Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

24 Apr, 2024: Testing a new version of the Overboard here. If you have an issue post about it to rocksolid.nodes.help (I know. Everyone on Usenet has issues)

devel / comp.lang.ada / gtkada flagged as a trojan by Kaspersky

SubjectAuthor
* gtkada flagged as a trojan by KasperskyChris Townley
`* Re: gtkada flagged as a trojan by KasperskyDmitry A. Kazakov
 `* Re: gtkada flagged as a trojan by KasperskyChris Townley
  `- Re: gtkada flagged as a trojan by KasperskyChris Townley

1
gtkada flagged as a trojan by Kaspersky

<se1m22$apk$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=5637&group=comp.lang.ada#5637

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: new...@cct-net.co.uk (Chris Townley)
Newsgroups: comp.lang.ada
Subject: gtkada flagged as a trojan by Kaspersky
Date: Fri, 30 Jul 2021 21:05:20 +0100
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <se1m22$apk$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 30 Jul 2021 20:05:22 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="52b0f3b0348aeab97d975bacb7e16adf";
logging-data="11060"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Hlq7OjQbXOswRg0MqiXmjeUKIQth8YiU="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.12.0
Cancel-Lock: sha1:tdKnJZN5YA6vhtq8VcKO/kMIt0s=
Content-Language: en-GB
X-Mozilla-News-Host: news://news.eternal-september.org:119
 by: Chris Townley - Fri, 30 Jul 2021 20:05 UTC

Just tried to download gnat-1021 and gtkada-2021 for Win64, but
Kaspersky just deletes it with the following report:

Event: Malicious object detected
User: GONDOLIN\chris
User type: Active user
Application name: chrome.exe
Application path: C:\Program Files (x86)\Google\Chrome\Application
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: UDS:Trojan.Win32.Generic
Precision: Exactly
Threat level: High
Object type: File
Object name: gtkada-2021-x86_64-windows64-bin.exe
Object path: V:\WInusr\chris\downloads
MD5: D60E573005450391B12CAB1966F89703
Reason: Cloud Protection#

Has anyone seen this - is it a Kaspersky issue, or has it been compromised?

TIA

--
Chris

Re: gtkada flagged as a trojan by Kaspersky

<se34n6$1d1l$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=5642&group=comp.lang.ada#5642

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!aioe.org!N/bBT90+fJ5f2hH/+d3Lnw.user.46.165.242.91.POSTED!not-for-mail
From: mail...@dmitry-kazakov.de (Dmitry A. Kazakov)
Newsgroups: comp.lang.ada
Subject: Re: gtkada flagged as a trojan by Kaspersky
Date: Sat, 31 Jul 2021 11:21:42 +0200
Organization: Aioe.org NNTP Server
Message-ID: <se34n6$1d1l$1@gioia.aioe.org>
References: <se1m22$apk$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="46133"; posting-host="N/bBT90+fJ5f2hH/+d3Lnw.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.12.0
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
 by: Dmitry A. Kazakov - Sat, 31 Jul 2021 09:21 UTC

On 2021-07-30 22:05, Chris Townley wrote:
> Just tried to download gnat-1021 and gtkada-2021 for Win64, but
> Kaspersky just deletes it with the following report:
>
> Event: Malicious object detected
> User: GONDOLIN\chris
> User type: Active user
> Application name: chrome.exe
> Application path: C:\Program Files (x86)\Google\Chrome\Application
> Component: File Anti-Virus
> Result description: Detected
> Type: Trojan
> Name: UDS:Trojan.Win32.Generic
> Precision: Exactly
> Threat level: High
> Object type: File
> Object name: gtkada-2021-x86_64-windows64-bin.exe
> Object path: V:\WInusr\chris\downloads
> MD5: D60E573005450391B12CAB1966F89703
> Reason: Cloud Protection#
>
> Has anyone seen this - is it a Kaspersky issue, or has it been compromised?

Not this, but my installer packed by INNO Setup were falsely flagged by
some antivirus. So possibly, it is just self-extracting mechanics that
triggers false alarm.

I am PC anti-vaxxer (:-)), but if you are paranoid, create a Windows
virtual machine and install GNAT and then GtkAda there. Copy C:\GtkAda
to your working machine, scan it for viruses. That would effectively
install it without running the installer.

--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

Re: gtkada flagged as a trojan by Kaspersky

<se3jnm$vrs$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=5647&group=comp.lang.ada#5647

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: new...@cct-net.co.uk (Chris Townley)
Newsgroups: comp.lang.ada
Subject: Re: gtkada flagged as a trojan by Kaspersky
Date: Sat, 31 Jul 2021 14:37:58 +0100
Organization: A noiseless patient Spider
Lines: 42
Message-ID: <se3jnm$vrs$1@dont-email.me>
References: <se1m22$apk$1@dont-email.me> <se34n6$1d1l$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 31 Jul 2021 13:37:58 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="b4cd9a980d03346cc4dad7bd046dc055";
logging-data="32636"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19XKKwY/dD4pyMX9imbxPfpdIGWeLkFCGc="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.12.0
Cancel-Lock: sha1:2tA4/U2su2ZX3lWk1cCjNLDBIpI=
In-Reply-To: <se34n6$1d1l$1@gioia.aioe.org>
Content-Language: en-GB
 by: Chris Townley - Sat, 31 Jul 2021 13:37 UTC

