Re: [eclipse-dev] Virus detected in launcher.exe?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [eclipse-dev] Virus detected in launcher.exe?

From: David M Williams <david_williams@xxxxxxxxxx>
Date: Tue, 3 Feb 2015 03:08:39 -0500
Delivered-to: eclipse-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/eclipse-dev>
List-help: <mailto:eclipse-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/eclipse-dev>, <mailto:eclipse-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/eclipse-dev>, <mailto:eclipse-dev-request@eclipse.org?subject=unsubscribe>

Neither my Norton's "360" program, nor Windows Defender detects any problems on my (Windows 7) machine with any file associated with those URLs.

But, I'd suggest, as a general rule, if anyone thinks they have found a virus in any program from "eclipse.org" (from a mirror, or not) that they open a bug (I suggest "Eclipse Foundation, website" component) since then it can receive proper discussion and investigation than it might otherwise receive from a post to this mailing list.

If you do open such a bug, you might better describe how you "get" code from those URLs (in general, they are not designed for "web browser download", but for p2 download, for example) as well as better describe how you "verified that these are the original bits coming from the Eclipse Servers" (that's not always easy, so would deserve a detailed step by step description).

Another item to report, is exactly with version of Windows, which version of Windows Defender, when last updated, etc. You might also report relevant settings (such as if Defender's "heuristics" is checked, or not -- an item important for detecting "mutated viruses" but likely to lead to more "false positives".

I should emphasize the fact that "they are ok for me" but "not ok for you" might be all the more reason to be concerned about some sort of "man in the middle" hoax -- that is, I can not say *your* version of those files, are ok. That's another advantage of opening a bug. You could "zip up" what you downloaded, and attach it to the bug.

Thanks for your concern about security. A subject that does deserve care.

From: Carsten Reckord <reckord@xxxxxxxx>
To: "General development mailing list of the Eclipse project." <eclipse-dev@xxxxxxxxxxx>,
Date: 02/02/2015 08:51 PM
Subject: Re: [eclipse-dev] Virus detected in launcher.exe?
Sent by: eclipse-dev-bounces@xxxxxxxxxxx

The downloads were part of a maven build usinghttp://download.eclipse.org/eclipse/updates/4.5milestonesDirect URLs are as follows:http://download.eclipse.org/eclipse/updates/4.5milestones/S-4.5M5-201501291830/binary/org.eclipse.equinox.executable_root.win32.win32.x86_3.6.100.v20150127-1814http://download.eclipse.org/eclipse/updates/4.5milestones/S-4.5M5-201501291830/features/org.eclipse.equinox.executable_3.6.100.v20150127-1814.jarOn 02.02.2015 16:33, Daniel Megert wrote: > What exactly did you download? Please provide the URL. > > Thanks, > Dani > > > > From: Carsten Reckord <reckord@xxxxxxxx> > To: eclipse-dev@xxxxxxxxxxx > Date: 02.02.2015 16:09 > Subject: [eclipse-dev] Virus detected in launcher.exe? > Sent by: eclipse-dev-bounces@xxxxxxxxxxx > > > > Hi everybody, > > I hope this is just a false positive, but with the latest platform > milestone > build, Windows Defender complains about the 32-bit launcher.exe shipped > with > org.eclipse.equinox.executable. It is detected as "Trojan:Win32/Repjexi". > > The following files are concerned (with md5): > > org.eclipse.equinox.executable_root.win32.win32.x86_3.6.100.v20150127-1814 > md5: c569db1298814ee84795fc830826da21 > contained file: launcher.exe > > org.eclipse.equinox.executable_3.6.100.v20150127-1814.jar > md5: f5f22c477f02876671a50b4c1a38187e > contained file: bin/win32/win32/x86/launcher.exe > > I verified that these are the original bits coming from the Eclipse > servers, > not some poisoned mirror. > > Best, > Carsten > _______________________________________________ > eclipse-dev mailing list > eclipse-dev@xxxxxxxxxxx > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit >https://dev.eclipse.org/mailman/listinfo/eclipse-dev> > > > > > _______________________________________________ > eclipse-dev mailing list > eclipse-dev@xxxxxxxxxxx > To change your delivery options, retrieve your password, or unsubscribe from this list, visit >https://dev.eclipse.org/mailman/listinfo/eclipse-dev> _______________________________________________ eclipse-dev mailing list eclipse-dev@xxxxxxxxxxx To change your delivery options, retrieve your password, or unsubscribe from this list, visithttps://dev.eclipse.org/mailman/listinfo/eclipse-dev

Follow-Ups:
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: Daniel Megert

References:
- [eclipse-dev] Virus detected in launcher.exe?
  - From: Carsten Reckord
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: Daniel Megert
- Re: [eclipse-dev] Virus detected in launcher.exe?
  - From: Carsten Reckord

Prev by Date: Re: [eclipse-dev] Virus detected in launcher.exe?
Next by Date: Re: [eclipse-dev] Virus detected in launcher.exe?
Previous by thread: Re: [eclipse-dev] Virus detected in launcher.exe?
Next by thread: Re: [eclipse-dev] Virus detected in launcher.exe?
Index(es):
- Date
- Thread

Breadcrumbs