Jim Mazdra
2006-Jan-07 23:57 UTC
[Instantrails-users] Trojan in Windows Download File -- Psyme.R
Hopefully I am just getting an error from my AV program (bitdefenderPro 9.0). When unzipping InstantRails-1.0, in directory " .../ruby/gems/1.8/cache/actionpack", bitdefender reports 4 instances of Trojan.Psyme.R are attemping to install. Is bitdefender nuts? Is rubyn00b nuts? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060107/2cb58b86/attachment.htm
Assaph Mehr
2006-Jan-08 00:00 UTC
[Instantrails-users] Trojan in Windows Download File -- Psyme.R
On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:> Hopefully I am just getting an error from my AV program (bitdefenderPro > 9.0). > > When unzipping InstantRails-1.0, in directory " > .../ruby/gems/1.8/cache/actionpack", bitdefender > reports 4 instances of Trojan.Psyme.R are attemping to install. > > Is bitdefender nuts? > Is rubyn00b nuts?I''d say bit defender. I''m getting no errors with McAfee and Norton, but I have seen in the past cases where they recognised valid ruby / zip files as having a virus signature. Just whack it over the head :-) Cheers, Assaph
Curt Hibbs
2006-Jan-08 01:03 UTC
[Instantrails-users] Trojan in Windows Download File -- Psyme.R
I''ve received one report wit McAfee. I thing its a false alarm, but I want to get rid of it just the same. Jim, did it tell you what files? Curt On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote:> > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote: > > Hopefully I am just getting an error from my AV program (bitdefenderPro > > 9.0). > > > > When unzipping InstantRails-1.0, in directory " > > .../ruby/gems/1.8/cache/actionpack", bitdefender > > reports 4 instances of Trojan.Psyme.R are attemping to install. > > > > Is bitdefender nuts? > > Is rubyn00b nuts? > > I''d say bit defender. I''m getting no errors with McAfee and Norton, > but I have seen in the past cases where they recognised valid ruby / > zip files as having a virus signature. Just whack it over the head :-) > > Cheers, > Assaph > > _______________________________________________ > Instantrails-users mailing list > Instantrails-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/instantrails-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060107/4403d771/attachment.htm
Curt Hibbs
2006-Jan-08 04:29 UTC
[Instantrails-users] Trojan in Windows Download File -- Psyme.R
I just did a virus scan on Instant Rails using AVG, McAfee, and BitDefender (latest versions of each), and it came up clean in all three cases. I think this is a false positive. Curt On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:> > I''ve received one report wit McAfee. I thing its a false alarm, but I want > to get rid of it just the same. Jim, did it tell you what files? > > Curt > > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote: > > > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote: > > > Hopefully I am just getting an error from my AV program > > (bitdefenderPro > > > 9.0). > > > > > > When unzipping InstantRails-1.0, in directory " > > > .../ruby/gems/1.8/cache/actionpack", bitdefender > > > reports 4 instances of Trojan.Psyme.R are attemping to install. > > > > > > Is bitdefender nuts? > > > Is rubyn00b nuts? > > > > I''d say bit defender. I''m getting no errors with McAfee and Norton, > > but I have seen in the past cases where they recognised valid ruby / > > zip files as having a virus signature. Just whack it over the head :-) > > > > Cheers, > > Assaph > > > > _______________________________________________ > > Instantrails-users mailing list > > Instantrails-users at rubyforge.org > > http://rubyforge.org/mailman/listinfo/instantrails-users > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060107/56711ca4/attachment.htm
Jim Mazdra
2006-Jan-08 22:21 UTC
[Instantrails-users] Trojan in Windows Download File -- Psyme.R
Bitdefender log follows: //----------------------------------------------------------------- // // Product: BitDefender 9 Professional Plus // Version: 9.0 // // Created on: 07/01/2006 19:18:09 // //----------------------------------------------------------------- Statistics Scan path : D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails-1.0-final-win.zip Folders : 0 Files : 19891 Archives : 209 Packed files : 1147 Identified viruses : 1 Infected files : 4 Warnings : 0 Suspect files : 0 Disinfected files : 0 Deleted files : 4 Copied files : 0 Moved files : 0 Renamed files : 0 I/O errors : 0 Scan time : 00:01:17 Scan speed (files/sec) : 258 Virus definitions : 250844 Scan plugins : 13 Archive plugins : 39 Unpack plugins : 4 Mail plugins : 6 System plugins : 1 Scan options Detection [X] Scan boot sectors [X] Scan archives [X] Scan