I installed Deluge, and was very happy to find such a nice open-source client. But my virus software isn't happy. I found this, and quarantined it:
Directory C:\Program Files\Deluge\
* C:\Program Files\Deluge\Lib\site-packages\pygame\jpeg.dll
o File was infected with "W32/MalwareHiderPatched-based!Maximus" virus and was unable to be disinfected. File was quarantined instead.
What is this, and is it an issue?
Thanks
Edit: See below
Edit: No SpywareVirus in Deluge
-
- New User
- Posts: 6
- Joined: Sat Jan 17, 2009 12:25 am
Edit: No SpywareVirus in Deluge
Last edited by rocksinthecreek on Mon Jan 19, 2009 12:49 am, edited 3 times in total.
-
- Compulsive Poster
- Posts: 1230
- Joined: Thu May 24, 2007 11:27 pm
- Location: Chicago, IL, USA
- Contact:
Re: Virus in Deluge?
your antivirus program is reporting a false positive. there is no virus in deluge, i can personally guarantee it. just set it up as an exception in your antivirus program so it leaves it alone. which antivirus program is it, btw? just curious...norton here doesnt complain.
-
- New User
- Posts: 6
- Joined: Sat Jan 17, 2009 12:25 am
Re: Virus in Deluge?
My ISP provides virus software they call eProtect, but they contract it from someone else. It seems to be called Freedom, but I'm not sure who the company is. They seem to be on the Savvis network, which Peer Guardian blocks, so that is interesting.
I'll keep using Deluge then, I really like it. Much like uTorrent, without being owned by an anti-p2p group!
Any chance it will run on W2000?
Thanks for the quick reply.
I'll keep using Deluge then, I really like it. Much like uTorrent, without being owned by an anti-p2p group!
Any chance it will run on W2000?
Thanks for the quick reply.
Re: Virus in Deluge?
I believe it does run on W2k, it might not have full compatibility/functionality though.
Re: Virus in Deluge?
Is it Telus eProtect? Because that's the shittiest thing I've ever seen.. It tends to blue screen computers for no apparent reason.rocksinthecreek wrote:My ISP provides virus software they call eProtect, but they contract it from someone else. It seems to be called Freedom, but I'm not sure who the company is. They seem to be on the Savvis network, which Peer Guardian blocks, so that is interesting.
I'll keep using Deluge then, I really like it. Much like uTorrent, without being owned by an anti-p2p group!
Any chance it will run on W2000?
Thanks for the quick reply.
-
- New User
- Posts: 6
- Joined: Sat Jan 17, 2009 12:25 am
Re: Virus in Deluge?
Yep, it's Telus eProtect. Other than the update fiasco a year ago, I've had no problems with it. In fact, it seems much better than all the others I've tried. But it is not fond of that one file in Deluge.
I had to shut off eProtect in order to install Deluge. eProtect was stopping the install.
Thanks for your help.
I had to shut off eProtect in order to install Deluge. eProtect was stopping the install.
Thanks for your help.
-
- New User
- Posts: 6
- Joined: Sat Jan 17, 2009 12:25 am
Re: Virus in Deluge?
Maybe I should have titled this "Spyware in Deluge", rather than a virus.
jpg.dll is a recognized threat in places other than eProtect:
http://www.fbmsoftware.com/spyware-net/ ... g_dll/111/
http://www.threatexpert.com/files/jpg.dll.html
http://sw.freedom.net/portal/swportal?p ... ulldisplay
When I submitted this file for analysis to Threat Expert (not Feedom, the eProtect people), it came back: packed with: PE_Patch.PECompact [Kaspersky Lab]. This seems to be the Golden Eye key stroke logger.
Until this file is removed from Deluge, I won't be using it.
jpg.dll is a recognized threat in places other than eProtect:
http://www.fbmsoftware.com/spyware-net/ ... g_dll/111/
http://www.threatexpert.com/files/jpg.dll.html
http://sw.freedom.net/portal/swportal?p ... ulldisplay
When I submitted this file for analysis to Threat Expert (not Feedom, the eProtect people), it came back: packed with: PE_Patch.PECompact [Kaspersky Lab]. This seems to be the Golden Eye key stroke logger.
Until this file is removed from Deluge, I won't be using it.
Re: Spyware keystroke logger in Deluge?
Isn't there a difference between jpeg.dll and jpg.dll ... the first returns valid results when I search for it. Seems to be a regular system file. Can still be a false positive. Just recently some AVS vendor kicked hundreds of machines by removing a completely normal windows system file. Happens all the time.
-
- New User
- Posts: 6
- Joined: Sat Jan 17, 2009 12:25 am
Re: Spyware keystroke logger in Deluge?
I am no expert on this, but there seems to be different versions of jpeg.dll (orjpg.dll). Some are fine. My virus software doesn't like the one installed by Deluge.
I have submitted the file to two different threat analysis engines now, and I'm waiting for more results.
It seems that the packer used to make this file (PE_Patch.PECompact) is used by many virus creators, so the virus software may just be reacting to that.
I would have to change virus software to run Deluge with this file in it. This one has worked well for me, and doesn't slow my computer a lot, so I am reluctant to change. There aren't many decent clients though...
I have submitted the file to two different threat analysis engines now, and I'm waiting for more results.
It seems that the packer used to make this file (PE_Patch.PECompact) is used by many virus creators, so the virus software may just be reacting to that.
I would have to change virus software to run Deluge with this file in it. This one has worked well for me, and doesn't slow my computer a lot, so I am reluctant to change. There aren't many decent clients though...
Re: Spyware keystroke logger in Deluge?
2 important factors to bear in mind:
1. Deluge is open source - not the best way to distribute a virus.
2. AV manufacturers have a vested interest in there being as many threats as possible, so bear that in mind when asking for their opinion.
1. Deluge is open source - not the best way to distribute a virus.
2. AV manufacturers have a vested interest in there being as many threats as possible, so bear that in mind when asking for their opinion.