Dave DeBarr wrote:
For what it's worth, Computer Associates updated their signatures; and eTrust
no longer reports the installation program for the Windows version of R-2.7.2
as infected.
I found it surprisingly difficult to learn about how the Win32/Adclicker.JO
virus operates, and how eTrust detects it. I couldn't even get anyone to admit
it was a false positive (though it seems clear now).
Thanks for following up on this.
Duncan Murdoch
Regards,
Dave
________________________________________
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Ajay ohri [EMAIL
PROTECTED]
Sent: Tuesday, September 23, 2008 1:06 AM
To: Peter Dalgaard
Cc: r-help@r-project.org; Dave DeBarr; Duncan Murdoch
Subject: Re: [R] R-2.7.2 infected?
This is what it does. It seems like a false alarm because in case of
actual infection it seems
quite conspicious
Ajay
www.decisionstats.com
http://www.spywareguide.com/product_show.php?id=2569
Full Name:
Win32.AdClicker Websearch Read More
Type:Trojan
SG Index: 5 [Explain]
Removal tools:List of products that detect/remove/protect against
Win32.AdClicker:
Desktop Anti-malware: Pro User: X-Cleaner
Control IM and P2P use, block spyware and other malware: RTGuardian
Endpoint Spyware Remediation: Greynet Enterprise Manager
IM, P2P control, malware prevention and web filtering in single
appliance: Unified Security Gateway
Category Description:A Trojan is a program that enables an attacker to
get nearly complete control over an infected PC. Frequently used tool
by malicious hackers. When this program executes, the program performs
a specific set of actions. This usually works toward the goal of
allowing the trojan to survive on a system and open up a backdoor
.
Comment:This Trojan downloads many executable.It changes the
autostarter randomly. It also hijacks the desktop and puts a wall
paper saying that the system is affected and advertises a sites
?smart-security.info?.It duplicates each and every file which the user
creates with the same name and in the same Directory.
Properties:
Adds other software
Autostarts/Stays Resident
Installs Through Exploit
Opens ports
On Tue, Sep 23, 2008 at 1:29 PM, Peter Dalgaard
<[EMAIL PROTECTED]> wrote:
Peter Dalgaard wrote:
Dave DeBarr wrote:
Did you check the md5 checksum on it?
Yes; it matched: 540090dd892657804d1099c54d6f770d
And it is binary identical to the Austria CRAN one.
You're the first to report it, and 2.7.2 has been out for almost a
month, so I think it's likely that the CRAN copy is uninfected.
Sounds promising. Perhaps it's a false positive from eTrust.
Likely. A quick Googling indicates that other programs have been
"caught" too.
This link is illuminative:
http://www.cccp-project.net/forums/index.php?topic=2897.0
(I wanted to do the same thing with R, but http://www.virustotal.com has
a 20M cap on the file size.)
--
O__ ---- Peter Dalgaard Ă˜ster Farimagsgade 5, Entr.B
c/ /'_ --- Dept. of Biostatistics PO Box 2099, 1014 Cph. K
(*) \(*) -- University of Copenhagen Denmark Ph: (+45) 35327918
~~~~~~~~~~ - ([EMAIL PROTECTED]) FAX: (+45) 35327907
______________________________________________
R-help@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
--
Regards,
Ajay Ohri
http://tinyurl.com/liajayohri
______________________________________________
R-help@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
______________________________________________
R-help@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
______________________________________________
R-help@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.
