[solved] Download compromised according to Windows Defender

SMTube is a YouTube browser that can be used along with SMPlayer. Let's talk about it.

[solved] Download compromised according to Windows Defender

Postby krabat » Sat Apr 09, 2016 1:52 pm

According to Windows ® Defender of Windows 10 download smtube-16.3.0-x64.exe on sourceforge.net is infected with Trojan Win32/Varpes.M!cl.

The SHA1 hash of the local download is the same as the one stated on the downloads page.
Searching the web strongly suggests downloads on sourceforge.net have been including malware several times before. So wouldn't it eventually be advisable to stop using this platform?
Also, it would be good if SMTube was covered by Windows signatures, much as SMPlayer is already by now.

Anyway it would be nice if you could give some feedback what's going on here.
Last edited by krabat on Sun Apr 10, 2016 7:34 pm, edited 1 time in total.
krabat
 
Posts: 3
Joined: Sat Apr 09, 2016 12:53 pm

Re: Download compromised according to Windows Defender

Postby rvm » Sat Apr 09, 2016 7:27 pm

You can see here an analysis of the file by a lot of antivirus:
https://www.virustotal.com/en/file/b496 ... /analysis/

None of them detects anything wrong. The file is clean.

I've just signed both installers.
rvm
Site Admin
 
Posts: 2804
Joined: Wed Dec 23, 2009 1:25 am
Location: España

Re: Download compromised according to Windows Defender

Postby krabat » Sun Apr 10, 2016 5:10 pm

The results on virustotal.com are indeed strongly suggesting that everything's alright with the file and the warning of Windows Defender was some false-positive.

Meanwhile there have been two versions of the file around. The SHA256 hashes are b496bd76e7ba2dbb04a11f960aeeb60fe06de949ff062fe6a8df92f34f71298b and 0f3f29a30b6235cb18aa8bfa8368480a7a772270678010874258f3d0cee8cf8d respectively, both have already been checked on virustotal.com (b496bd7...f71298b, 0f3f29a...ee8cf8d) and are, much like some other files, tagged as "Modified <20h ago" on sourceforge.net/projects/smtube/files/SMTube/16.3.0.
Am I right by assuming the difference is that the new versions are now signed by the usual Windows certificate chain? Btw. the new version isn't considered infected any longer by Windows Defender using today's malware definitions.
krabat
 
Posts: 3
Joined: Sat Apr 09, 2016 12:53 pm

Re: Download compromised according to Windows Defender

Postby rvm » Sun Apr 10, 2016 7:17 pm

Yes, I uploaded both (32- and 64-bit) installers again, this time they are digitally signed.
rvm
Site Admin
 
Posts: 2804
Joined: Wed Dec 23, 2009 1:25 am
Location: España

Re: [solved] Download compromised according to Windows Defen

Postby krabat » Mon Apr 11, 2016 8:59 am

Alright. Thanks for signing the SMTube installers, too. This makes dealing with them a lot more convenient, IMO.
krabat
 
Posts: 3
Joined: Sat Apr 09, 2016 12:53 pm


Return to General

Who is online

Users browsing this forum: No registered users and 1 guest