Second Life Forums Archive - Aditi 1.13.0.8 installation triggers AntiVirus warning

Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

Second Life Forums Archive > Resident Forums > Technical Talk > Technical Issues

Aditi 1.13.0.8 installation triggers AntiVirus warning
Ey Ren Registered User Join date: 12 Jul 2006 Posts: 7	11-29-2006 09:16 Trying install the Beta Grid (”Aditi”) client version 1.13.0.8 fails when my anti-virus software claims that the file UserInfo.dll is infected by W32/Starware.A - an ad/spyware whose updated signature was added to my anti-virus program today, Nov 29. I am a bit concerned that the outsourced distribution of clients can have been compromised or that LL has gotten this ware on the system used to compile the client. It could of course be some sort of maldetection, that the UserInfo.dll file for some reason contains sufficient similarity to Starware for my program to trigger, but I’m really reluctant to install both Beta and the main client until I have gotten a response from Linden on the matter. My AntiVirus software is Norman AntiVirus. EDIT ------- Just for reference, my concern has been answered on blog.secondlife.com: Joshua Linden Says: November 29th, 2006 at 9:43 AM UTC-8 @Ey Ren: Thanks for being concerned! I’ve verified that the md5sum on the Win32 installer downloaded from S3 matches the one we uploaded (27db2995ddbd2dd80ad13f5c2866957c if you’re interested) - that is, nothing has been altered about the file on S3. I’ve re-run our anti-virus software (Kaspersky) with signatures updated this morning against the Win32 installer, the installed binaries, the build files, and UserInfo.dll file itself. The UserInfo.dll file itself is not part of Second Life but part of a 3rd party installer we use (NSIS). Based on an (admittedly quick) investigation, we believe that the file is used to query the system about user information - it reports account type and name to verify that the user has permissions to install. It is possible that some actual malware relies on the same DLL or a DLL with the same name as part of its install, and thus your malware signature provider has started flagging this file. (FWIW, we’ve compared md5sums on that file itself - 419d642fe3436fda8bb22eea9c37a6ca) If you’d like further information, contact me at [email]josh@lindenlab.com[/email]. I’d be interested in hearing about what scanner software you’re using that reported this.
Ey Ren Registered User Join date: 12 Jul 2006 Posts: 7	Malware detection of UserInfo.dll false-positive 11-29-2006 14:12 For the record, the makers of my anti-virus software has confirmed that this is a false-positive maldetection that is already corrected in updated signature files. Thanks to Joshua Linden for quick response and resolving of the issue.