checked, or not 
> -- an item important for detecting "mutated viruses" but likely to lead to 
> more "false positives". 
> 
> I should emphasize the fact that "they are ok for me" but "not ok for you" 
> might be all the more reason to be concerned about some sort of "man in 
> the middle" hoax -- that is, I can not say *your* version of those files, 
> are ok. That's another advantage of opening a bug. You could "zip up" what 
> you downloaded, and attach it to the bug. 
> 
> Thanks for your concern about security. A subject that does deserve care. 
> 
> 
> 
> 
> 
> From:        Carsten Reckord <reckord@xxxxxxxx> 
> To:        "General development mailing list of the Eclipse project." 
> <eclipse-dev@xxxxxxxxxxx>, 
> Date:        02/02/2015 08:51 PM 
> Subject:        Re: [eclipse-dev] Virus detected in launcher.exe? 
> Sent by:        eclipse-dev-bounces@xxxxxxxxxxx 
> 
> 
> 
> The downloads were part of a maven build using
> http://download.eclipse.org/eclipse/updates/4.5milestones
> 
> Direct URLs are as follows:
> 
> http://download.eclipse.org/eclipse/updates/4.5milestones/S-4.5M5-201501291830/binary/org.eclipse.equinox.executable_root.win32.win32.x86_3.6.100.v20150127-1814
> 
> 
> http://download.eclipse.org/eclipse/updates/4.5milestones/S-4.5M5-201501291830/features/org.eclipse.equinox.executable_3.6.100.v20150127-1814.jar
> 
> 
> 
> On 02.02.2015 16:33, Daniel Megert wrote:
>> What exactly did you download? Please provide the URL.
>>
>> Thanks,
>> Dani
>>
>>
>>
>> From:   Carsten Reckord <reckord@xxxxxxxx>
>> To:     eclipse-dev@xxxxxxxxxxx
>> Date:   02.02.2015 16:09
>> Subject:        [eclipse-dev] Virus detected in launcher.exe?
>> Sent by:        eclipse-dev-bounces@xxxxxxxxxxx
>>
>>
>>
>> Hi everybody,
>>
>> I hope this is just a false positive, but with the latest platform 
>> milestone
>> build, Windows Defender complains about the 32-bit launcher.exe shipped 
>> with
>> org.eclipse.equinox.executable. It is detected as 
> "Trojan:Win32/Repjexi".
>>
>> The following files are concerned (with md5):
>>
>>
> org.eclipse.equinox.executable_root.win32.win32.x86_3.6.100.v20150127-1814
>> md5: c569db1298814ee84795fc830826da21
>> contained file: launcher.exe
>>
>> org.eclipse.equinox.executable_3.6.100.v20150127-1814.jar
>> md5: f5f22c477f02876671a50b4c1a38187e
>> contained file: bin/win32/win32/x86/launcher.exe
>>
>> I verified that these are the original bits coming from the Eclipse 
>> servers,
>> not some poisoned mirror.
>>
>> Best,
>> Carsten
>> _______________________________________________
>> eclipse-dev mailing list
>> eclipse-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe 
>> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>>
>>
>>
>>
>>
>> _______________________________________________
>> eclipse-dev mailing list
>> eclipse-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe 
> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>>
> 
> _______________________________________________
> eclipse-dev mailing list
> eclipse-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe 
> from this list, visit
> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
> 
> _______________________________________________
> eclipse-dev mailing list
> eclipse-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe 
> from this list, visit
> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
> 
> 
> 
> _______________________________________________
> eclipse-dev mailing list
> eclipse-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
> 

-- 
Yatta Solutions GmbH
- Carsten Reckord -

  t  +49 (0)69 2475666-33
  f  +49 (0)69 2475668-0
  e  reckord@xxxxxxxx

Anschrift Office Kassel
  Ludwig-Erhard-Straße 12
  34131 Kassel

Anschrift Office Frankfurt a.M.
  Mainzer Landstraße 50
  60325 Frankfurt a.M.

Sitz, Handelsregister:
  Sitz der Gesellschaft: Kassel
  Amtsgericht Kassel, HRB 14720
  USt-IdNr DE263191529

Geschäftsführung:
  Johannes Jacop
  Dr. Christian Schneider

Kontakt Geschäftsstelle:
  t  +49 (0)69 2475666-0
  f  +49 (0)69 2475668-0
  e  info@xxxxxxxx

References:
- [eclipse-dev] Virus detected in launcher.exe?
  - From: Carsten Reckord
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: Daniel Megert
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: Carsten Reckord
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: David M Williams
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: Daniel Megert

Prev by Date: Re: [eclipse-dev] Virus detected in launcher.exe?
Next by Date: [eclipse-dev] Respin of Eclipse Platform Project 4.5 M5
Previous by thread: Re: [eclipse-dev] Virus detected in launcher.exe?
Next by thread: [eclipse-dev] Respin of Eclipse Platform Project 4.5 M5
Index(es):
- Date
- Thread

Breadcrumbs