I am using Malawarebytes Pro and it is detecting the Spyware.Passwords.ED trojan in LdapAdmin.exe v1.6 dowloaded off your site, as well as an earlier version I have on hand.
Is LdapAdmin.exe infected? If so, how can I get a clean one?
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't see how! The v1.6 is hosted on a SourceForge Server and it runs through my eset virus scanner before it's uploaded. I've just runned several scanns with different scanners and nothing showed up, not to mention thousends of other users who downloaded LdapAdmin without problems. Im sure that's a false positive...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2015-03-11
I can't even download the LdapAdminExe.zip. Sonicwall antivirus indicates trojan and stops the download.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
your software LDAP Admin is listed in heise Download at http://www.heise.de/download/ldap-admin.html and we recently started offering version 1.6 (ldapadminexe-1.6.zip) for download.
Fortunately, our automatic virus checks (done in co-operation with AV-Test GmbH) with more than 40 virus scanners do not indicate a virus infection. Just in case you are interested in the scan result we are sending you the detailed scan report:
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2014-06-21
I also use malwarebytes and it found the same virus. I copied LdapAdmin.exe to a UNIX box and scanned it with clamav which said it was NOT infected.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2014-08-18
I've just experienced the same problem, so I used a previous version instead.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2014-08-30
I had the same result, malwarebytes has flagged this with spyware.passwords.ed malware
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2014-12-04
I am facing the exact same issue, I think it should be a serious problem with this file. It has to be checked by its programmers seriously. We cannot afford using an executable wich is not safe and try to steal passwords.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, if you download it from LdapAdmin or SourceFourge site, then you don't need to worry. If you are suspicious, you can download the sources and compile yourself.
Now, for all worring I think I know what the reason is. The LdapAdmin uses some self-modifying code to provide an efficient way for translating strings (this is due to limitations of Delphi VCL which does not provide for a natural way of intercepting a resource loader). This is most probably a reason for this heurustic positive, especially since this functionality is introduced in 1.6, hence the previous versions do not have this Problem!
Cheers,
Tihomir
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2015-02-12
Is there a GPG signature for the binary perhaps? Or maybe you could post an sha1sum for the compiled binary?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I am using Malawarebytes Pro and it is detecting the Spyware.Passwords.ED trojan in LdapAdmin.exe v1.6 dowloaded off your site, as well as an earlier version I have on hand.
Is LdapAdmin.exe infected? If so, how can I get a clean one?
Thanks
I don't see how! The v1.6 is hosted on a SourceForge Server and it runs through my eset virus scanner before it's uploaded. I've just runned several scanns with different scanners and nothing showed up, not to mention thousends of other users who downloaded LdapAdmin without problems. Im sure that's a false positive...
I can't even download the LdapAdminExe.zip. Sonicwall antivirus indicates trojan and stops the download.
It's false positive, check this e-mail:
Dear software developer,
your software LDAP Admin is listed in heise Download at http://www.heise.de/download/ldap-admin.html and we recently started offering version 1.6 (ldapadminexe-1.6.zip) for download.
