Edit: No SpywareVirus in Deluge

[rocksinthecreek]

I installed Deluge, and was very happy to find such a nice open-source client. But my virus software isn't happy. I found this, and quarantined it:

Directory C:\Program Files\Deluge\

* C:\Program Files\Deluge\Lib\site-packages\pygame\jpeg.dll
o File was infected with "W32/MalwareHiderPatched-based!Maximus" virus and was unable to be disinfected. File was quarantined instead.

What is this, and is it an issue?

Thanks

Edit: See below

[markybob]

your antivirus program is reporting a false positive. there is no virus in deluge, i can personally guarantee it. just set it up as an exception in your antivirus program so it leaves it alone. which antivirus program is it, btw? just curious...norton here doesnt complain.

[rocksinthecreek]

My ISP provides virus software they call eProtect, but they contract it from someone else. It seems to be called Freedom, but I'm not sure who the company is. They seem to be on the Savvis network, which Peer Guardian blocks, so that is interesting.

I'll keep using Deluge then, I really like it. Much like uTorrent, without being owned by an anti-p2p group!

Any chance it will run on W2000?

Thanks for the quick reply.

[loki]

I believe it does run on W2k, it might not have full compatibility/functionality though.

[andar]

My ISP provides virus software they call eProtect, but they contract it from someone else. It seems to be called Freedom, but I'm not sure who the company is. They seem to be on the Savvis network, which Peer Guardian blocks, so that is interesting.

I'll keep using Deluge then, I really like it. Much like uTorrent, without being owned by an anti-p2p group!

Any chance it will run on W2000?

Thanks for the quick reply.

Is it Telus eProtect? Because that's the shittiest thing I've ever seen.. It tends to blue screen computers for no apparent reason.

[rocksinthecreek]

Yep, it's Telus eProtect. Other than the update fiasco a year ago, I've had no problems with it. In fact, it seems much better than all the others I've tried. But it is not fond of that one file in Deluge.

I had to shut off eProtect in order to install Deluge. eProtect was stopping the install.

Thanks for your help.

[rocksinthecreek]

Maybe I should have titled this "Spyware in Deluge", rather than a virus.

jpg.dll is a recognized threat in places other than eProtect:

http://www.fbmsoftware.com/spyware-net/ ... g_dll/111/

http://www.threatexpert.com/files/jpg.dll.html

http://sw.freedom.net/portal/swportal?p ... ulldisplay

When I submitted this file for analysis to Threat Expert (not Feedom, the eProtect people), it came back: packed with: PE_Patch.PECompact [Kaspersky Lab]. This seems to be the Golden Eye key stroke logger.

Until this file is removed from Deluge, I won't be using it.

[r0ckarong]

Isn't there a difference between jpeg.dll and jpg.dll ... the first returns valid results when I search for it. Seems to be a regular system file. Can still be a false positive. Just recently some AVS vendor kicked hundreds of machines by removing a completely normal windows system file. Happens all the time.

[rocksinthecreek]

I am no expert on this, but there seems to be different versions of jpeg.dll (orjpg.dll). Some are fine. My virus software doesn't like the one installed by Deluge.

I have submitted the file to two different threat analysis engines now, and I'm waiting for more results.

It seems that the packer used to make this file (PE_Patch.PECompact) is used by many virus creators, so the virus software may just be reacting to that.

I would have to change virus software to run Deluge with this file in it. This one has worked well for me, and doesn't slow my computer a lot, so I am reluctant to change. There aren't many decent clients though...

[Mindzai]

2 important factors to bear in mind:

1. Deluge is open source - not the best way to distribute a virus.
2. AV manufacturers have a vested interest in there being as many threats as possible, so bear that in mind when asking for their opinion.