Hi!
May i have a question to you, folks.. if i download Viewer 1.17.3 i get an information from my Virus-Checker (F-Secure 2007), that in that file from SL is a Virus named "DNSChanger.gen11".
Get anyone other the same information? So.. how now?
Could someone give me a help, what i have to do now?
Thanks.
Regards,
NorgeTroll
Welcome to the Second Life Forums Archive
These forums are CLOSED. Please visit the new forums HERE
Virus in 1.17.3 |
|
|
NorgeTroll Fredriksson
Registered User
Join date: 16 May 2007
Posts: 2
|
07-08-2007 00:01
|
|
Randal Kline
huh?
Join date: 1 Jul 2007
Posts: 192
|
07-08-2007 01:24
there have been similar cases to yours for this particular version. unless you really need this upgrade, i would suggest you wait till the next version on wednesday. why take the risk?
_____________________
* Snapshots *
http://sluniverse.com/pics/Default.aspx?name=Randal%20Kline |
|
NorgeTroll Fredriksson
Registered User
Join date: 16 May 2007
Posts: 2
|
07-08-2007 01:39
I get your point and i agree with it.. let's see what 1.18 brings up
 |
|
Kevin Susenko
Voice Mentor
Join date: 11 Jul 2006
Posts: 198
|
07-08-2007 05:27
From what I could find this looks like it's an issue with the nullsoft installer/uninstaller. Since other people have had F-Secure report the same thing on WinAmp's uninstaller: http://forum.avira.de/thread.php?postid=204449&sid=f60dc31766b027c4ec9b4a68ecf51d05#post204449.
It seems it's being identified as potential malware because it creates temporary files related to the uninstallation inside the Windows folder: NO_MALWARE DNSChanger.gen10 [ DetectionInfo ] * Sandbox name: NO_MALWARE * Signature name: DNSChanger.gen10 [ General information ] * **Locates window "NULL [class #32770]" on desktop. * **Locates window "NULL [class Button]" on desktop. * File length: 70418 bytes. [ Changes to filesystem ] * Creates directory C:\WINDOWS\TEMP. * Creates file C:\WINDOWS\TEMP\nsx8999.tmp. * Deletes file C:\WINDOWS\TEMP\nsx8999.tmp. * Creates file C:\WINDOWS\TEMP\nsx8899.tmp. * Creates file C:\WINDOWS\TEMP\nsy8099.tmp. * Deletes file C:\WINDOWS\TEMP\nsy8099.tmp. * Creates directory C:\WINDOWS. * Creates directory C:\WINDOWS\TEMP\nsy8099.tmp. * Creates file C:\WINDOWS\TEMP\nsy8099.tmp\reuninstall.ini. * Creates file C:\WINDOWS\TEMP\nsy8099.tmp\ioSpecial.ini. * Creates file C:\WINDOWS\TEMP\nsy8099.tmp\modern-wizard.bmp. * Deletes file C:\WINDOWS\TEMP\nsy8099.tmp\REUNIN~1.INI. * Deletes file C:\WINDOWS\TEMP\nsy8099.tmp\IOSPEC~1.INI. * Deletes file C:\WINDOWS\TEMP\nsy8099.tmp\MODERN~1.BMP. * Deletes directory C:\WINDOWS\TEMP\nsy8099.tmp\. [ Changes to system settings ] * Modifies profile key "RTL"="0" in section [Settings] of file C:\WINDOWS\TEMP\nsy8099.tmp\reuninstall.ini. * Modifies profile key "RTL"="0" in section [Settings] of file C:\WINDOWS\TEMP\nsy8099.tmp\ioSpecial.ini. * Modifies profile key "Text"="C:\WINDOWS\TEMP\nsy8099.tmp\modern-wizard.bmp" in section [Field 1] of file C:\WINDOWS\TEMP\nsy8099.tmp\ioSpecial.ini. [ Signature Scanning ] * C:\WINDOWS\TEMP\nsx8899.tmp (116734 bytes) : no signature detection. From: http://www.norman.com/microsites/nsic/Statistics/42415/en-us I couldn't find anything saying that it was either a virus or dangerous. _____________________
CPU: Intel Core 2 Duo E6400 (Overclocked - 2.8GHz) | Mobo: EVGA nForce 680i SLI | GPU: XFX nVidia GeForce 8800 GTX 768mb GDDR3 | Memory: 4gb DDR2 PC5300 667MHz Dual Channel | PSU: Antec Neo HE 550w | Sound: SoundBlaster X-Fi Xtrememusic | HDD: 950gb total SATA3 | OS: Windows Vista Ultimate 64-bit
|