Fortunately, our automatic virus checks (done in co-operation with AV-Test GmbH) with more than 40 virus scanners do not indicate a virus infection. Just in case you are interested in the scan result we are sending you the detailed scan report:
============================================================
Scan report of: 138435-ldapadminexe-1.6.zip
Ahnlab -
Avast -
AVG -
Avira -
Bitdefender -
Command -
Command (Online) -
Eset Nod32 -
Fortinet -
F-Prot -
G Data -
Ikarus -
K7 Computing -
Kaspersky -
Kaspersky (Online) -
McAfee -
McAfee (BETA) -
McAfee (Online) -
McAfee GW Edition (Online) -
Microsoft -
Norman -
Panda -
Panda (Online) -
QuickHeal -
Rising -
Rising (Online) -
Sophos -
Sophos (Online) -
Symantec -
Symantec (BETA) -
ThreatTrack -
Total Defense -
Trend Micro -
Trend Micro (Cons.) -
Trend Micro (CPR) -
VBA32 -
VirusBuster -
============================================================
The following updates have been used for the test (all times in UTC):
Ahnlab sdscan-console.zip 2014-12-09 13:25
Avast av5stream.zip 2014-12-09 14:10
AVG avg10cmd1191a8166.zip 2014-12-09 09:45
Avira vdf_fusebundle.zip 2014-12-09 14:05
Bitdefender bdc.zip 2014-12-09 10:30
Command antivir-v2-z-201412091115.zip 2014-12-09 12:15
Command (Online) antivir-v2-z-201412091115.zip 2014-12-09 12:15
Eset Nod32 minnt3.exe 2014-12-09 11:50
Fortinet vir_high 2014-12-09 12:45
F-Prot antivir.def 2014-12-09 13:25
G Data gd_sig.zip 2014-12-09 12:20
Ikarus t3sigs.vdb 2014-12-09 13:30
K7 Computing K7Cmdline.zip 2014-12-09 12:05
Kaspersky kdb-i386-cumul.zip 2014-12-09 13:40
Kaspersky (Online) kdb-i386-cumul.zip 2014-12-09 13:40
McAfee avvdat-7646.zip 2014-12-08 17:25
McAfee (BETA) avvwin_netware_betadat.zip 2014-12-09 14:05
McAfee (Online) avvdat-7646.zip 2014-12-08 17:25
McAfee GW Edition (Online) mfegw-cmd-scanner-windows.zip 2014-12-08 17:20
Microsoft mpam-fe.exe 2014-12-09 14:10
Norman nse7legacy.zip 2014-12-09 05:30
Panda pav.zip 2014-12-09 09:25
Panda (Online) pav.zip 2014-12-09 09:25
QuickHeal qhadvdef.zip 2014-12-06 16:50
Rising rame.zip 2014-12-08 10:05
Rising (Online) rame.zip 2014-12-08 10:05
Sophos ides.zip 2014-12-09 13:05
Sophos (Online) ides.zip 2014-12-09 13:05
Symantec streamset.zip 2014-12-09 14:10
Symantec (BETA) symrapidreleasedefsv5i32.exe 2014-12-09 13:20
ThreatTrack CSE39VT-EN-35572-F.sbr.sgn 2014-12-09 13:45
Total Defense fv_nt86.exe 2014-12-09 12:40
Trend Micro itbl1468601300.zip 2014-12-09 14:00
Trend Micro (Cons.) hcoth1133395.zip 2014-12-09 14:10
Trend Micro (CPR) lpt334.zip 2014-12-09 13:55
VBA32 vba32w-latest.rar 2014-12-09 09:45
VirusBuster vdb.zip 2014-12-08 13:10
============================================================ Scan start: 2014-12-09 14:14:15 Scan end: 2014-12-09 14:16:31
Sincerely yours,
the heise Download team
http://virusscan.jotti.org/fr/scanresult/ced8c36b51cc305cbf457c3a8af290753ede4359
I'm seeing this in MalwareBytes too. I suspect it's a false positive on a heuristic of some sort.
https://www.virustotal.com/en/file/91d2bce47e93c0609b7f5727369cf4ed8ddc3b1d15f7f5bb2b2cd53770005ef5/analysis/
I also use malwarebytes and it found the same virus. I copied LdapAdmin.exe to a UNIX box and scanned it with clamav which said it was NOT infected.
I've just experienced the same problem, so I used a previous version instead.
I had the same result, malwarebytes has flagged this with spyware.passwords.ed malware
I am facing the exact same issue, I think it should be a serious problem with this file. It has to be checked by its programmers seriously. We cannot afford using an executable wich is not safe and try to steal passwords.
Well, if you download it from LdapAdmin or SourceFourge site, then you don't need to worry. If you are suspicious, you can download the sources and compile yourself.
Now, for all worring I think I know what the reason is. The LdapAdmin uses some self-modifying code to provide an efficient way for translating strings (this is due to limitations of Delphi VCL which does not provide for a natural way of intercepting a resource loader). This is most probably a reason for this heurustic positive, especially since this functionality is introduced in 1.6, hence the previous versions do not have this Problem!
Cheers,
Tihomir
Is there a GPG signature for the binary perhaps? Or maybe you could post an sha1sum for the compiled binary?
I'll post the sha1sum as soon as I can.
sha1sum:
61e028af9a6bf9b305533fc436e38120167ae58c LdapAdmin.exe