malware alert during download but not 5 minutes later

How come I got a malware alert during download but not when I scanned
the same file a few minutes later?

Still on the same problem, I found a link from a private party on a
Toyota forum to his OneDrive page and he had several versions of the
software, with increasing version numbers and he had two driver files,
with increasing version numbers. The drivers were from 2005 iirc.

I dl'd both driver files. AVG alerted on the older version and said it
had malware or ??adware??. The newer version finished fine. It seems
strange to me that the same guy would have one good file and one bad
file, so I suspect the bad one is a false positive.

But I decided to scan them again and I scanned my whole downloads file
and got two warnings but not for the one that just gave me the alert.


I understand false positives but my question is How come it alerted
during the download but not afterwards? It seems to have stopped dl'ing
when it found the problem, because file manager shows:

Driver 1.4.8.msi.part size 6megs, and
Driver 1.4.8.msi size 0



I would give you the links, if you want, but I'd have to hunt for them.
(Oh, I know two ways to find the links.)

micky wrote:
How come I got a malware alert during download but not when I scanned
the same file a few minutes later?

Still on the same problem, I found a link from a private party on a
Toyota forum to his OneDrive page and he had several versions of the
software, with increasing version numbers and he had two driver files,
with increasing version numbers. The drivers were from 2005 iirc.

I dl'd both driver files. AVG alerted on the older version and said it
had malware or ??adware??. The newer version finished fine. It seems
strange to me that the same guy would have one good file and one bad
file, so I suspect the bad one is a false positive.

But I decided to scan them again and I scanned my whole downloads file
and got two warnings but not for the one that just gave me the alert.


I understand false positives but my question is How come it alerted
during the download but not afterwards? It seems to have stopped dl'ing
when it found the problem, because file manager shows:

Driver 1.4.8.msi.part size 6megs, and
Driver 1.4.8.msi size 0



I would give you the links, if you want, but I'd have to hunt for them.
(Oh, I know two ways to find the links.)

With this description, I would recommend using Virustotal URL
scan capability. Present the URL of the OneDrive download
to Virustotal, and have Virustotal download the file.
Virustotal was bought by Google and is now a Google operation.
When Virustotal scans a URL, the URL is downloaded onto
a Google machine, and the file scanned from there.

http://www.virustotal.com

An alternative mechanism, would be to boot a Linux LiveCD,
use the OneDrive URL you recorded from a previous step,
and download the file on Linux. You could use wget to get
the URL. Or you could use a browser. Whatever works.

Once you have the whole Driver 1.4.8.msi, you could
upload the file to Virustotal while still in Linux,
using the Linux browser. If you start up Windows again,
Windows might (eventually) scan the file and quarantine it.
You'd need to keep a copy somewhere.

Linux "WINE" also allows you to execute the installer.
It will be unpacked in %tmp% or similar. I use this
for suspect installers. Once the installer is unpacked,
then I upload individual files to Virustotal.

Those are examples of fun things to try.

Paul

On 08/20/2018 06:52 AM, micky wrote:
Driver 1.4.8.msi.part size 6megs, and
Driver 1.4.8.msi size 0
The ".part" means the other "msi" file is still downloading and hasn't
finished. When it finishes, the .msi (a placeholder for the real file)
will be delected and the "part" file will be renamed to the "msi" file.

OT:
Can you recommend some 'good' Linux forums?

--
Garry

Free usenet access at http://www.eternal-september.org
Classic VB Users Regroup!
comp.lang.basic.visual.misc
microsoft.public.vb.general.discussion

GS wrote:
OT:
Can you recommend some 'good' Linux forums?


Now, that's a tough one.

Some questions are harder to get answers on than others.

The breadth of hardware out there, means that any one
forum you select, simply may not have a person with
your setup (or your subsystem), and they can't follow
along with your problem.

There are 500 distros, so to start, if this is your
first Linux adventure, you want to select a popular one.
The same holds for running Windows on stuff. No one here
could answer your questions on running headless Win10
on an IoT device. Too obscure. Or if you had 60GHz Wifi,
there probably aren't a lot of people hanging about running
that in the living room.

The lower right hand column on this site

https://distrowatch.com/

lists the distributions of Linux by their page ranking.
These statistics can be "gamed", even by one person
with a couple hundred bucks to spend on a botnet. But
at least that list should tweak your memory on a
distro to try.

The ones nearer the top of the list, are more likely
to have fora. These two probably have a forum on the
main site, better able to help you just by the sheer
number of participants.

alt.os.linux.ubuntu
alt.os.linux.mint

HTH,
Paul

GS wrote:
OT:
Can you recommend some 'good' Linux forums?


Now, that's a tough one.

Some questions are harder to get answers on than others.

The breadth of hardware out there, means that any one
forum you select, simply may not have a person with
your setup (or your subsystem), and they can't follow
along with your problem.

There are 500 distros, so to start, if this is your
first Linux adventure, you want to select a popular one.
The same holds for running Windows on stuff. No one here
could answer your questions on running headless Win10
on an IoT device. Too obscure. Or if you had 60GHz Wifi,
there probably aren't a lot of people hanging about running
that in the living room.

The lower right hand column on this site

https://distrowatch.com/

lists the distributions of Linux by their page ranking.
These statistics can be "gamed", even by one person
with a couple hundred bucks to spend on a botnet. But
at least that list should tweak your memory on a
distro to try.

The ones nearer the top of the list, are more likely
to have fora. These two probably have a forum on the
main site, better able to help you just by the sheer
number of participants.

alt.os.linux.ubuntu
alt.os.linux.mint

HTH,
Paul

Thank you! I have Linux.Mint and do follow the forum you list here. I also
follow alt.os.linux just because it also seems "popular"!

--
Garry

Free usenet access at http://www.eternal-september.org
Classic VB Users Regroup!
comp.lang.basic.visual.misc
microsoft.public.vb.general.discussion

In alt.comp.os.windows-10, on Mon, 20 Aug 2018 12:23:26 -0400, Big Al
wrote:

On 08/20/2018 06:52 AM, micky wrote:
Driver 1.4.8.msi.part size 6megs, and
Driver 1.4.8.msi size 0

The ".part" means the other "msi" file is still downloading and hasn't
finished. When it finishes, the .msi (a placeholder for the real file)
will be delected and the "part" file will be renamed to the "msi" file.

Thanks. It's been 2 days now and apparently the virus alert stopped it
from ever finishing. but I still have the other one.

In alt.comp.os.windows-10, on Mon, 20 Aug 2018 12:16:04 -0400, Paul
wrote:

micky wrote:
How come I got a malware alert during download but not when I scanned
the same file a few minutes later?

Still on the same problem, I found a link from a private party on a
Toyota forum to his OneDrive page and he had several versions of the
software, with increasing version numbers and he had two driver files,
with increasing version numbers. The drivers were from 2005 iirc.

I dl'd both driver files. AVG alerted on the older version and said it
had malware or ??adware??. The newer version finished fine. It seems
strange to me that the same guy would have one good file and one bad
file, so I suspect the bad one is a false positive.

But I decided to scan them again and I scanned my whole downloads file
and got two warnings but not for the one that just gave me the alert.


I understand false positives but my question is How come it alerted
during the download but not afterwards? It seems to have stopped dl'ing
when it found the problem, because file manager shows:

Driver 1.4.8.msi.part size 6megs, and
Driver 1.4.8.msi size 0



I would give you the links, if you want, but I'd have to hunt for them.
(Oh, I know two ways to find the links.)

With this description, I would recommend using Virustotal URL
scan capability. Present the URL of the OneDrive download
to Virustotal, and have Virustotal download the file.
Virustotal was bought by Google and is now a Google operation.
When Virustotal scans a URL, the URL is downloaded onto
a Google machine, and the file scanned from there.

http://www.virustotal.com

I will do this.

Interestingly, I thought I had two ways to find the url I got it from,
but when I went to the Downloads page of Firefox, and clicked Go to
Download Page, it went to the OneDrive homepage but not to the user's
page that I'd used.

I might also be able to find the webpage where I got the link, or I
might just enter the two files individually.

So I tried to run the good one and got the same message with the driver
program that came on the CD,
mini-vci driver for toyota tis setup ended prematurely

But let me finish the story where it belongs, in the thread called "Did
it install correctly?" which started on 8/19.



An alternative mechanism, would be to boot a Linux LiveCD,
use the OneDrive URL you recorded from a previous step,
and download the file on Linux. You could use wget to get
the URL. Or you could use a browser. Whatever works.

Once you have the whole Driver 1.4.8.msi, you could
upload the file to Virustotal while still in Linux,
using the Linux browser. If you start up Windows again,
Windows might (eventually) scan the file and quarantine it.
You'd need to keep a copy somewhere.

Linux "WINE" also allows you to execute the installer.
It will be unpacked in %tmp% or similar. I use this
for suspect installers. Once the installer is unpacked,
then I upload individual files to Virustotal.

Those are examples of fun things to try.

Paul