Page 1 of 2

Malware Alert

Posted: 03 May 2016, 11:19
by w8lmg
I downloaded the latest ver of Omnirig and this morning had to reinstall Log40M after Windows Defender removed LogOMUI.exe. I had no choice but to reinstall Log40M and once again was alerted to the presence of Trojan:Win32/Fethar.B!cl
which was removed.
I do not have nor can I load Log40M. Can the developer team check to see the status of their files and remove this trojan?

Re: Malware Alert

Posted: 03 May 2016, 11:47
by K7PT
Mac,
What your seeing is a false positive.

Are you installing Log4OM as Administrator? You need to install and run as Admin.

Re: Malware Alert

Posted: 03 May 2016, 12:00
by w8lmg
Chuck, yes, as administrator. Windows Defender removed the file as indicated in my first post. I had no choice then but to download and reinstall Log40M and the same thing happened.
It appears there is a Trojan in the latest ver of Log40M which prevents installation.
I hope I am wrong but I have tried on two different computers with the same result.

Your comments/suggestions are welcome.

Re: Malware Alert

Posted: 03 May 2016, 12:17
by K7PT
We have several hundred users that have downloaded and installed Log4OM and you are first, that I know of, that has encountered this. I think it's Defender causing the false/positive.

Try turning off Defender. I am only offering a suggestion. Use your own good sense.

Do you have a antivirus program that you can scan the downloaded file with??? Like AVG, or some other program.

Re: Malware Alert

Posted: 03 May 2016, 12:34
by G4POP
K7PT wrote:We have several hundred users that have downloaded and installed Log4OM and you are first, that I know of, that has encountered this. I think it's Defender causing the false/positive.
Actually its several thousand downloads and there was just one other report which was as Chuck says a false positive.

I have downloaded this version many times without issue

Re: Malware Alert

Posted: 11 May 2016, 00:48
by AA6E
I am seeing this problem (fethar.B!cl) also found by Windows Defender on up-to-date Windows 10.

I reloaded Log4OM and it ran ok for about 5 days of light operations, then croaked again. So it appears that the binary is OK, but is getting polluted somehow. Perhaps it is one of the external databases getting something bad?

Specifically what I see is

Trojan:Win32/Fethar.B!cl / severe

found in ...IW3HMH\Log4OM\LogOMUI.exe

Some folks are suggesting this is a "false positive", which I suppose is possible. However, nobody should continue to run an app that reports a virus IMHO. It's just too risky.

I will try disabling external db's (i.e. disable auto update) to see if that helps.

Thanks for any help!

73 Martin AA6E

Re: Malware Alert

Posted: 16 May 2016, 21:30
by AA6E
Problem continues. Log4OM has now been killed for the 3rd time by Windows Defender. The interval was 5-6 days, if that means anything, even with "automatic updates" disabled. The situation now is that Win Defender will not allow me to re-install Log4OM_1_25_0_0.exe at all, saying that it finds the virus in that file.

That means that Log4OM is dead for me, unless I whitelist the problem, which is generally not a good thing to do! If this is truly a false positive, maybe the next build will pass the test?

Thanks for any help.

73 Martin AA6E

Re: Malware Alert

Posted: 17 May 2016, 01:13
by AA6E
Note: https://github.com/gluck/il-repack/issues/152

Same issue, probably false positive. Does Log4OM use this routine?

Re: Malware Alert

Posted: 17 May 2016, 16:59
by N6VH
I submitted the Log4OM 1.25 install file, as well as the .exe files in the Log4OM folder, to virustotal.com. They all came up clean.

Jim N6VH

Re: Malware Alert

Posted: 18 May 2016, 13:58
by G3ZSS
My Log4OM crashed yesterday and Windows Defender also reported the Trojan fethar.B!cl. I tried deleting and reinstalling Log4OM but still got the same problem - it would not install. I downloaded a trial version of Bitdefender and then ran a full system scan. Bitdefender reported one infected file and a few questionable files on my PC. Once these were all cleaned up, I could successfully install Log4OM again. Phew... My other lesson was Dropbox is not secure, as Bitdefender found a few files on Dropbox infected with "ransomware" - these were in a folder on Dropbox that I had not used in a while, and did not mind shredding. So I do suggest you go into the Bitdefender Modules and run a full system scan (mine took 3 hours!). 73 Peter, G3ZSS.