Greetings,
Upon downloading the file:
https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020...
MD5 8b1ac4cb969d116c9303ab3fafe50a01 SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0
Firefox *and* Google Chrome both throw errors for detected malware.
Running said file through Virustotal shows the 6 AV products' results:
Bkav: HW32.Packed.
Panda: PUP/RemoteAdmin
Trapmine: Malicious.moderate.ml.score
Webroot: W32.Ransom.Gen
Yandex: Trojan.Agent!RIMR9kcXEpU
Zillya: Trojan.Generic.Win32.1026149
I've attempted to ping people in the freenode #x2go irc room to no avail.
Josh Conway
Am 28.02.20 um 15:09 schrieb Josh Conway:
Greetings,
Upon downloading the file:
https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020...
MD5 8b1ac4cb969d116c9303ab3fafe50a01 SHA-1 ce77b87fd972aa12c74bb36181371034b0bb051d SHA-256 227857330e14cf88c88159c5439c914ce2e4170c7aa29149641d5df11d1745f0
Firefox *and* Google Chrome both throw errors for detected malware.
Running said file through Virustotal shows the 6 AV products' results:
Bkav: HW32.Packed. Panda: PUP/RemoteAdmin Trapmine: Malicious.moderate.ml.score Webroot: W32.Ransom.Gen Yandex: Trojan.Agent!RIMR9kcXEpU Zillya: Trojan.Generic.Win32.1026149
Josh,
these scanners are a) not exactly the most reliable ones and b) they are throwing "generic" names, which means it's their heuristic detection that is giving the alarm.
The total amount of scanners at Virustotal that scanned the file is 57 - as long as only 6 out of 57 trigger the alarm, and there's not a single reputable name amongst those being triggered, there's nothing to worry about. I'd start worrying once Avast, AVG, Avira, BitDefender, F-Prot, F-Secure, Kaspersky, G-Data, Malwarebytes, McAfee, Microsoft, Sophos, Symantec or TrendMicro start throwing warnings. As of now, this can safely be dismissed as a false alarm.
Also, next to our download, in the same directory <https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/>, you can find MD5, SHA1 and SHA256 checksums *as well as a GPG signature* from us. Do check that signature - if it matches, there's nothing to worry about.
The reason why Firefox and Chrome trigger an alert, and what to do about it, has been discussed on this mailing list before, see this thread: <https://www.mail-archive.com/x2go-user@lists.x2go.org/msg03640.html>
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243