Dev-C++ / Tracker / #106 Dev-Cpp 5.5.3 MinGW 4.7.2 Setup.exe infected?

Description has changed:

Diff:

--- old
+++ new
@@ -1,3 +1,6 @@
-So I was searching alternative IDE for C++ since I dont really like Code Blocks. After a while I found Orwell Dev-C++ which looked promising so I decided to give it a try (I downloaded version with MinGW from SourceForge (Dev-Cpp 5.5.3 MinGW 4.7.2 Setup.exe). However before installing it to my computer I decided to scan it in Virustotal and it found 2 detections: TROJ_GEN.F47V1205 (by TrendMicro-HouseCall) and suspected of Malware-Cryptor.FSP.gen (by VBA32). You can see the scan report from here ---> https://www.virustotal.com/fi/file/1f81b8288177572bd166da415df5bc8d49d78fd9ce2eb2e0098fc9f5f8114ca6/analysis/1390336018/
+So I was searching alternative IDE for C++ since I dont really like Code Blocks. After a while I found Orwell Dev-C++ which looked promising so I decided to give it a try (I downloaded version with MinGW from SourceForge (Dev-Cpp 5.5.3 MinGW 4.7.2 Setup.exe). However before installing it to my computer I decided to scan it in Virustotal and it found 2 detections: TROJ_GEN.F47V1205 (by TrendMicro-HouseCall) and suspected of Malware-Cryptor.FSP.gen (by VBA32). 
+
+You can see the scan report from here ---> https://www.virustotal.com/fi/file/1f81b8288177572bd166da415df5bc8d49d78fd9ce2eb2e0098fc9f5f8114ca6/analysis/1390336018/
+
 However Orwell Dev-C++ with TDM-GCC (Dev-Cpp 5.5.3 TDM-GCC x64 4.7.1 setup.exe) appears to be clean according to Virustotal scan (https://www.virustotal.com/fi/file/75addd4463ee367bb304c3c79bd5c5c56e82e5b6e11209c629c9a433c88e5e07/analysis/1390335912/)
 So are those 2 detections only false positives or is Orwell Dec-C++ MinGW really infected?

Milestone: -->

Description has changed:

Diff:

--- old
+++ new
@@ -3,4 +3,5 @@
 You can see the scan report from here ---> https://www.virustotal.com/fi/file/1f81b8288177572bd166da415df5bc8d49d78fd9ce2eb2e0098fc9f5f8114ca6/analysis/1390336018/

 However Orwell Dev-C++ with TDM-GCC (Dev-Cpp 5.5.3 TDM-GCC x64 4.7.1 setup.exe) appears to be clean according to Virustotal scan (https://www.virustotal.com/fi/file/75addd4463ee367bb304c3c79bd5c5c56e82e5b6e11209c629c9a433c88e5e07/analysis/1390335912/)
+
 So are those 2 detections only false positives or is Orwell Dec-C++ MinGW really infected?

orwelldevcpp - 2014-01-27

1) The compiler provided with that setup by itself generates these, in my opinion, false positives too. We can conclude from this that Dev-C++ without the bundled compiler is not generating the false positives.
https://www.virustotal.com/en/file/66c22a97a24e3443edd0e0052863dc289362dda981f13c5a211dae1826d0d1c2/analysis/1390841852/

2) I've downloaded the MinGW compiler directly from their website, and changed the following things (from changes.txt inside the compiler folder):

Changes made to the original MinGW 4.7.2 install:

Removed the doc folder.

Removed the var folder.

Removed the share folder.

Removed mingw-get.exe~ from bin.

Added rm.exe from GCC 3.4.2.

These changes are in my opinion completely harmless.

3) Chances of an unmodified MinGW being infected are near zero. If they were, nearly every port of GCC to Windows would be infected. The MinGW guys would never take the risk of causing that much horror.

4) According to a montly HitmanPro scan, my computers are not infected.

Conclusion: false positive.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

orwelldevcpp - 2014-01-27

status: open --> fixed

assigned_to: orwelldevcpp
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dev-Cpp 5.5.3 MinGW 4.7.2 Setup.exe infected?

A free, portable, fast and simple C/C++ IDE

Milestone

Help

#106 Dev-Cpp 5.5.3 MinGW 4.7.2 Setup.exe infected?

Discussion