9th August 2004, 16:09
|
#1 |
|
Junior Member
Join Date: Aug 2004
Posts: 4
|
nsisdl.dll contains Download.Trojan
Symantec is telling me that the nsisdl.dll contains the Download.Trojan virus.
I also just clicked on the link to download the nightly build ZIP file and it also comes up with the trojan. Is this correct or does the download code in nsisdl look like the trojan? Last edited by ferec; 9th August 2004 at 16:28. |
|
|
|
9th August 2004, 16:20
|
#2 |
|
Major Dude
Join Date: May 2003
Posts: 676
|
just a hoax
http://forums.winamp.com/showthread....hreadid=172956 http://forums.winamp.com/showthread....hreadid=170766 Greets, Brummelchen |
|
|
|
|
9th August 2004, 16:29
|
#3 |
|
Junior Member
Join Date: Aug 2004
Posts: 4
|
So, is this something new that we should alert Symantec of? The links you posted reference other viruses, but not Download.Trojan.
|
|
|
|
|
9th August 2004, 16:44
|
#4 | |
|
Member
Join Date: Feb 2004
Posts: 58
|
Quote:
download.trojan is a generic TYPE not a specific.Alot of code may fit the "profile" of download.trojan for example...nsisdl.dll may be loosly associated merely because attemps connections.This is called a "false positive". |
|
|
|
|
|
9th August 2004, 16:46
|
#5 |
|
Debian user
(Forum King) 
Join Date: Jan 2003
Location: Arch land
Posts: 4,896
|
I also have Norton AV and I don't have that alert....
* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux w/ xfce4. * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Debian unstable w/ xfce4. |
|
|
|
|
9th August 2004, 16:50
|
#6 |
|
Junior Member
Join Date: Aug 2004
Posts: 4
|
I only get it if I manually kick off a scan of that directory. We are using the Symantec AV Corporate Edition.
So - sounds like the consensus is that this is a false-positive. |
|
|
|
|
9th August 2004, 17:40
|
#7 | |
|
Member
Join Date: Feb 2004
Posts: 58
|
Quote:
|
|
|
|
|
|
10th August 2004, 00:31
|
#8 |
|
Junior Member
Join Date: Aug 2004
Posts: 4
|
The same thing happens to me. If I try to compile any NSI scripts Symantec AV quarantines the dll saying that it is Download.Trojan.
I'm using Symantec Anti-Virus Corporate Edition 9.0.0.338 Scan engine 1.2.0.13 with defs at 8/9/2004 rev. 37. I think the definitions that came out today started detecting it. I posted to Symantec's support forum in the hopes that they will fix this in their next virus definition upgrades. The post is available here: http://*******.com/6csvr Last edited by screff; 10th August 2004 at 01:22. |
|
|
|
|
10th August 2004, 14:08
|
#9 |
|
Debian user
(Forum King)
Join Date: Jan 2003
Location: Arch land
Posts: 4,896
|
Is the nsisdll the only file infected according to Symantec scan engine?
* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux w/ xfce4. * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Debian unstable w/ xfce4. |
|
|
|
|
10th August 2004, 16:10
|
#10 |
|
Junior Member
Join Date: Aug 2004
Posts: 4
|
Yes, that was the only one quarantined.
|
|
|
|
|
10th August 2004, 16:57
|
#11 |
|
Senior Member
Join Date: Feb 2003
Posts: 157
|
Here's a screenshot of the alert if anyone is interested.
|
|
|
|
|
10th August 2004, 21:01
|
#12 |
|
Junior Member
Join Date: May 2004
Posts: 2
|
I don't know why Norton is flagging this dll now? I could be wrong but I do belive norton comes out with new virus defs on tuesdays. A dll that can fetch a file from the internet along with a dll to execute a the downloaded file could beconsidered dangerous.. But it is also a great tool.
Nevertheless.. I fixed this Norton problem by rebuilding nsisdl.dll from source. I don't know the detail on why this works, but I am going to look into this more.(to make sure it doesn't happen again) unfortunately I think all clients who are using our old install will have this problem if they are running norton antivirus.. |
|
|
|
|
11th August 2004, 12:19
|
#13 |
|
Senior Member
Join Date: Jan 2004
Location: London, Ontario, Canada
Posts: 272
|
Hello All,
I have quite a few installers, that worked fine yesterday, now the same binary a day later is popping up the Norton Virus Quarantine as posted above. Has anyone found a resolution to this? |
|
|
|
|
11th August 2004, 13:27
|
#14 | |
|
Major Dude
Join Date: Mar 2003
Posts: 569
|
Quote:
http://sourceforge.net/tracker/index...49&atid=373085 |
|
|
|
|
|
11th August 2004, 13:32
|
#15 |
|
Senior Member
Join Date: Jan 2004
Location: London, Ontario, Canada
Posts: 272
|
Live update says there are no new defs. How do I get the ones for August 10th?
[EDIT] N/m I got it. Why can't they just get live update to do it as well! Thanks! [/EDIT] |
|
|
|
|
11th August 2004, 18:28
|
#16 |
|
Junior Member
Join Date: Aug 2004
Posts: 4
|
I can confirm the 8/10/2004 rev. 23 definitions fix the problem. woohoo!
|
|
|
|
|
26th August 2004, 16:47
|
#17 |
|
Junior Member
Join Date: Aug 2004
Location: Portland, OR, USA
Posts: 1
   |
Mcafee is now doing the same thing, defs version 4388
[doh] i should have read the other thread Last edited by go_jesse; 26th August 2004 at 17:20. |
|
|
|
|
26th August 2004, 19:20
|
#18 |
|
Junior Member
Join Date: Dec 2002
Posts: 11
|
I've got McAfee 7.1, Virus Definitions 4388, created on Aug 25th. It is calling nsisdl.dll a "Downloader-OG" trojan. How dare they mess with my NSIS, i oughta......
|
|
|
|
|
27th August 2004, 12:19
|
#19 |
|
Senior Member
Join Date: Jan 2004
Location: The Netherlands
Posts: 260
|
I dont have that problem (using Mcafee). This is kinda weird....
|
|
|
|
|
27th August 2004, 14:00
|
#20 |
|
Senior Member
Join Date: Jan 2004
Location: London, Ontario, Canada
Posts: 272
|
Hello McAfee users,
It states right on the McAfee Customer Support Knowledge Base page that the virus definition files 4388, are incorrectly identifying nsisdl.dll as being a virus. They also state that this has been addressed in the 4389 definitions. However, they haven't released the 4389 definitions as of yet. |
|
|
|
|
27th August 2004, 16:12
|
#21 |
|
Major Dude
Join Date: May 2003
Posts: 676
|
@mcafee users - define "nsisdl.dll" as exception rule (file/folder) for read&write. (access and manually scan)
no target folder needed, just the name cause this dll is mostly used in a nsis-tmp-folder. Greets, Brummelchen |
|
|
|
|
20th May 2006, 11:22
|
#22 |
|
Junior Member
Join Date: May 2006
Posts: 1
|
Symantec's virus definition file dated 18 May 2006 version 17 again shows NSISdl.dll from NSIS 2.16 as infected with Trojan.Download. http://nsis.sourceforge.net has a new version, 2.17, that Symantec does not report as virus infected, but we've manufactured 1500 CD's that include NSISdl.dll and don't want to destroy those CD's because Symantec has a false positive in their definition file.
Any suggestions on the best way to persuade Symantec that their flagging is a false positive? |
|
|
|
|
20th May 2006, 11:27
|
#23 |
|
M.I.A.
[NSIS Dev, Mod] 
Join Date: Oct 2001
Location: Israel
Posts: 11,337
|
Use their own tools to report it or the submission form. There is no need to destroy any CDs, they'll fix it.
More at: http://sourceforge.net/tracker/index...49&atid=373085 NSIS FAQ | NSIS Home Page | Donate $ "I hear and I forget. I see and I remember. I do and I understand." -- Confucius |
|
|
|
 |
|
|||||||
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions.
The free customizable Winamp media player that plays mp3 + other audio files,
syncs your iPod, subscribes to Podcasts and more.
Copyright © 1999 - 2013 Nullsoft. All Rights Reserved.
Linear Mode
