Search
Forum Home | Login
Flibbertygibbets
Flibbertygibbets
Join Date 04/2002
0

FROIS-01 Theme virus found

October 18, 2006 11:13:28 PM from GUIChamps ForumsGUIChamps Forums
This time it's the W32/HLLP.Phillis.ini virus. Found cleaned and deleted. I think it odd that I've never had a virus alert from a Blind before and in two weeks I've had two from Championship submissions. I don't blame the developers, without them there would be no skins and themes, but I'd ask that maybe they update their definitions and/or use multiple programs to double-check before submitting.

Locked Post
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Dexter2005
Join Date 01/2005
0
Reply #1 October 19, 2006 12:10:38 AM
from GUIChamps ForumsGUIChamps Forums
Thanks for your comments. Even I am not aware of that. Let me check ..
Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Flibbertygibbets
Join Date 04/2002
0
Reply #2 October 19, 2006 12:42:43 AM
from GUIChamps ForumsGUIChamps Forums
I should have added that the virus was picked up by McAfee. I haven't tried to run Norton on the file yet.
Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Zoomba
Join Date 11/2002
+114
Reply #3 October 19, 2006 2:28:57 AM
from GUIChamps ForumsGUIChamps Forums
This is the same false-positive virus that was found on another skin earlier.  It is only detected by McAfee because the skin contains the _desktop.ini file.  Not indicative of a virus necessarily.  No other virus scanner on the market is flagging this as a virus, even after McAfee adding it to their own definitions list almost a month ago.
Reason for Karma (Optional)
Successfully updated karma reason!

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

Flibbertygibbets
Flibbertygibbets
Join Date 04/2002
0
Reply #4 October 19, 2006 11:09:35 AM
from GUIChamps ForumsGUIChamps Forums
Thanks for the heads up Zoomba but I'm with Jombay on this one WWW Link2 (check last post in thread). Better safe than sorry.
Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Flibbertygibbets
Join Date 04/2002
0
Reply #5 October 19, 2006 11:14:01 AM
from GUIChamps ForumsGUIChamps Forums
Reference from WWW Link

Alert ID : FrSIRT/ALRT-2006-07109
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2006-09-28

Description

W32/HLLP.Philis.ini are "_desktop.ini" files created by variants of W32/HLLP.Philis virus. These are created as a hidden system files and contain the date on which virus was executed to visit the folder in which the file resides.

References

http://vil.nai.com/vil/content/v_140656.htm

Credits

Reported by McAfee

ChangeLog

2006-09-28 - Initial Release
Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Zoomba
Join Date 11/2002
+114
Reply #6 October 20, 2006 10:49:02 AM
from GUIChamps ForumsGUIChamps Forums

W32/HLLP.Philis.ini is a sub-set of the W32/HLLP.Philis virus.  The *.ini variant is at this time ONLY detected by McAfee, and if you look at the description of the "virus" here:

http://vil.nai.com/vil/content/v_140656.htm

You'll see that it's not actually a virus that it's detecting, but an artifact of W32/HLLP.Philis.  The _desktop.ini file can not contain the virus, it is merely potentially a record of the virus executing.

Looking at the _desktop.ini file included with the latest version of FROIS-01, there is a timestamp inidicating that Dexter2005 has been infected by the W32/HLLP.Philis virus, which prepends itself to .exe files. 

The _desktop.ini file is NOT AN INFECTED FILE.  It is only a sign that the system on which it was created is infected (and even then, only sometimes, there may be legit apps that create an _desktop.ini file).  Since there are no .exes packed in a skin, this isn't even the beginnings of a concern.

However, any skin author that is told their skin is triggering this warning, they need to get their systems cleaned, because they might very well have the actual virus.

Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Flibbertygibbets
Join Date 04/2002
0
Reply #7 October 22, 2006 1:04:56 AM
from GUIChamps ForumsGUIChamps Forums
However, any skin author that is told their skin is triggering this warning, they need to get their systems cleaned, because they might very well have the actual virus.


Then why come off defensive like it's not a problem or "even the beginnings of a concern"? I'd think it would be a concern to the skin authors who likely have the virus on their systems even if it's not a big risk to users of their skins. Again, better safe than sorry.
Reason for Karma (Optional)
Successfully updated karma reason!
Flibbertygibbets
Zoomba
Join Date 11/2002
+114
Reply #8 October 22, 2006 12:07:24 PM
from GUIChamps ForumsGUIChamps Forums
My point is that the warning is not a danger to anyone who downloads the skin.
+1
Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time: