[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [eclipse-dev] Virus detected in launcher.exe?
|
I got a virus definition update yesterday evening and after that the scan
comes up clean again. So it seems this was just bad timing on my end :(
Thank you all for checking, and sorry for the noise.
Carsten
PS: and agreed on the general rule. I'll file a bug next time.
On 03.02.2015 10:15, Daniel Megert wrote:
> I downloaded both files and checked them in their archived form, and also
> after extracting the files to disk. No viruses found.
>
> Dani
>
>
>
> From: David M Williams <david_williams@xxxxxxxxxx>
> To: "General development mailing list of the Eclipse project."
> <eclipse-dev@xxxxxxxxxxx>
> Date: 03.02.2015 09:10
> Subject: Re: [eclipse-dev] Virus detected in launcher.exe?
> Sent by: eclipse-dev-bounces@xxxxxxxxxxx
>
>
>
> Neither my Norton's "360" program, nor Windows Defender detects any
> problems on my (Windows 7) machine with any file associated with those
> URLs.
>
> But, I'd suggest, as a general rule, if anyone thinks they have found a
> virus in any program from "eclipse.org" (from a mirror, or not) that they
> open a bug (I suggest "Eclipse Foundation, website" component) since then
> it can receive proper discussion and investigation than it might otherwise
> receive from a post to this mailing list.
>
> If you do open such a bug, you might better describe how you "get" code
> from those URLs (in general, they are not designed for "web browser
> download", but for p2 download, for example) as well as better describe
> how you "verified that these are the original bits coming from the
> Eclipse Servers" (that's not always easy, so would deserve a detailed step
> by step description).
>
> Another item to report, is exactly with version of Windows, which version
> of Windows Defender, when last updated, etc. You might also report
> relevant settings (such as if Defender's "heuristics" is checked, or not
> -- an item important for detecting "mutated viruses" but likely to lead to
> more "false positives".
>
> I should emphasize the fact that "they are ok for me" but "not ok for you"
> might be all the more reason to be concerned about some sort of "man in
> the middle" hoax -- that is, I can not say *your* version of those files,
> are ok. That's another advantage of opening a bug. You could "zip up" what
> you downloaded, and attach it to the bug.
>
> Thanks for your concern about security. A subject that does deserve care.
>
>
>
>
>
> From: Carsten Reckord <reckord@xxxxxxxx>
> To: "General development mailing list of the Eclipse project."
> <eclipse-dev@xxxxxxxxxxx>,
> Date: 02/02/2015 08:51 PM
> Subject: Re: [eclipse-dev] Virus detected in launcher.exe?
> Sent by: eclipse-dev-bounces@xxxxxxxxxxx
>
>
>
> The downloads were part of a maven build using
> http://download.eclipse.org/eclipse/updates/4.5milestones
>
> Direct URLs are as follows:
>
> http://download.eclipse.org/eclipse/updates/4.5milestones/S-4.5M5-201501291830/binary/org.eclipse.equinox.executable_root.win32.win32.x86_3.6.100.v20150127-1814
>
>
> http://download.eclipse.org/eclipse/updates/4.5milestones/S-4.5M5-201501291830/features/org.eclipse.equinox.executable_3.6.100.v20150127-1814.jar
>
>
>
> On 02.02.2015 16:33, Daniel Megert wrote:
>> What exactly did you download? Please provide the URL.
>>
>> Thanks,
>> Dani
>>
>>
>>
>> From: Carsten Reckord <reckord@xxxxxxxx>
>> To: eclipse-dev@xxxxxxxxxxx
>> Date: 02.02.2015 16:09
>> Subject: [eclipse-dev] Virus detected in launcher.exe?
>> Sent by: eclipse-dev-bounces@xxxxxxxxxxx
>>
>>
>>
>> Hi everybody,
>>
>> I hope this is just a false positive, but with the latest platform
>> milestone
>> build, Windows Defender complains about the 32-bit launcher.exe shipped
>> with
>> org.eclipse.equinox.executable. It is detected as
> "Trojan:Win32/Repjexi".
>>
>> The following files are concerned (with md5):
>>
>>
> org.eclipse.equinox.executable_root.win32.win32.x86_3.6.100.v20150127-1814
>> md5: c569db1298814ee84795fc830826da21
>> contained file: launcher.exe
>>
>> org.eclipse.equinox.executable_3.6.100.v20150127-1814.jar
>> md5: f5f22c477f02876671a50b4c1a38187e
>> contained file: bin/win32/win32/x86/launcher.exe
>>
>> I verified that these are the original bits coming from the Eclipse
>> servers,
>> not some poisoned mirror.
>>
>> Best,
>> Carsten
>> _______________________________________________
>> eclipse-dev mailing list
>> eclipse-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe
>> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>>
>>
>>
>>
>>
>> _______________________________________________
>> eclipse-dev mailing list
>> eclipse-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>>
>
> _______________________________________________
> eclipse-dev mailing list
> eclipse-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>
> _______________________________________________
> eclipse-dev mailing list
> eclipse-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>
>
>
> _______________________________________________
> eclipse-dev mailing list
> eclipse-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://dev.eclipse.org/mailman/listinfo/eclipse-dev
>
--
Yatta Solutions GmbH
- Carsten Reckord -
t +49 (0)69 2475666-33
f +49 (0)69 2475668-0
e reckord@xxxxxxxx
Anschrift Office Kassel
Ludwig-Erhard-Straße 12
34131 Kassel
Anschrift Office Frankfurt a.M.
Mainzer Landstraße 50
60325 Frankfurt a.M.
Sitz, Handelsregister:
Sitz der Gesellschaft: Kassel
Amtsgericht Kassel, HRB 14720
USt-IdNr DE263191529
Geschäftsführung:
Johannes Jacop
Dr. Christian Schneider
Kontakt Geschäftsstelle:
t +49 (0)69 2475666-0
f +49 (0)69 2475668-0
e info@xxxxxxxx