Malware in Win32 GnuCash 2.6.0

Art pinaart at yahoo.com
Tue Dec 31 17:17:59 EST 2013 

Hi Jules,

I just downloaded GC 2.6.0, installed it and ran the current Microsoft Security Essentials (MSE) under Winodws 7 Professional 64-bit and it reported clean. I then ran Malwarebytes Anti-Malware 1.75.0.1300 and it too reported clean.
My checksum app shows,
;Size(B)        Time     Date       Name
;       272605  14:29.06 2013-12-29 gnucash.exe
gnucash.exe 492C062C

If your file checksum matches, I'd suspect your AV software issued a false positive as John suggested.
I don't feel running any other anti-malware app else is warranted for me at this time.

- Art




On Tuesday, December 31, 2013 7:11 AM, John Ralls <jralls at ceridwen.us> wrote:
 

On Dec 30, 2013, at 9:46 PM, Jules Levinson <juleslevinson at comcast.net> wrote:

> Dear John,
> 
> I have been using GnuCash for several years. I have learned a great deal from this program and I enjoy it enormously. This afternoon I happily downloaded release 2.6.0, and this evening I installed it on my desktop and my laptop. As I did, the program that I use to detect viruses, malware, and so forth detected malware (I think that what I saw was "Win32.trojan.gen" but I may not have seen or remembered that correctly) wrapped up in some way with gnucash.exe and immediately removed that file from my systems, rendering GnuCash unusable. I am trying to locate release 2.4.14 so that I can revert to the previous version of the program. When I try to do this, I end up with release 2.4.13.
> 
> I hope you do not mind my writing to you directly. I do not know whom I should contact, and so I have written to you because I assume you would want to know this.
> 
> With best wishes and many thanks for GnuCash, which I look forward to using again soon,
> 

Please use the mailing lists to communicate with us rather than emailing individual developers. When responding to list messages, use "Reply All" and then prune the CC list as appropriate so that only the person you're responding to and one list are addressed.

It's possible but unlikely that the build machine is infected; unlikely because that machine is a VM in a unix server which does nothing but build GnuCash. It's more likely that the security product you use issued a false alarm based on a bit pattern in gnucash.exe that happens to match one in "Win32.trojan.gen", whatever that is. Perhaps someone on the user list will have some insight into the problem.

We've been having some difficulty getting the Win32 build of GnuCash 2.4.14 to complete, so it hasn't been released yet. You'll see another announcement as soon as it is. Until then, 2.4.13 is the correct fallback for you.

*For the list: Jules sent me a followup message with this output from his security program:
> Mon 2013-12-30 22:25:37.0380    Infection detected: c:\program files (x86)\gnucash\bin\gnucash.exe [MD5: 9D753EED75EFD3A1B2E6229F0F301943] [3/00080020] [W32.Trojan.Gen]
> Mon 2013-12-30 22:25:37.0380    File blocked in realtime: c:\program files (x86)\gnucash\bin\gnucash.exe [MD5: 9D753EED75EFD3A1B2E6229F0F301943, Size: 272605 bytes] [524320/00000003] [W32.Trojan.Gen]
> Mon 2013-12-30 22:25:37.0380    File blocked in realtime: c:\program files (x86)\gnucash\bin\gnucash.exe [MD5: 9D753EED75EFD3A1B2E6229F0F301943, Size: 272605 bytes] [524320/00000003] [W32.Trojan.Gen]

Regards,
John Ralls


_______________________________________________
gnucash-user mailing list
gnucash-user at gnucash.org
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.

More information about the gnucash-user mailing list