On 31/07/2021 10:21, Dmitry A. Kazakov wrote:
> On 2021-07-30 22:05, Chris Townley wrote:
>> Just tried to download gnat-1021 and gtkada-2021 for Win64, but
>> Kaspersky just deletes it with the following report:
>>
>> Event: Malicious object detected
>> User: GONDOLIN\chris
>> User type: Active user
>> Application name: chrome.exe
>> Application path: C:\Program Files (x86)\Google\Chrome\Application
>> Component: File Anti-Virus
>> Result description: Detected
>> Type: Trojan
>> Name: UDS:Trojan.Win32.Generic
>> Precision: Exactly
>> Threat level: High
>> Object type: File
>> Object name: gtkada-2021-x86_64-windows64-bin.exe
>> Object path: V:\WInusr\chris\downloads
>> MD5: D60E573005450391B12CAB1966F89703
>> Reason: Cloud Protection#
>>
>> Has anyone seen this - is it a Kaspersky issue, or has it been
>> compromised?
>
> Not this, but my installer packed by INNO Setup were falsely flagged by
> some antivirus. So possibly, it is just self-extracting mechanics that
> triggers false alarm.
>
> I am PC anti-vaxxer (:-)), but if you are paranoid, create a Windows
> virtual machine and install GNAT and then GtkAda there. Copy C:\GtkAda
> to your working machine, scan it for viruses. That would effectively
> install it without running the installer.
>

Thanks - that is an option. I suppose I could build from source, but not
sure about my ability! Might give that a try.

I think I will get onto Kaspersky first - see what they say...

--
Chris

Re: gtkada flagged as a trojan by Kaspersky

<se5v70$3h7$1@dont-email.me>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=5651&group=comp.lang.ada#5651

  copy link   Newsgroups: comp.lang.ada
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: new...@cct-net.co.uk (Chris Townley)
Newsgroups: comp.lang.ada
Subject: Re: gtkada flagged as a trojan by Kaspersky
Date: Sun, 1 Aug 2021 12:06:08 +0100
Organization: A noiseless patient Spider
Lines: 58
Message-ID: <se5v70$3h7$1@dont-email.me>
References: <se1m22$apk$1@dont-email.me> <se34n6$1d1l$1@gioia.aioe.org>
<se3jnm$vrs$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 1 Aug 2021 11:06:08 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="9961f047a185466e05d717181cf57886";
logging-data="3623"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/dk7ay0z1xVdwgYnKUkigT/GRFzZrpQDc="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.12.0
Cancel-Lock: sha1:4p9CaE0k7UoDMlNVNupcay6OtNE=
In-Reply-To: <se3jnm$vrs$1@dont-email.me>
Content-Language: en-GB
 by: Chris Townley - Sun, 1 Aug 2021 11:06 UTC

On 31/07/2021 14:37, Chris Townley wrote:
> On 31/07/2021 10:21, Dmitry A. Kazakov wrote:
>> On 2021-07-30 22:05, Chris Townley wrote:
>>> Just tried to download gnat-1021 and gtkada-2021 for Win64, but
>>> Kaspersky just deletes it with the following report:
>>>
>>> Event: Malicious object detected
>>> User: GONDOLIN\chris
>>> User type: Active user
>>> Application name: chrome.exe
>>> Application path: C:\Program Files (x86)\Google\Chrome\Application
>>> Component: File Anti-Virus
>>> Result description: Detected
>>> Type: Trojan
>>> Name: UDS:Trojan.Win32.Generic
>>> Precision: Exactly
>>> Threat level: High
>>> Object type: File
>>> Object name: gtkada-2021-x86_64-windows64-bin.exe
>>> Object path: V:\WInusr\chris\downloads
>>> MD5: D60E573005450391B12CAB1966F89703
>>> Reason: Cloud Protection#
>>>
>>> Has anyone seen this - is it a Kaspersky issue, or has it been
>>> compromised?
>>
>> Not this, but my installer packed by INNO Setup were falsely flagged
>> by some antivirus. So possibly, it is just self-extracting mechanics
>> that triggers false alarm.
>>
>> I am PC anti-vaxxer (:-)), but if you are paranoid, create a Windows
>> virtual machine and install GNAT and then GtkAda there. Copy C:\GtkAda
>> to your working machine, scan it for viruses. That would effectively
>> install it without running the installer.
>>
>
> Thanks - that is an option. I suppose I could build from source, but not
> sure about my ability! Might give that a try.
>
> I think I will get onto Kaspersky first - see what they say...
>
Kaspersky replied:

> Dear customer,
>
> Thank you for your continued support. I apologize for my late response.
>
> We've just received a reply from our Virus Analysts with the following information.
>
> We like to apologize for the false detection, the fix is deployed on the next database update.
>
> Thank you for your help and stay safe!
>

Nice to hear, and a quick fix - great service from them

--
Chris

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor