Trojan Detected in Windows .EXE installer for ver 1.6.1

[Gantradies]

as mentioned several hours ago on the OpenTTD IRC
https://www.virustotal.com/en/file/34c7 ... 474858434/
originally showed up on my VM's virus screen, checked with my Sysadmin and he is Adamant it is not a false positive.
does not show up as positive inside the archived version.

would you guys be able to triple-check this? being a Trojan, im worried about the payload (if it ISNT a suspiciously common FP) as ive gotten at LEAST 13 other people to download 1.6.1, and given the size of the user-base in general, the idea of one of the installers getting compromised is highly disturbing

[NekoMaster]

I checked all three version of 1.6.1 (9x, 32bit and 64bit) on Windows 10, I got nothing suspiscious.

Either this is a false positive (and your sysadmin is stupid) or theres already a virus/trojan on the computer/system thats infecting the download. Ive had the latter happen to me before where every small EXE I downloaded was infected by the same virus. After a reinstall of windows it stopped happening.

Heres my results from my Avast scan

[Gantradies]

I checked all three version of 1.6.1 (9x, 32bit and 64bit) on Windows 10, I got nothing suspiscious.

Either this is a false positive (and your sysadmin is stupid) or theres already a virus/trojan on the computer/system thats infecting the download. Ive had the latter happen to me before where every small EXE I downloaded was infected by the same virus. After a reinstall of windows it stopped happening.

Heres my results from my Avast scan

the thing is, when I tested it, i had the site test it straight from the download link/directly, instead of getting it off my machine (nhot i origionally updated on MY local machien with any warnings from avast),
and since my sysadmin is adamant it ISN'T a false positive, i cant get my server Compatible with Everyone Else in my gaming group who plays unless i throw conclusive evidence in his face it IS a false positive
>.>

[NekoMaster]

I checked all three version of 1.6.1 (9x, 32bit and 64bit) on Windows 10, I got nothing suspiscious.

Either this is a false positive (and your sysadmin is stupid) or theres already a virus/trojan on the computer/system thats infecting the download. Ive had the latter happen to me before where every small EXE I downloaded was infected by the same virus. After a reinstall of windows it stopped happening.

Heres my results from my Avast scan

the thing is, when I tested it, i had the site test it straight from the download link/directly, instead of getting it off my machine (nhot i origionally updated on MY local machien with any warnings from avast),
and since my sysadmin is adamant it ISN'T a false positive, i cant get my server Compatible with Everyone Else in my gaming group who plays unless i throw conclusive evidence in his face it IS a false positive
>.>

Well this may take a while because most of North America is either still sleeping or getting ready for the day, its only 8:14am EST in Ontario, so I imagine the west coast is still sleeping and Eastern Canada is already at work or school, the same would go for Western europe, as they're probably still hard at work and school for another few hours.

Try using other virus scanners as some scanners pick up on false positives due to certain bits of code in a program. Using only one virus scanner is like having only one police officer confirm a crime with no other witnesses or evidence.

[Taschi]

My Avira once detected a virus on a store-bought game DVD. Needless to say, it turned out to be a total fluke. And, of course, I am running 1.6.1 on Windows and, as far as I can tell, no virus came packed with it.

If your sysadmin insists on taking a virus warning for a file from a trusted source that's been downloaded by a gazillion of people without complaints serious, your options are to a) get your own computer, b) get another sysadmin or c) suffer your fate and hope 1.6.2 fixes this. If your sysadmin actually wants to trust ClamAV and Zillya over 55 other virus scanners, including all industry standards, b) is probably the best way to go.

edit: Also, VirusTotal says the file has been unchanged (via hash comparison) since July, so the idea of the file getting compromised just recently is right out. All evidence suggests the file is safe.

[NekoMaster]

BTW I'd like to Mention I'm running the 64bit version of 1.6.1 on Windows 10 so I can play-test my NARS Addon, I'm sure I'd notice by now if there where viruses.

Thats another thing too, checksums.

If the exe has been tempered with it probably wont match up with the Checksums posted on the website for each and every file. There are free checksum programs for windows all over the net for verifying checksums.

Like I said before it's possible that a virus already on your system or what ever is infecting your download

[Sylf]

Just FYI. The virus being reported on is in the Windows INSTALLATION file, not the game executable itself.

[kamnet]

I think if only two out of dozens of reputable virus/malware/trojan scanners have flagged the file, I think this is strong evidence that those two are a false positive. Best way to figure it out is to submit the installation file to those two AV scanners for further scrutiny.

[xarick]

http://nsis.sourceforge.net/NSIS_False_Positives