<div dir="ltr"><div>Thank you for the rapid response 
Stefan Baur,</div><div><br></div><div>Although I do agree that those AV names are, shall we say, 'less reputable', I was only emailing for due diligence in that both FF and Chrome flagged it as malicious. <br></div><div><br></div><div>Thank you for addressing my concerns, <br></div><div><br></div><div>Josh Conway<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 28, 2020 at 9:32 AM <<a href="mailto:x2go-user-request@lists.x2go.org">x2go-user-request@lists.x2go.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send x2go-user mailing list submissions to<br>
        <a href="mailto:x2go-user@lists.x2go.org" target="_blank">x2go-user@lists.x2go.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="https://lists.x2go.org/listinfo/x2go-user" rel="noreferrer" target="_blank">https://lists.x2go.org/listinfo/x2go-user</a><br>
or, via email, send a message with subject or body 'help' to<br>
        <a href="mailto:x2go-user-request@lists.x2go.org" target="_blank">x2go-user-request@lists.x2go.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:x2go-user-owner@lists.x2go.org" target="_blank">x2go-user-owner@lists.x2go.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of x2go-user digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
   1. Credible warning of infected / trojaned X2go windows binary<br>
      (Josh Conway)<br>
   2. Re: Credible warning of infected / trojaned X2go windows<br>
      binary (Stefan Baur)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Fri, 28 Feb 2020 09:09:17 -0500<br>
From: Josh Conway <<a href="mailto:jwcrawley@gmail.com" target="_blank">jwcrawley@gmail.com</a>><br>
To: <a href="mailto:x2go-user@lists.x2go.org" target="_blank">x2go-user@lists.x2go.org</a><br>
Subject: [X2Go-User] Credible warning of infected / trojaned X2go<br>
        windows binary<br>
Message-ID:<br>
        <CACxuvT5Pp7tSgc29tdeurqynrn=wwijRYJi_mb7_k7W6OVL=_<a href="mailto:g@mail.gmail.com" target="_blank">g@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Greetings,<br>
<br>
Upon downloading the file:<br>
<br>
<a href="https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe" rel="noreferrer" target="_blank">https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe</a><br>
<br>
MD5 8b1ac4cb969d116c9303ab3fafe50a01<br>
SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d<br>
SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0<br>
<br>
Firefox *and* Google Chrome both throw errors for detected malware.<br>
<br>
Running said file through Virustotal shows the 6 AV products' results:<br>
<br>
Bkav: HW32.Packed.<br>
<br>
Panda: PUP/RemoteAdmin<br>
<br>
Trapmine: Malicious.moderate.ml.score<br>
<br>
Webroot: W32.Ransom.Gen<br>
<br>
Yandex: Trojan.Agent!RIMR9kcXEpU<br>
<br>
Zillya: Trojan.Generic.Win32.1026149<br>
<br>
<br>
I've attempted to ping people in the freenode #x2go irc room to no avail.<br>
<br>
<br>
Josh Conway<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/1d0d8bf8/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/1d0d8bf8/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Fri, 28 Feb 2020 15:31:48 +0100<br>
From: Stefan Baur <<a href="mailto:X2Go-ML-1@baur-itcs.de" target="_blank">X2Go-ML-1@baur-itcs.de</a>><br>
To: <a href="mailto:x2go-user@lists.x2go.org" target="_blank">x2go-user@lists.x2go.org</a><br>
Subject: Re: [X2Go-User] Credible warning of infected / trojaned X2go<br>
        windows binary<br>
Message-ID: <<a href="mailto:ad8d422c-f8f2-14f5-d2bc-dc6c594a63b5@baur-itcs.de" target="_blank">ad8d422c-f8f2-14f5-d2bc-dc6c594a63b5@baur-itcs.de</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Am 28.02.20 um 15:09 schrieb Josh Conway:<br>
> Greetings,<br>
> <br>
> Upon downloading the file:<br>
> <br>
> <a href="https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe" rel="noreferrer" target="_blank">https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe</a><br>
> <br>
> MD5 8b1ac4cb969d116c9303ab3fafe50a01<br>
> SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d<br>
> SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0<br>
> <br>
> Firefox *and* Google Chrome both throw errors for detected malware.<br>
> <br>
> Running said file through Virustotal shows the 6 AV products' results:<br>
> <br>
> Bkav: HW32.Packed.<br>
> Panda: PUP/RemoteAdmin<br>
> Trapmine: Malicious.moderate.ml.score<br>
> Webroot: W32.Ransom.Gen<br>
> Yandex: Trojan.Agent!RIMR9kcXEpU<br>
> Zillya: Trojan.Generic.Win32.1026149<br>
<br>
<br>
Josh,<br>
<br>
these scanners are a) not exactly the most reliable ones and b) they are<br>
throwing "generic" names, which means it's their heuristic detection<br>
that is giving the alarm.<br>
<br>
The total amount of scanners at Virustotal that scanned the file is 57 -<br>
as long as only 6 out of 57 trigger the alarm, and there's not a single<br>
reputable name amongst those being triggered, there's nothing to worry<br>
about.  I'd start worrying once Avast, AVG, Avira, BitDefender, F-Prot,<br>
F-Secure, Kaspersky, G-Data, Malwarebytes, McAfee, Microsoft, Sophos,<br>
Symantec or TrendMicro start throwing warnings.  As of now, this can<br>
safely be dismissed as a false alarm.<br>
<br>
Also, next to our download, in the same directory<br>
<<a href="https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/" rel="noreferrer" target="_blank">https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/</a>>,<br>
you can find MD5, SHA1 and SHA256 checksums *as well as a GPG signature*<br>
from us.  Do check that signature - if it matches, there's nothing to<br>
worry about.<br>
<br>
The reason why Firefox and Chrome trigger an alert, and what to do about<br>
it, has been discussed on this mailing list before, see this thread:<br>
<<a href="https://www.mail-archive.com/x2go-user@lists.x2go.org/msg03640.html" rel="noreferrer" target="_blank">https://www.mail-archive.com/x2go-user@lists.x2go.org/msg03640.html</a>><br>
<br>
Kind Regards,<br>
Stefan Baur<br>
<br>
-- <br>
BAUR-ITCS UG (haftungsbeschränkt)<br>
Geschäftsführer: Stefan Baur<br>
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364<br>
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: 0x6EDDF418CDBE5119.asc<br>
Type: application/pgp-keys<br>
Size: 56524 bytes<br>
Desc: not available<br>
URL: <<a href="http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.key" rel="noreferrer" target="_blank">http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.key</a>><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: signature.asc<br>
Type: application/pgp-signature<br>
Size: 488 bytes<br>
Desc: OpenPGP digital signature<br>
URL: <<a href="http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.sig" rel="noreferrer" target="_blank">http://lists.x2go.org/pipermail/x2go-user/attachments/20200228/138979b4/attachment.sig</a>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
x2go-user mailing list<br>
<a href="mailto:x2go-user@lists.x2go.org" target="_blank">x2go-user@lists.x2go.org</a><br>
<a href="https://lists.x2go.org/listinfo/x2go-user" rel="noreferrer" target="_blank">https://lists.x2go.org/listinfo/x2go-user</a><br>
<br>
<br>
------------------------------<br>
<br>
End of x2go-user Digest, Vol 70, Issue 24<br>
*****************************************<br>
</blockquote></div>