Page 1 of 1

Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Thu Oct 10, 2019 8:33 am
by PiyoTaro
About "System/Next v.1.1 RTM" released on October 1st. When I tried to download a ZIP file today (October 10th at 17:00 on JST), I was notified of a Virus warning from "Windows Security" and was unable to download it.
It has been more than a week since the release, but there was no such report at FB.

Trojan:Win32/Zpevdo.B
(Technically, the hidden folder was archived, so it was judged as a virus?)
Addendum: 2019/10/27(Error details):
Trojan:Win32/Zpevdo.B

stemnext1.1.zip->systemnext1.1/src/asm/widescreen-demo/widescreensource.zip->source/csharp/Daybreak/bin/Debug/Daybreak.exe
System/Next v.1.1 RTM – Core v3.00 RTM, Firmware 1.18, nextZXOS 2.02 RTM!
October 1, 2019 Phoebus Dokos
https://www.specnext.com/latestdistro/

System/Next distribution v.1.1 RTM WITH source code files (zip format) http://www.specnext.com/wp-content/uplo ... ext1.1.zip

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Thu Oct 10, 2019 9:41 am
by Sokurah
I just downloaded it and had no problems. Your antivirus package is probably just reporting it as a false positive.

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Thu Oct 10, 2019 11:21 am
by Ped7g
> Technically, the hidden folder was archived, so it was judged as a virus?

Don't see that in my linux tools, no hidden folder here (checking the zip format, it looks like attributes are not precisely defined and can be OS specific, so maybe winzip does manage to see some folder as "hidden" in that archive on windows?).

And there's no exe except NextCreator.exe which is way too small to contain Zpevdo trojan (should be around 6+MiB if standalone).

I have even difficult time to imagine what did trigger that report in this particular zip, the definition/pattern must be really hopeless for that one, picking up probably any non-digitally-signed exe and any zip... :D

As long as your own machine isn't already infected, and there's nobody doing man-in-the-middle attack on you tampering with the zip file you did receive, there's basically zero chance it is truly infected, it's normal size (~20.5MB) and from a quick look through it everything seems normal to me, can't imagine how the 6MB trojan would hide there easily...

... I mean, nowadays the AVs are doing so many false positives (I hear about it all the time with new releases of sjasmplus), that I'm tempted to dismiss it very lightly, but it's actually such bizarre situation to detect it on *that* zip, that I would be maybe a bit curious and verify the downloaded zip to have expected size, and maybe scan it with other online AV engines. (if you can somehow download it in the first place, not sure how windows security works ... or just windows ... and not interested to learn it, I'm quite happy without that part of IT).

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Thu Oct 10, 2019 1:07 pm
by SevenFFF
It’s a false positive. This is my software, which a tile cutter for one of the demos. I’ve checked it, and it’s also been verified as safe by several other virus checkers.

Generally these virus checkers can be quite aggressive, and not particularly accurate when they’re operating in heuristic mode.

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Fri Oct 11, 2019 9:00 am
by sol_hsa
Once I was writing a small throwaway tool in c, and windows defender quarantined the executable right after it was compiled..

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Fri Oct 11, 2019 10:02 am
by fgeva
I strongly believe that these days the main purpose of virus scanners is to convince you that you need virus scanners, so they must be seen to be doing something.

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Posted: Sat Oct 26, 2019 5:55 pm
by PiyoTaro
Addendum.
I forgot to post the "filename" of the error file. But what kind of reply did my post have?

On the 22nd, the same notification came from "Windows Security", but I forgot this thread.
The person who wants “try out the new features first” downloads the “no source code” file, so the virus warning was not reported in FB?
PiyoTaro wrote:
Thu Oct 10, 2019 8:33 am
About "System/Next v.1.1 RTM" released on October 1st. When I tried to download a ZIP file today (October 10th at 17:00 on JST), I was notified of a Virus warning from "Windows Security" and was unable to download it.
It has been more than a week since the release, but there was no such report at FB.
Addendum: 2019/10/27(Error details):
Trojan:Win32/Zpevdo.B

stemnext1.1.zip->systemnext1.1/src/asm/widescreen-demo/widescreensource.zip->source/csharp/Daybreak/bin/Debug/Daybreak.exe
System/Next distribution v.1.1 RTM WITH source code files (zip format) http://www.specnext.com/wp-content/uplo ... ext1.1.zip