aMule Forum
English => aMule Help => Topic started by: Jake on September 27, 2008, 01:27:02 PM
-
Well I'm trying to download aMule for Windows but both links files gives a virus after completion, the Virus is NewHeur PE.
-
Thank you for this report, we are interested in resolving this:
1. Which files did you download? Could you calculate a checksum (Use i.e. http://www.md5summer.org) of the files?
2. Which virus scanner does report this result?
-
Where are oyu trying to download it from?
-
I downloaded the amule-2.2.2-install.exe from Sourceforge and BerliOS. I'm using Eset Nod32 3.0.650. It put the file in quaratin the moment I get it home.
-
Also NOD32 3.0.642.0
(http://img261.imageshack.us/img261/6563/09292008152323aq6.jpg)
No matter the source of the file (Sourceforge or Berlin)
-
I scanned the file at virusscan.jotti.org and only NOD32 detected it as a "probably unknown NewHeur_PE (probable variant)"
-
This morning I got a virus warning too. I'm using AVG (http://www.avg.com/).
(http://i34.tinypic.com/zvo6c8.png)
It moved amule.exe to the virus vault.
What's up with that?
Edit: I used latest build from sourceforge, always used the official amule.org page to get to the download link...
I do get the same error on a different PC after downloading from sf:
(http://i35.tinypic.com/mrblmw.png)
-
That is the problem with binaries. It may be a false alarm, but it may not be. Anyone knows how this program has been generated (environment)? MSVC, minGW? Maybe someone can try using something different or regenerate to make sure it is ok?
My suggestion is to remove the file ASAP until things are made clear.
-
Is the AVG warning only about the installer or about the amule.exe, amulegui.exe,... , too?
Both warnings are most probably false positives (the first one "heuristic", the second one "generic" - you won't find information about these viruses on the vendor's web page, because there is no such specific virus), but I'll upload a zip file to source forge while trying to contact the affected vendors.
-
It is both files. You can see that in the first picture I posted it is amule.exe and then the installer download from sf is the second picture. Probably both false positives, I didn't find anything about the Generic Trojan Horse too.
-
I contacted nod32 about this.
cv01: According to the AVG FAQ (http://www.avg.com/faq.num-1203?srch=false-positive#faq_1203), one should report these files using the program. Unfortunately I don't own AVG, would you be so kind to send the files for analysis?
I've also upload compressed files to the sourceforge download page (http://sourceforge.net/project/showfiles.php?group_id=88225&package_id=92596&release_id=616398)
-
I'm sending the files to AVG. In the .zip-file I get a Generic Trojan Horse for amulegui.exe. I keep you posted.
-
Was there no answer for this problem?
I use avaste antivirus and im getting the same Win32:Trojan-gen(other) warning with the downloaded exe, and the internal amule.exe file.
Ive downloaded every installer hosted here, and they all give the same warning.
Is it safe now?
-
I have received no further information from the nod32 developers and no anti-virus vendor has made a statement about their warnings. I would appreciate if you could contact the developers of avaste antivirus and ask them to check the concerning files.
These virus reports are very damaging to our reputation. I believe these are wrong warnings and I trust the package creators. If you are worried about the safety of the files, please do not install them and either use eMule or compile aMule yourself.
-
OK, I believe we know now about the origin of the warnings (I'll write a news item about it later).
Furthermore I did a scan on jotti.org today and got no virus warnings, can anyone confirm that nod32 does not recognize the file anymore? (I tested the installer and the amule.exe file.)
Nonetheless, there's now a aMule-2.2.2-mingw32.zip (http://downloads.sourceforge.net/amule/aMule-2.2.2-mingw32.zip) on sourceforge. I cross-compiled it yesterday on Linux and tested it on wine.
-
OK, I believe we know now about the origin of the warnings (I'll write a news item about it later).
Furthermore I did a scan on jotti.org today and got no virus warnings, can anyone confirm that nod32 does not recognize the file anymore? (I tested the installer and the amule.exe file.)
Nonetheless, there's now a aMule-2.2.2-mingw32.zip (http://downloads.sourceforge.net/amule/aMule-2.2.2-mingw32.zip) on sourceforge. I cross-compiled it yesterday on Linux and tested it on wine.
I don't use NOD32, I use AVG Free and it still detects a Trojan horse Generic11.accx in amulegui.exe. I can't send this file to jotti.org (I'm not sure, maybe AVG Free blocks the file).
The good new is that AVG free doesn't detect anything suspicious in your new aMule-2.2.2-mingw32.zip
Sorry for my bad English, I'm Spanish
-
I've just tried amulegui.exe with jotti.org. The only scanner detecting "Win32:Trojan-gen {Other}" is Avast, all others do not find anything.
I'm very glad there are no new problems with my binaries, thank you, DeM, for giving us feedback on this.
-
http://forum.amule.org/index.php?topic=15995.0