#2300 trojan horse virus xmaxima.exe

None
closed
nobody
None
5
2012-12-11
2011-11-16
Ted Woollett
No

Trojan horse virus report for xmaxima.exe

My virus program AVG found that bin/xmaxima.exe
was a Trojan horse virus SHeur4.HKI for
the Maxima windows binary installations:

ver. 5.25.1gcl
5.25.0 gcl
5.24.0 gcl
5.22.1 gcl

After uninstalling these program files
located in c:/Program Files/...
and removing all icon links and folders,
a new version of 5.25.1gcl windows
binary was downloaded and scanned with
AVG (no problems found).

But the installation process (no
desktop icons mode) then found the
same problem with bin/xmaxima.exe,
which was removed to the virus vault
automatically by AVG.

My daily scan of the whole computer
later in the day found seven (7)
infected files with names such as
A0117921.exe located in sub-sub
folders of:
c:/System Volume Information/

which were removed to the virus vault
and all identified as
Trojan horse virus SHeur4.HKI

Ted Woollett

Discussion

  • Ted Woollett
    Ted Woollett
    2012-01-10

    Repetition of xmaxima.exe trojan infection observed Jan. 9 - 10.
    Following scan (AVG paid) of whole computer, the windows binary for
    v. 5.25.1gcl was downloaded. Scan of install file showed no
    problems. After installation, file xmaxima.exe was scanned
    (AVG) with no problems. Computer was shut down and after morning
    bootup attempt was made to run xmaxima.exe. AVG announced
    that the file was infected and the file then was quarantined
    and xmaxima.exe disappeared from ../bin and is not available
    for use. An immediate scan of the whole computer found no further
    infections.
    I suspect that the windows binary install file available on the
    Maxima site is a problem.

     
  • Robert Dodier
    Robert Dodier
    2012-12-11

    After asking about this problem on the mailing list, the wasn't a clear confirmation of the problem. However, to play it safe, I've removed the Windows installers for Maxima 5.22, 5.23, 5.24, 5.25, 5.26, and 5.27 from the Sourceforge file manager. Therefore closing this report.

     
  • Robert Dodier
    Robert Dodier
    2012-12-11

    • status: open --> closed
    • milestone: --> None