FileZilla Forums

Welcome to the official discussion forums for FileZilla
Donate to project
It is currently 2014-04-18 08:26

All times are UTC




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Spyware detected
PostPosted: 2007-07-16 01:58 
Offline
500 Command not understood

Joined: 2007-07-16 01:49
Posts: 1
I just downloaded Filezilla to a client's computer, but it is being detected as Adware.Cpush by Symantec AntiVirus.

Symantec AV is 10.0.0.359 with Scan Engine 103.0.2.7 and Virus Definition File 2007/07/15.

Has anyone else seen this behaviour?

Is there something I need to worry about, or is it just the case of the filename being the same as some spyware?

Image


Top
 Profile  
 
 Post subject: Risk found!
PostPosted: 2007-07-16 06:22 
Offline
500 Command not understood

Joined: 2007-07-16 06:16
Posts: 1
Same happened for me this morning. Installed the latest available "Critical Security update in FileZilla 2.2.32" the other week, and this morning Symantec Antivirus reported:

Scan type: Auto-Protect Scan
Event: Risk Found!
Risk: Adware.CPush
File: C:\Program Files\FileZilla\uninstall.exe
Location: C:\Program Files\FileZilla
Computer: ....
User: ...
Action taken: Pending Side Effects Analysis : Access denied
Date found: den 16 juli 2007 08:08:54

Is this a false alarm? I am running Antivirus Corp Ed 10.1.5.5000, scan engine 71.2.0.12, definition file 7/15/2007, rev 2.

Since the alarm is on uninstall.exe I don't dare to uninstall! Please dig into this and report back ASAP
Best Regards,
Anders


Top
 Profile  
 
 Post subject:
PostPosted: 2007-07-16 08:15 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22525
As long as you downloaded FileZilla from http://sourceforge.net/projects/filezilla, it's a false alarm.


Top
 Profile  
 
 Post subject: Re : Adware.cpush
PostPosted: 2007-07-16 18:26 
Offline
500 Command not understood

Joined: 2007-07-16 17:26
Posts: 1
Hi,

I can believe you but there is a process which needs to be clarified.

1- the Adware.cpush in a new confifuration has been found in 3 different places and "attached" to three different files and was not detected before I download 2_2_32 yesterday on two computers.

2- Symantec recommands update of this morning of virus definitions to be right protected.

3- The consequences of this last "mutant" new adware.cpush (known since three month) are not well known. For me it seems that it causes CPU full 100% suddenly and no action is anymore possible on the computer (still working but no disponibility) these action seems to be depending of the parameters of the navigator (IE and too Fox which seems to hang). If you can terminate Fox you get back "the hand" and restart normally.

3- As Symantec AV pusches Filezilla setup to quarantine and particularly uninstall, It can't be anymore be executed. What can be the consequences for the next update ?

Thank's for your help to find more precisely what happends, because even filezilla is not at all directly implicated, it is nevetheless into consequencies.


Top
 Profile  
 
 Post subject: Re: Re : Adware.cpush
PostPosted: 2007-07-16 19:10 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22525
You should always use multiple virus scanners, that prevents false alarms. Only if multiple scanners identify a problem with the same file it's a guaranteed problem, otherwise it's almost always a false alarm.

Trebly wrote:
3- As Symantec AV pusches Filezilla setup to quarantine and particularly uninstall, It can't be anymore be executed. What can be the consequences for the next update ?


No idea, I only use quality software. Which pretty much rules out Symantec products.

Try updating your signatures in a few days and the false alarm should be gone.


Top
 Profile  
 
 Post subject: Re: Re : Adware.cpush
PostPosted: 2007-07-16 19:45 
Offline
500 Command not understood

Joined: 2007-07-16 19:40
Posts: 1
botg wrote:
No idea, I only use quality software. Which pretty much rules out Symantec products.

Try updating your signatures in a few days and the false alarm should be gone.


Please stay on-subject and no need to disparage others on what software they use. :?

The vendor of FileZilla should submit a report to Symantec reporting this false positive. This can be accomplished from https://submit.symantec.com/false_positive/index.html

Thanks.


Top
 Profile  
 
 Post subject: Re: Re : Adware.cpush
PostPosted: 2007-07-16 21:36 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22525
Quote:
Please stay on-subject and no need to disparage others on what software they use. :?


Let the facts speak for themselves: http://www.computerworld.com/action/art ... rc=hm_list


Top
 Profile  
 
 Post subject:
PostPosted: 2007-07-17 04:31 
Offline
500 Command not understood

Joined: 2007-07-17 04:20
Posts: 1
Location: Alton, Olde Hampshire
FWIW my Symantec Antivirus 10.1.5 found Adware.CPush in the 2.2.31 setup and the 2.2.32 setup (which I'd saved) as well as in installed file uninstall.exe.
It also found it in the installer for GAIM.beta6 (Now Pidgin).
There are no signs of CPush on my system; none of the directories, none of the files, none of the registry keys.
I will report this to the IBM Virus Incident centre, and they will take it up with Symantec on my behalf.

_________________
Steve Swift


Top
 Profile  
 
 Post subject:
PostPosted: 2007-07-18 03:23 
Offline
500 Command not understood

Joined: 2007-07-18 03:15
Posts: 1
I'm getting the same from Symantec AV but:
1. I have had FileZilla installed for a month or more with no warnings.
2. None of the files that are supposedly created exist.
3. This CPush has been around for a few months (March according to Secunia ) and detected by Symantec since March also. The box it is on gets a full scan once a day and yesterday was the first warning.

So, I'd tend to agree, it's an error in the latest detection file. It did quarantine the uninstaller, not the executable(s) similar to everyone elses reports.


Top
 Profile  
 
 Post subject:
PostPosted: 2007-08-04 15:42 
Offline
550 File not found

Joined: 2004-03-22 01:10
Posts: 33
Location: Montréal, QC
I'd say the signature from Symantec for CPush is bad, because I'm sure other antivirus can detect CPush and don't detect it in FileZilla. Maybe Symantec doesn't like open source software if they see it in FileZilla and Pidgin. Maybe the issue is the installer software used by both projects?


Top
 Profile  
 
 Post subject:
PostPosted: 2007-08-13 22:18 
Offline
500 Command not understood

Joined: 2007-08-13 21:35
Posts: 1
It is a false positive. Disregard it and trash that crapware Norton/Symantec product. The only good product they ever made was SymNRT.

One of the best places to check a false positive is at virustotal.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC


Who is online

Users browsing this forum: Google [Bot] and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Dedicated server provided by Artmotion.
Forum sponsored by Everyware.ch.
Powered by phpBB® Forum Software © phpBB Group