Image Writer

Get "TROJ_GEN.F47V0808" virus warning from TrendMicro-HouseCall on Vriustotal.com

Asked by joeblo

Scanned the downloaded binary on Virustotal.com, got TROJ_GEN.F47V0808 virus warning from TrendMicro-HouseCall. Quite sure it is false positive, but some one from the developer team should clarify the issue with the antivirus software company. Thanks!

Question information

Language:
English Edit question
Status:
Answered
For:
Image Writer Edit question
Assignee:
Tobin Davis Edit question
Last query:
Last reply:
Revision history for this message
Tobin Davis (gruemaster) said : 		#1

I just ran a scan on http://sourceforge.net/projects/win32diskimager/files/Archive/win32diskimager-v0.9-binary.zip (current release binary) and it showed nothing. Where are you downloading it from? Check the md5sum against the published MD5sum (314370a1b433991992bf5460cfbc499e).

If you are still concerned about viruses, I have a copy of the source (and the git tree), as well as the tools used to build this release (under build tools). All of this is available on our Source Forge site (http://sourceforge.net/projects/win32diskimager).

Thanks,

Tobin Davis

Revision history for this message
Odon Odon (odon-odon) said : 		#2

I don't think it is clean!

I've downloaded the current release today from http://sourceforge.net/projects/win32diskimager using the green Download button (v0.9).

Avast and Windows Defender are active on my computer. Both of them remained silent when I have extracted all files from the archive, but when I started the exe, that process suddenly created a file named lks10.exe in my TEMP directory which _is_ the virus... It is identified by some other names in virus scanners as "Win32: SdBot-gen", etc. Windows Defender moved it to quarantine instantly, but I restored the file to test it, and it was reported as positive by Avast! and by most of antivirus products in Virustotal.com, too.

So I think the virus, the lks10.exe is contained by the Image Writer's exe file encrypted, but is perfectly active!

Revision history for this message
Odon Odon (odon-odon) said : 		#3

...or as a last chance, the virus was already in my computer, but I can hardly imagine... :-)

Revision history for this message
Tobin Davis (gruemaster) said : 		#4

So, I just downloaded it and checked it against the original zip that I pushed up. On a clean, virus free system (well, a Linux system), I see no differences. I also tested it with clamav, no hits.

I use it at work quite offten at work on a Windows 7 system running McAffee at parinoid scanning levels, and have not seen any issues there either.

Again, I highly recommend an MD5sum comparison of the zip you downloaded with the MD5sum generated by Sourceforge (it is the same as what I uploaded - just checked).

I don't have those virus utilities, and I really don't have time to hunt down every single utility out there to tell them that they have a false positive (I hardly have enough spare time to maintain the app).

Revision history for this message
Jeff B (skydiver38) said : 		#5

I just downloaded from the link Odon Odon posted, checked the md5 and ran the downloaded exe. MD5 checked out, nothing new in my %TEMP% dir after execution, no complaints from my AV program... "Cannot reproduce".

Can you help with this problem?

Provide an answer of your own, or ask joeblo for more information if necessary.

To post a message you must log in.