CodeLite IDE

Forums
https://codelite.org/forum/

trojan?

https://codelite.org/forum/viewtopic.php?f=3&t=1255

Page 1 of 1

trojan?

Posted: Mon Jan 31, 2011 6:33 pm
by paulkinzelman
I just ran malwarebytes (1.50.1.1100 with latest signatures) on my system and it came up with two trojans:

Files Infected:
c:\program files\CodeLite\makedir.exe (Trojan.Oficla) -> No action taken.
c:\program files\CodeLite\codelite_launcher.exe (Trojan.Oficla) -> No action taken.

I have Codelite v2.9.0.4685 installed

I searched and found this page:
http://www.top4download.com/codelite/hpcdnisy.html
If you search for "trojan" on the page, it says something about if you download an older version (2.7.0.4375) of CodeLite and you're looking for an illegal serial number or key from certain sites, you might get infected. But CodeLite doesn't need a key, right? Do you know what's going on with this? Are those infected messages false positives?

If I remove those files, the building doesn't work. If I restore them, the build works.

Thanks!

Re: trojan?

Posted: Tue Feb 01, 2011 2:16 pm
by DavidGH
Hi,

The mention of trojans in the CodeLite 2.7.0.4375 Free Download Notice section of http://www.top4download.com/codelite/hpcdnisy.html is just the site's standard warning, with 'CodeLite 2.7.0.4375' pasted in. Look at any of the other software on the site and you get an identical warning, with only the name changed.

I haven't used MSWin for several years, but I distantly recall that antivirus programs do sometimes flag coincidental bit-patterns matches in binary files. I wonder if the malwarebytes results are that kind of false positive. But if you want to be 101% safe, the CodeLite source code is readily available... :)

Regards,

David

Re: trojan?

Posted: Tue Feb 01, 2011 4:32 pm
by frank_frl
I checked those file with several scanners and they are clean. Only malwarebytes is finding this 'trojan', so I would say it is definitively a FP ;)

Regards

Frank

Re: trojan?

Posted: Tue Feb 01, 2011 6:39 pm
by paulkinzelman
Thanks! I downloaded it from your site so I would expect they'd be clean, unless some #@$#@-virus writer figured out how to corrupt and hide inside your software, which I wouldn't expect because not enough people install development tools.

I wonder if it'd be worth talking to malwarebytes to see what about your files trigger a false positive, maybe you can tweak something so the offending pattern is changed. I wonder how many bytes in a row it takes to trigger it.

I did notice that on my wife's computer, AVG said all was well, but she was getting some annoying popups and so I ran malwarebytes and it found malware that AVG missed.
All times are UTC+04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited