Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

This section is for discussing everything about Next hardware and latest updates.
Post Reply
PiyoTaro
Posts: 181
Joined: Thu Jun 01, 2017 11:13 am

Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by PiyoTaro » Thu Oct 10, 2019 8:33 am

About "System/Next v.1.1 RTM" released on October 1st. When I tried to download a ZIP file today (October 10th at 17:00 on JST), I was notified of a Virus warning from "Windows Security" and was unable to download it.
It has been more than a week since the release, but there was no such report at FB.

Trojan:Win32/Zpevdo.B
(Technically, the hidden folder was archived, so it was judged as a virus?)
Addendum: 2019/10/27(Error details):
Trojan:Win32/Zpevdo.B

stemnext1.1.zip->systemnext1.1/src/asm/widescreen-demo/widescreensource.zip->source/csharp/Daybreak/bin/Debug/Daybreak.exe
System/Next v.1.1 RTM – Core v3.00 RTM, Firmware 1.18, nextZXOS 2.02 RTM!
October 1, 2019 Phoebus Dokos
https://www.specnext.com/latestdistro/

System/Next distribution v.1.1 RTM WITH source code files (zip format) http://www.specnext.com/wp-content/uplo ... ext1.1.zip
Last edited by PiyoTaro on Sat Oct 26, 2019 5:48 pm, edited 1 time in total.

User avatar
Sokurah
Posts: 65
Joined: Mon May 29, 2017 9:32 pm
Contact:

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by Sokurah » Thu Oct 10, 2019 9:41 am

I just downloaded it and had no problems. Your antivirus package is probably just reporting it as a false positive.
Website: Tardis Remakes / Mostly remakes of Arcade and ZX Spectrum games.
My games for the Spectrum: Dingo, The Speccies, The Speccies 2 (also for arcade hardware) & Vallation.
Twitter: Sokurah

Ped7g
Posts: 111
Joined: Mon Jul 16, 2018 7:11 pm

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by Ped7g » Thu Oct 10, 2019 11:21 am

> Technically, the hidden folder was archived, so it was judged as a virus?

Don't see that in my linux tools, no hidden folder here (checking the zip format, it looks like attributes are not precisely defined and can be OS specific, so maybe winzip does manage to see some folder as "hidden" in that archive on windows?).

And there's no exe except NextCreator.exe which is way too small to contain Zpevdo trojan (should be around 6+MiB if standalone).

I have even difficult time to imagine what did trigger that report in this particular zip, the definition/pattern must be really hopeless for that one, picking up probably any non-digitally-signed exe and any zip... :D

As long as your own machine isn't already infected, and there's nobody doing man-in-the-middle attack on you tampering with the zip file you did receive, there's basically zero chance it is truly infected, it's normal size (~20.5MB) and from a quick look through it everything seems normal to me, can't imagine how the 6MB trojan would hide there easily...

... I mean, nowadays the AVs are doing so many false positives (I hear about it all the time with new releases of sjasmplus), that I'm tempted to dismiss it very lightly, but it's actually such bizarre situation to detect it on *that* zip, that I would be maybe a bit curious and verify the downloaded zip to have expected size, and maybe scan it with other online AV engines. (if you can somehow download it in the first place, not sure how windows security works ... or just windows ... and not interested to learn it, I'm quite happy without that part of IT).

User avatar
SevenFFF
Posts: 222
Joined: Mon Jun 05, 2017 5:30 pm
Location: USA

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by SevenFFF » Thu Oct 10, 2019 1:07 pm

It’s a false positive. This is my software, which a tile cutter for one of the demos. I’ve checked it, and it’s also been verified as safe by several other virus checkers.

Generally these virus checkers can be quite aggressive, and not particularly accurate when they’re operating in heuristic mode.
Robin Verhagen-Guest
SevenFFF / Threetwosevensixseven / colonel32
NXtel Spectron 2084blog

User avatar
sol_hsa
Posts: 91
Joined: Fri Jun 02, 2017 10:10 am

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by sol_hsa » Fri Oct 11, 2019 9:00 am

Once I was writing a small throwaway tool in c, and windows defender quarantined the executable right after it was compiled..

User avatar
fgeva
Posts: 42
Joined: Wed May 31, 2017 3:20 pm

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by fgeva » Fri Oct 11, 2019 10:02 am

I strongly believe that these days the main purpose of virus scanners is to convince you that you need virus scanners, so they must be seen to be doing something.
Backer 754

PiyoTaro
Posts: 181
Joined: Thu Jun 01, 2017 11:13 am

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by PiyoTaro » Sat Oct 26, 2019 5:55 pm

Addendum.
I forgot to post the "filename" of the error file. But what kind of reply did my post have?

On the 22nd, the same notification came from "Windows Security", but I forgot this thread.
The person who wants “try out the new features first” downloads the “no source code” file, so the virus warning was not reported in FB?
PiyoTaro wrote:
Thu Oct 10, 2019 8:33 am
About "System/Next v.1.1 RTM" released on October 1st. When I tried to download a ZIP file today (October 10th at 17:00 on JST), I was notified of a Virus warning from "Windows Security" and was unable to download it.
It has been more than a week since the release, but there was no such report at FB.
Addendum: 2019/10/27(Error details):
Trojan:Win32/Zpevdo.B

stemnext1.1.zip->systemnext1.1/src/asm/widescreen-demo/widescreensource.zip->source/csharp/Daybreak/bin/Debug/Daybreak.exe
System/Next distribution v.1.1 RTM WITH source code files (zip format) http://www.specnext.com/wp-content/uplo ... ext1.1.zip

Post Reply