If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
malware alert during download but not 5 minutes later
How come I got a malware alert during download but not when I scanned
the same file a few minutes later? Still on the same problem, I found a link from a private party on a Toyota forum to his OneDrive page and he had several versions of the software, with increasing version numbers and he had two driver files, with increasing version numbers. The drivers were from 2005 iirc. I dl'd both driver files. AVG alerted on the older version and said it had malware or ??adware??. The newer version finished fine. It seems strange to me that the same guy would have one good file and one bad file, so I suspect the bad one is a false positive. But I decided to scan them again and I scanned my whole downloads file and got two warnings but not for the one that just gave me the alert. I understand false positives but my question is How come it alerted during the download but not afterwards? It seems to have stopped dl'ing when it found the problem, because file manager shows: Driver 1.4.8.msi.part size 6megs, and Driver 1.4.8.msi size 0 I would give you the links, if you want, but I'd have to hunt for them. (Oh, I know two ways to find the links.) |
Ads |
#2
|
|||
|
|||
malware alert during download but not 5 minutes later
micky wrote:
How come I got a malware alert during download but not when I scanned the same file a few minutes later? Still on the same problem, I found a link from a private party on a Toyota forum to his OneDrive page and he had several versions of the software, with increasing version numbers and he had two driver files, with increasing version numbers. The drivers were from 2005 iirc. I dl'd both driver files. AVG alerted on the older version and said it had malware or ??adware??. The newer version finished fine. It seems strange to me that the same guy would have one good file and one bad file, so I suspect the bad one is a false positive. But I decided to scan them again and I scanned my whole downloads file and got two warnings but not for the one that just gave me the alert. I understand false positives but my question is How come it alerted during the download but not afterwards? It seems to have stopped dl'ing when it found the problem, because file manager shows: Driver 1.4.8.msi.part size 6megs, and Driver 1.4.8.msi size 0 I would give you the links, if you want, but I'd have to hunt for them. (Oh, I know two ways to find the links.) With this description, I would recommend using Virustotal URL scan capability. Present the URL of the OneDrive download to Virustotal, and have Virustotal download the file. Virustotal was bought by Google and is now a Google operation. When Virustotal scans a URL, the URL is downloaded onto a Google machine, and the file scanned from there. http://www.virustotal.com An alternative mechanism, would be to boot a Linux LiveCD, use the OneDrive URL you recorded from a previous step, and download the file on Linux. You could use wget to get the URL. Or you could use a browser. Whatever works. Once you have the whole Driver 1.4.8.msi, you could upload the file to Virustotal while still in Linux, using the Linux browser. If you start up Windows again, Windows might (eventually) scan the file and quarantine it. You'd need to keep a copy somewhere. Linux "WINE" also allows you to execute the installer. It will be unpacked in %tmp% or similar. I use this for suspect installers. Once the installer is unpacked, then I upload individual files to Virustotal. Those are examples of fun things to try. Paul |
#3
|
|||
|
|||
malware alert during download but not 5 minutes later
On 08/20/2018 06:52 AM, micky wrote:
Driver 1.4.8.msi.part size 6megs, and Driver 1.4.8.msi size 0 The ".part" means the other "msi" file is still downloading and hasn't finished. When it finishes, the .msi (a placeholder for the real file) will be delected and the "part" file will be renamed to the "msi" file. |
#4
|
|||
|
|||
malware alert during download but not 5 minutes later
OT:
Can you recommend some 'good' Linux forums? -- Garry Free usenet access at http://www.eternal-september.org Classic VB Users Regroup! comp.lang.basic.visual.misc microsoft.public.vb.general.discussion |
#5
|
|||
|
|||
malware alert during download but not 5 minutes later
GS wrote:
OT: Can you recommend some 'good' Linux forums? Now, that's a tough one. Some questions are harder to get answers on than others. The breadth of hardware out there, means that any one forum you select, simply may not have a person with your setup (or your subsystem), and they can't follow along with your problem. There are 500 distros, so to start, if this is your first Linux adventure, you want to select a popular one. The same holds for running Windows on stuff. No one here could answer your questions on running headless Win10 on an IoT device. Too obscure. Or if you had 60GHz Wifi, there probably aren't a lot of people hanging about running that in the living room. The lower right hand column on this site https://distrowatch.com/ lists the distributions of Linux by their page ranking. These statistics can be "gamed", even by one person with a couple hundred bucks to spend on a botnet. But at least that list should tweak your memory on a distro to try. The ones nearer the top of the list, are more likely to have fora. These two probably have a forum on the main site, better able to help you just by the sheer number of participants. alt.os.linux.ubuntu alt.os.linux.mint HTH, Paul |
#6
|
|||
|
|||
malware alert during download but not 5 minutes later
GS wrote:
OT: Can you recommend some 'good' Linux forums? Now, that's a tough one. Some questions are harder to get answers on than others. The breadth of hardware out there, means that any one forum you select, simply may not have a person with your setup (or your subsystem), and they can't follow along with your problem. There are 500 distros, so to start, if this is your first Linux adventure, you want to select a popular one. The same holds for running Windows on stuff. No one here could answer your questions on running headless Win10 on an IoT device. Too obscure. Or if you had 60GHz Wifi, there probably aren't a lot of people hanging about running that in the living room. The lower right hand column on this site https://distrowatch.com/ lists the distributions of Linux by their page ranking. These statistics can be "gamed", even by one person with a couple hundred bucks to spend on a botnet. But at least that list should tweak your memory on a distro to try. The ones nearer the top of the list, are more likely to have fora. These two probably have a forum on the main site, better able to help you just by the sheer number of participants. alt.os.linux.ubuntu alt.os.linux.mint HTH, Paul Thank you! I have Linux.Mint and do follow the forum you list here. I also follow alt.os.linux just because it also seems "popular"! -- Garry Free usenet access at http://www.eternal-september.org Classic VB Users Regroup! comp.lang.basic.visual.misc microsoft.public.vb.general.discussion |
#7
|
|||
|
|||
malware alert during download but not 5 minutes later
In alt.comp.os.windows-10, on Mon, 20 Aug 2018 12:23:26 -0400, Big Al
wrote: On 08/20/2018 06:52 AM, micky wrote: Driver 1.4.8.msi.part size 6megs, and Driver 1.4.8.msi size 0 The ".part" means the other "msi" file is still downloading and hasn't finished. When it finishes, the .msi (a placeholder for the real file) will be delected and the "part" file will be renamed to the "msi" file. Thanks. It's been 2 days now and apparently the virus alert stopped it from ever finishing. but I still have the other one. |
#8
|
|||
|
|||
malware alert during download but not 5 minutes later
In alt.comp.os.windows-10, on Mon, 20 Aug 2018 12:16:04 -0400, Paul
wrote: micky wrote: How come I got a malware alert during download but not when I scanned the same file a few minutes later? Still on the same problem, I found a link from a private party on a Toyota forum to his OneDrive page and he had several versions of the software, with increasing version numbers and he had two driver files, with increasing version numbers. The drivers were from 2005 iirc. I dl'd both driver files. AVG alerted on the older version and said it had malware or ??adware??. The newer version finished fine. It seems strange to me that the same guy would have one good file and one bad file, so I suspect the bad one is a false positive. But I decided to scan them again and I scanned my whole downloads file and got two warnings but not for the one that just gave me the alert. I understand false positives but my question is How come it alerted during the download but not afterwards? It seems to have stopped dl'ing when it found the problem, because file manager shows: Driver 1.4.8.msi.part size 6megs, and Driver 1.4.8.msi size 0 I would give you the links, if you want, but I'd have to hunt for them. (Oh, I know two ways to find the links.) With this description, I would recommend using Virustotal URL scan capability. Present the URL of the OneDrive download to Virustotal, and have Virustotal download the file. Virustotal was bought by Google and is now a Google operation. When Virustotal scans a URL, the URL is downloaded onto a Google machine, and the file scanned from there. http://www.virustotal.com I will do this. Interestingly, I thought I had two ways to find the url I got it from, but when I went to the Downloads page of Firefox, and clicked Go to Download Page, it went to the OneDrive homepage but not to the user's page that I'd used. I might also be able to find the webpage where I got the link, or I might just enter the two files individually. So I tried to run the good one and got the same message with the driver program that came on the CD, mini-vci driver for toyota tis setup ended prematurely But let me finish the story where it belongs, in the thread called "Did it install correctly?" which started on 8/19. An alternative mechanism, would be to boot a Linux LiveCD, use the OneDrive URL you recorded from a previous step, and download the file on Linux. You could use wget to get the URL. Or you could use a browser. Whatever works. Once you have the whole Driver 1.4.8.msi, you could upload the file to Virustotal while still in Linux, using the Linux browser. If you start up Windows again, Windows might (eventually) scan the file and quarantine it. You'd need to keep a copy somewhere. Linux "WINE" also allows you to execute the installer. It will be unpacked in %tmp% or similar. I use this for suspect installers. Once the installer is unpacked, then I upload individual files to Virustotal. Those are examples of fun things to try. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|