packed files [X] Scan email File mask [ ] Programs [X] All files [ ] User defined extensions: [ ] Exclude extensions: ; Action Infected objects [ ] Ignore [ ] Disinfect [ ] Delete [ ] Copy to quarantine [ ] Move to quarantine [ ] Rename [X] Prompt user Second action [ ] Ignore [ ] Delete [ ] Copy to quarantine [ ] Move to quarantine [ ] Rename [ ] Prompt user Scan options [X] Enable warnings [X] Enable heuristics [ ] Show all files in log [X] Report file: D:\Program Files\Softwin\BitDefender9\Logs\vscan_1136683089.log Summary: D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 13) Infected: Trojan.Psyme.R D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 13) Deleted D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 14) Infected: Trojan.Psyme.R D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 14) Deleted D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz=>InstantRails-1.0-final-win.zip=>InstantRails-1.0 /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem=>data.tar.gz Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/cache/actionpack- 1.11.2.gem Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack- 1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 13) Infected: Trojan.Psyme.R D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack- 1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 13) Deleted D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack- 1.11.2/test/template/url_helper_test.rb Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack- 1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 14) Infected: Trojan.Psyme.R D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack- 1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT 14) Deleted D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip=>InstantRails-1.0/ruby/lib/ruby/gems/1.8/gems/actionpack- 1.11.2/test/template/url_helper_test.rb Update D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- 1.0-final-win.zip Update On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote:> > I just did a virus scan on Instant Rails using AVG, McAfee, and > BitDefender (latest versions of each), and it came up clean in all three > cases. I think this is a false positive. > > Curt > > On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote: > > > > I''ve received one report wit McAfee. I thing its a false alarm, but I > > want to get rid of it just the same. Jim, did it tell you what files? > > > > Curt > > > > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote: > > > > > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote: > > > > Hopefully I am just getting an error from my AV program > > > (bitdefenderPro > > > > 9.0). > > > > > > > > When unzipping InstantRails-1.0, in directory " > > > > .../ruby/gems/1.8/cache/actionpack", bitdefender > > > > reports 4 instances of Trojan.Psyme.R are attemping to install. > > > > > > > > Is bitdefender nuts? > > > > Is rubyn00b nuts? > > > > > > I''d say bit defender. I''m getting no errors with McAfee and Norton, > > > but I have seen in the past cases where they recognised valid ruby / > > > zip files as having a virus signature. Just whack it over the head :-) > > > > > > > > > Cheers, > > > Assaph > > > > > > _______________________________________________ > > > Instantrails-users mailing list > > > Instantrails-users at rubyforge.org > > > http://rubyforge.org/mailman/listinfo/instantrails-users > > > > > > > > > _______________________________________________ > Instantrails-users mailing list > Instantrails-users at rubyforge.org > http://rubyforge.org/mailman/listinfo/instantrails-users > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060108/b9e065b8/attachment-0001.htm
Curt Hibbs
2006-Jan-08 23:52 UTC
[Instantrails-users] Trojan in Windows Download File -- Psyme.R
I scanned the unzipped directory tree, but it looks like you scanned the zip file itself. I don''t know why that should make a difference. Curt On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote:> > Bitdefender log follows: > > //----------------------------------------------------------------- > // > // Product: BitDefender 9 Professional Plus > // Version: 9.0 > // > // Created on: 07/01/2006 19:18:09 > // > //----------------------------------------------------------------- > > > Statistics > > Scan path : D:\Documents and Settings\Jim > Mazdra\Desktop\Executables\InstantRails-1.0-final-win.zip > Folders : 0 > Files : 19891 > Archives : 209 > Packed files : 1147 > Identified viruses : 1 > Infected files : 4 > Warnings : 0 > Suspect files : 0 > Disinfected files : 0 > Deleted files : 4 > Copied files : 0 > Moved files : 0 > Renamed files : 0 > I/O errors : 0 > Scan time : 00:01:17 > Scan speed (files/sec) : 258 > > Virus definitions : 250844 > Scan plugins : 13 > Archive plugins : 39 > Unpack plugins : 4 > Mail plugins : 6 > System plugins : 1 > > Scan options > > Detection > [X] Scan boot sectors > [X] Scan archives > [X] Scan packed files > [X] Scan email > > File mask > [ ] Programs > [X] All files > [ ] User defined extensions: > [ ] Exclude extensions: ; > > Action > > Infected objects > [ ] Ignore > [ ] Disinfect > [ ] Delete > [ ] Copy to quarantine > [ ] Move to quarantine > [ ] Rename > [X] Prompt user > > Second action > [ ] Ignore > [ ] Delete > [ ] Copy to quarantine > [ ] Move to quarantine > [ ] Rename > [ ] Prompt user > > Scan options > [X] Enable warnings > [X] Enable heuristics > [ ] Show all files in log > [X] Report file: D:\Program > Files\Softwin\BitDefender9\Logs\vscan_1136683089.log > > > Summary: > > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip= >InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=> > InstantRails-1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT > 13) Infected: Trojan.Psyme.R > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=> > InstantRails-1.0-final-win.zip= >InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT > 13) Deleted > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=> > InstantRails-1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz= > > InstantRails-1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT > 14) Infected: Trojan.Psyme.R > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=> > InstantRails-1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb=>(JAVASCRIPT 14) Deleted > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem= >data.tar.gz=> > InstantRails-1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar=>test/template/url_helper_test.rb > Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz=> > InstantRails-1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem=>data.tar.gz Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/cache/actionpack-1.11.2.gem Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT > 13) Infected: Trojan.Psyme.R > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT > 13) Deleted > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=>InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb > Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip=> InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT > 14) Infected: Trojan.Psyme.R > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip= >InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb=>(JAVASCRIPT > 14) Deleted > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip= >InstantRails-1.0 > /ruby/lib/ruby/gems/1.8/gems/actionpack-1.11.2/test/template/url_helper_test.rb > Update > D:\Documents and Settings\Jim Mazdra\Desktop\Executables\InstantRails- > 1.0-final-win.zip Update > > > On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote: > > > > I just did a virus scan on Instant Rails using AVG, McAfee, and > > BitDefender (latest versions of each), and it came up clean in all three > > cases. I think this is a false positive. > > > > Curt > > > > On 1/7/06, Curt Hibbs <curt.hibbs at gmail.com> wrote: > > > > > > I''ve received one report wit McAfee. I thing its a false alarm, but I > > > want to get rid of it just the same. Jim, did it tell you what files? > > > > > > Curt > > > > > > On 1/7/06, Assaph Mehr <assaph at gmail.com> wrote: > > > > > > > > On 1/8/06, Jim Mazdra <jim.mazdra at gmail.com> wrote: > > > > > Hopefully I am just getting an error from my AV program > > > > (bitdefenderPro > > > > > 9.0). > > > > > > > > > > When unzipping InstantRails-1.0, in directory " > > > > > .../ruby/gems/1.8/cache/actionpack", bitdefender > > > > > reports 4 instances of Trojan.Psyme.R are attemping to install. > > > > > > > > > > Is bitdefender nuts? > > > > > Is rubyn00b nuts? > > > > > > > > I''d say bit defender. I''m getting no errors with McAfee and Norton, > > > > but I have seen in the past cases where they recognised valid ruby / > > > > zip files as having a virus signature. Just whack it over the head > > > > :-) > > > > > > > > Cheers, > > > > Assaph > > > > > > > > _______________________________________________ > > > > Instantrails-users mailing list > > > > Instantrails-users at rubyforge.org > > > > http://rubyforge.org/mailman/listinfo/instantrails-users > > > > > > > > > > > > > > _______________________________________________ > > Instantrails-users mailing list > > Instantrails-users at rubyforge.org > > http://rubyforge.org/mailman/listinfo/instantrails-users > > > > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://rubyforge.org/pipermail/instantrails-users/attachments/20060108/88c7b952/attachment.htm