Re: [libwdi-devel] Virus-Alarm in zadig_v2.0.1.160.7z
Windows Driver Installer library for USB devices
Brought to you by:
pbatard
From: Pete B. <pb...@gm...> - 2013-01-13 20:56:06
|
Hi Philipp, On 2013.01.13 16:55, dexter wrote: > My antivirus utility (avira) reports the virus TR/Crypt.ZPACK.gen7 in > the file C:/usb_driver/installer_x86.exe after running zadig.exe. I > personally think that this might be a false positive. I also have > checked this with some older versions but i think you should immediately > check if your files are compromised. > > I have informed avira and sent the file in for further checking. I will > keep you posted. Thanks for the report. The only way I can see the installer getting compromised is if I got a virus that targets the MinGW compiler to inject malicious code in the executable it produces, or a virus that is extremely reactive with regards to injecting itself into executables and isn't detected by McAfee or Microsoft Security Essentials, which seems very dubious. The problem I see is that the time between which installer_x86.exe is created and the time it is embedded into Zadig.exe is very short (less than a minute), so that virus would have to compromise the file during that very short timeframe, or have compromised a compiler that isn't that widely used, which I see as extremely unlikely. Unfortunately, from producing software that deals with advanced system level activities, such as legitimately installing a bootloader or a driver, and antiviruses not being as smart was we would all like them to be, I've seen my share of false positives, so I guess this will be just another one added to the list... I'm pretty sure Avira will confirm this as well, especially as the code for installer_x86.exe is fully Open Source [1], so if there's anything extra added that shouldn't be there, it will be very explicit. Regards, /Pete [1] https://github.com/pbatard/libwdi/blob/master/libwdi/installer.c |