#31 Virus Found In Win32Forth Download file

[Flippin Engineering]

Infected Download Package w32f61404.exe
setup.exe file in Win32Forth root directory is infected with
w32.worm.gen according to Webroot.

Since I can't install Win32Forth, I cant give you any better version and build information than what is imbedded within the download file name.

I dont know anything about this virus. I would like a clean setup.exe file, if possible. Or, at least, tell me how to clean the file.

I believe this problem may exist across several versions over a number of years.

I sent a message to webroot support re this issue but have not heard back yet.

Any Help Appreciated,

Curtis Flippin
Flippin Engineering
cgf@lighthousepubl.com
15Apr2014Tue

[Flippin Engineering]

Update

I've learned that over the last 3 or 4 years many people have experienced what appears to be false alarms from antivirus software, including McAfee, AVG, Webroot and others, when installing or using Win32Forth. The problem has been reported for Win32Forth versions from 6.10 through 6.14. The viruses the scanners have reported vary over a wide range. I believe these may be false positives.

I tried scanning The "infected" file with both the Microsoft Safety Scanner (version 1.0.3001.0) and Windows Defender with all updates through 4/15/14. Neither of these scanners reported any problem with the setup.exe file nor any other file in the w32f61404.exe package.

Apparently, the virus reported by Webroot, w32.worm.gen, is a generic hit that does not identify any particular virus but, rather, a suspicious pattern that its heuristics didn't like.

Just for yucks, I tried scanning another install package from Sourceforge, spf4-20-setup.exe and got similar results from Webroot on the file, spf4.exe, which it reported as having w32.malware.gen.

By the way, all of the files identified as infected in every case I reviewed was an exe file though not always the same one(s).

Message From Webroot:

Hello,

Thank you for submitting your report. We have examined the logs from your system and found that the detected items were the result of a false positive, and are not a threat. We have updated our security definitions to address this.

You may un-quarantine and restore the file that was quarantined by the Webroot SecureAnywhere software if you have not already done so. To restore the file:

1. Open on the cog icon next to PC Security.
2. Click the Quarantine tab.
3. Click the check box next to the filename, then click Restore.

Now that this change is in effect, we request that you run another scan of your computer (click "Scan My Computer" on the main overview window). If the same detection occurs, please let us know immediately.

Thank you,

Webroot Advanced Malware Removal Team

I think that closes this issue!