HOME ➔ SUPPORT ➔ Community ➔ General CourseLab issues ... Trojan Virus Detected on Download
Trojan Virus Detected on Download
  View type:
When I try to download the zip file to install Courselab , my antivirus software repeatedly warns me of a trojan virus. This happens even before I complete my download. I'm using Avast Antivirus, latest free version. Is this something others have encountered?

Thanks,
Pete
 
Hi! avast seems to me too bigger and too stupid. I tried it but it made me many ugly days so that i work now with http://www.trustdownload.com/Antivirus-and-Spyware-Cleaners/Antivirus/Kaspersky-Internet-Security-7.0.html
I recommend you too[;)]
 
Hi, All,

The alarm was false positive (suspicious file does nothing special, but it looks into Windows registry to detect user locale - it seems that it reminds to AV software some trojan[:)]). Although some AV-vendors have already fixed the signatures we decided to change this file to eliminate these alarms. Starting from 19.May there is updated installer on the site.
Please let us know if there will be similar issues with updated installer.
 
 
I downloaded and installed the file today. Upon start of the application I still get Security Risk warning. I'm using Symantec Endpoint Protection 11.0.4014.26.

I get following warnings:

1. Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Downloader
File: C:\Documents and Settings\andemats\Application Data\Microsoft\Installer\{36FE657A-F88B-4CB6-AAD3-34E3FB6F3AD9}\MsiIcon.exe
Location: C:\Documents and Settings\andemats\Application Data\Microsoft\Installer\{36FE657A-F88B-4CB6-AAD3-34E3FB6F3AD9}
Computer: VMWA01
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: den 4 juni 2009 13:40:30

2. Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Downloader
File: C:\Documents and Settings\andemats\Application Data\Microsoft\Installer\{36FE657A-F88B-4CB6-AAD3-34E3FB6F3AD9}\MsiIcon.exe
Location: Unknown Storage
Computer: VMWA01
User: SYSTEM
Action taken: Cleaned by Deletion
Date found: den 4 juni 2009 13:41:06

Any ideas? [:confused:]
 
 
 
Its the component of the program that links to courselab to register the software. This action does mimic what a tojan might do, install then set up comms with a remote host.
You might say why doesn't this happen with say MS products, well it's because they are usually on a safe list which actually represents a massive security risj should an MS product ever be compromised. And yes some downloads of MS items NOT directly from MS have had this happen.
You notice that no actual named virus or virus type is mentioned, just that a risk exists. This means there is a POTENTIAL problem but not neccesarily a REAL problem.
The response, deleting a file is severe overkill. Imagine if you had had to purchase Courselab at a likely retail price of up to $1000 wouldn't you be upset.
At the end of the day it should be your assessment of risk that defines your reaction to suspect files. In this case the risk is low.
 
 
 
 
Yeah, I could agree that deleting a file is a bit of overkill, BUT if this really were a virus/trojan I would be glad my AV found it and deleted it.

There must also be a reason why MsiIcon.exe is not signed by Symantec. I had a discussion with the AV responsible at my company and according to him MsiIcon.exe is a common name to be used by trojans. I'm not sure this is true, as it is 2nd hand information.

Anyway, we posted a case at Symantec and they wanted the file to check it. I've not yet been able to extract the file.
 
 
 
 
 
It's more than likely true Anders but is an appalingly weak piece of logic...
It's rather like saying most of the man eating carnivores are lions therefore all lions are maneaters. ;)
 
 
 
 
 
 
Hehe! True Nickj, but I still wouldn't let a Lion in to my home.

Anyway, I've been in contact with Symantec. They want to review the file that makes my antivirus go haywire. I tried during the installation to save the file. But it seems that the file is only available a short while and I cannot manage to save it. Even though I uninstalled the Symantec Antivirus.

Any idea how to get hold of the file?
 
 
 
 
 
 
Hehe! True Nickj, but I still wouldn't let a Lion in to my home.

Anyway, I've been in contact with Symantec. They want to review the file that makes my antivirus go haywire. I tried during the installation to save the file. But it seems that the file is only available a short while and I cannot manage to save it. Even though I uninstalled the Symantec Antivirus.

Any idea how to get hold of the file?
 
 
 
 
 
 
Hehe! True Nickj, but I still wouldn't let a Lion in to my home.

Anyway, I've been in contact with Symantec. They want to review the file that makes my antivirus go haywire. I tried during the installation to save the file. But it seems that the file is only available a short while and I cannot manage to save it. Even though I uninstalled the Symantec Antivirus.

Any idea how to get hold of the file?
 
 
 
 
BTW current results for a few AV products all give the same result, which is a big fat ZERO.

Antivirus & Version Update Result
AntiVir 7.9.0.180 2009.06.04 -
Antiy-AVL 2.0.3.1 2009.06.04 -
Authentium 5.1.2.4 2009.06.04 -
Avast 4.8.1335.0 2009.06.04 -
BitDefender 7.2 2009.06.04 -
CAT-QuickHeal 10.00 2009.06.04 -
ClamAV 0.94.1 2009.06.04 -
Comodo 1258 2009.06.04 -
DrWeb 5.0.0.12182 2009.06.04 -
eTrust-Vet 31.6.6539 2009.06.04 -
F-Prot 4.4.4.56 2009.06.04 -
Fortinet 3.117.0.0 2009.06.04 -
Ikarus T3.1.1.59.0 2009.06.04 -
K7AntiVirus 7.10.754 2009.06.04 -
Kaspersky 7.0.0.125 2009.06.04 -
McAfee 5636 2009.06.04 -
McAfee+Artemis 5636 2009.06.04 -
McAfee-GW-Ed 6.7.6 2009.06.04 -
Microsoft 1.4701 2009.06.04 -
NOD32 4131 2009.06.04 -
Norman 6.01.09 2009.06.04 -
nProtect 2009.1.8.0 2009.06.04 -
Panda 10.0.0.14 2009.06.04 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.04 -
Rising 21.32.34.00 2009.06.04 -
Sophos 4.42.0 2009.06.04 -
Symantec 1.4.4.12 2009.06.04 -
TheHacker6.3.4.3.339 2009.06.03 -
TrendMicro8.950.0.1092 2009.06.04
ViRobot 2009.6.4.1769 2009.06.04

This should go a small way in showing the current download is clean.
 
Hi,

it seems that Avast has already fixed the issue. At least it does not report trojan anymore (the same installation that did detect trojan few days ago, with latest virus signature updates). Perhaps they did fix according to my False-Positive suggestion report. I have not got the answer from Avast support though.
 
During the installation of courselab, at the 99,9% of installation, i got a backdoor-virus warning from my Bitdefender antivirus (using both signature and heuristic scan) of the desktop *.ico file
 
 
Hi, Tasos,

we have already submitted report to BitDefender support, but have no answer yet.
 
Hi!

It seems to be the same case as with AVG about 2 months ago (at least the same file as target). AVG reported it was false positive after our submission. Just have done submitting the file to Avast also. Of course I cannot say that everything is OK, but Norton, Kaspersky and Dr.Web did not found anything in package. Lets wait the answer from Avast.
Subject:
Message options
No additional options