Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

This section is for discussing everything about Next hardware and latest updates.
Post Reply
PiyoTaro
Posts: 179
Joined: Thu Jun 01, 2017 11:13 am

Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by PiyoTaro » Thu Oct 10, 2019 8:33 am

About "System/Next v.1.1 RTM" released on October 1st. When I tried to download a ZIP file today (October 10th at 17:00 on JST), I was notified of a Virus warning from "Windows Security" and was unable to download it.
It has been more than a week since the release, but there was no such report at FB.

Trojan:Win32/Zpevdo.B
(Technically, the hidden folder was archived, so it was judged as a virus?)

System/Next v.1.1 RTM – Core v3.00 RTM, Firmware 1.18, nextZXOS 2.02 RTM!
October 1, 2019 Phoebus Dokos
https://www.specnext.com/latestdistro/

System/Next distribution v.1.1 RTM WITH source code files (zip format) http://www.specnext.com/wp-content/uplo ... ext1.1.zip

User avatar
Sokurah
Posts: 64
Joined: Mon May 29, 2017 9:32 pm
Contact:

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by Sokurah » Thu Oct 10, 2019 9:41 am

I just downloaded it and had no problems. Your antivirus package is probably just reporting it as a false positive.
Website: Tardis Remakes / Mostly remakes of Arcade and ZX Spectrum games.
My games for the Spectrum: Dingo, The Speccies, The Speccies 2 (also for arcade hardware) & Vallation.
Twitter: Sokurah

Ped7g
Posts: 109
Joined: Mon Jul 16, 2018 7:11 pm

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by Ped7g » Thu Oct 10, 2019 11:21 am

> Technically, the hidden folder was archived, so it was judged as a virus?

Don't see that in my linux tools, no hidden folder here (checking the zip format, it looks like attributes are not precisely defined and can be OS specific, so maybe winzip does manage to see some folder as "hidden" in that archive on windows?).

And there's no exe except NextCreator.exe which is way too small to contain Zpevdo trojan (should be around 6+MiB if standalone).

I have even difficult time to imagine what did trigger that report in this particular zip, the definition/pattern must be really hopeless for that one, picking up probably any non-digitally-signed exe and any zip... :D

As long as your own machine isn't already infected, and there's nobody doing man-in-the-middle attack on you tampering with the zip file you did receive, there's basically zero chance it is truly infected, it's normal size (~20.5MB) and from a quick look through it everything seems normal to me, can't imagine how the 6MB trojan would hide there easily...

... I mean, nowadays the AVs are doing so many false positives (I hear about it all the time with new releases of sjasmplus), that I'm tempted to dismiss it very lightly, but it's actually such bizarre situation to detect it on *that* zip, that I would be maybe a bit curious and verify the downloaded zip to have expected size, and maybe scan it with other online AV engines. (if you can somehow download it in the first place, not sure how windows security works ... or just windows ... and not interested to learn it, I'm quite happy without that part of IT).

User avatar
SevenFFF
Posts: 221
Joined: Mon Jun 05, 2017 5:30 pm
Location: USA

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by SevenFFF » Thu Oct 10, 2019 1:07 pm

It’s a false positive. This is my software, which a tile cutter for one of the demos. I’ve checked it, and it’s also been verified as safe by several other virus checkers.

Generally these virus checkers can be quite aggressive, and not particularly accurate when they’re operating in heuristic mode.
Robin Verhagen-Guest
SevenFFF / Threetwosevensixseven / colonel32
NXtel Spectron 2084blog

User avatar
sol_hsa
Posts: 91
Joined: Fri Jun 02, 2017 10:10 am

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by sol_hsa » Fri Oct 11, 2019 9:00 am

Once I was writing a small throwaway tool in c, and windows defender quarantined the executable right after it was compiled..

User avatar
fgeva
Posts: 40
Joined: Wed May 31, 2017 3:20 pm

Re: Virus alert on "System/Next v.1.1 RTM(released on 2019/10/1)" file? (2019/10/10)

Post by fgeva » Fri Oct 11, 2019 10:02 am

I strongly believe that these days the main purpose of virus scanners is to convince you that you need virus scanners, so they must be seen to be doing something.
Backer 754

Post Reply