Malware Alert

General discussions about Log4OM features
w8lmg
Novice Class
Posts: 7
Joined: 04 Sep 2015, 22:35

Malware Alert

Post by w8lmg »

I downloaded the latest ver of Omnirig and this morning had to reinstall Log40M after Windows Defender removed LogOMUI.exe. I had no choice but to reinstall Log40M and once again was alerted to the presence of Trojan:Win32/Fethar.B!cl
which was removed.
I do not have nor can I load Log40M. Can the developer team check to see the status of their files and remove this trojan?
Attachments
Log40Trojan.JPG
Log40Trojan.JPG (35.29 KiB) Viewed 8213 times
Mac Gray W8LMG
"The Quiet Zone"
K7PT
Old Man
Posts: 723
Joined: 21 Jan 2013, 13:54

Re: Malware Alert

Post by K7PT »

Mac,
What your seeing is a false positive.

Are you installing Log4OM as Administrator? You need to install and run as Admin.
K7PT-Chuck "#1 Top of the Honor Roll"
w8lmg
Novice Class
Posts: 7
Joined: 04 Sep 2015, 22:35

Re: Malware Alert

Post by w8lmg »

Chuck, yes, as administrator. Windows Defender removed the file as indicated in my first post. I had no choice then but to download and reinstall Log40M and the same thing happened.
It appears there is a Trojan in the latest ver of Log40M which prevents installation.
I hope I am wrong but I have tried on two different computers with the same result.

Your comments/suggestions are welcome.
Mac Gray W8LMG
"The Quiet Zone"
K7PT
Old Man
Posts: 723
Joined: 21 Jan 2013, 13:54

Re: Malware Alert

Post by K7PT »

We have several hundred users that have downloaded and installed Log4OM and you are first, that I know of, that has encountered this. I think it's Defender causing the false/positive.

Try turning off Defender. I am only offering a suggestion. Use your own good sense.

Do you have a antivirus program that you can scan the downloaded file with??? Like AVG, or some other program.
K7PT-Chuck "#1 Top of the Honor Roll"
User avatar
G4POP
Log4OM Alpha Team
Posts: 10753
Joined: 21 Jan 2013, 14:55
Location: Burnham on Crouch, Essex UK

Re: Malware Alert

Post by G4POP »

K7PT wrote:We have several hundred users that have downloaded and installed Log4OM and you are first, that I know of, that has encountered this. I think it's Defender causing the false/positive.
Actually its several thousand downloads and there was just one other report which was as Chuck says a false positive.

I have downloaded this version many times without issue
73 Terry G4POP
User avatar
AA6E
Novice Class
Posts: 10
Joined: 06 Jun 2015, 20:59
Location: FN32
Contact:

Re: Malware Alert

Post by AA6E »

I am seeing this problem (fethar.B!cl) also found by Windows Defender on up-to-date Windows 10.

I reloaded Log4OM and it ran ok for about 5 days of light operations, then croaked again. So it appears that the binary is OK, but is getting polluted somehow. Perhaps it is one of the external databases getting something bad?

Specifically what I see is

Trojan:Win32/Fethar.B!cl / severe

found in ...IW3HMH\Log4OM\LogOMUI.exe

Some folks are suggesting this is a "false positive", which I suppose is possible. However, nobody should continue to run an app that reports a virus IMHO. It's just too risky.

I will try disabling external db's (i.e. disable auto update) to see if that helps.

Thanks for any help!

73 Martin AA6E
User avatar
AA6E
Novice Class
Posts: 10
Joined: 06 Jun 2015, 20:59
Location: FN32
Contact:

Re: Malware Alert

Post by AA6E »

Problem continues. Log4OM has now been killed for the 3rd time by Windows Defender. The interval was 5-6 days, if that means anything, even with "automatic updates" disabled. The situation now is that Win Defender will not allow me to re-install Log4OM_1_25_0_0.exe at all, saying that it finds the virus in that file.

That means that Log4OM is dead for me, unless I whitelist the problem, which is generally not a good thing to do! If this is truly a false positive, maybe the next build will pass the test?

Thanks for any help.

73 Martin AA6E
User avatar
AA6E
Novice Class
Posts: 10
Joined: 06 Jun 2015, 20:59
Location: FN32
Contact:

Re: Malware Alert

Post by AA6E »

Note: https://github.com/gluck/il-repack/issues/152

Same issue, probably false positive. Does Log4OM use this routine?
N6VH
Old Man
Posts: 186
Joined: 07 Nov 2015, 15:41

Re: Malware Alert

Post by N6VH »

I submitted the Log4OM 1.25 install file, as well as the .exe files in the Log4OM folder, to virustotal.com. They all came up clean.

Jim N6VH
G3ZSS
Old Man
Posts: 228
Joined: 21 Jan 2013, 15:32

Re: Malware Alert

Post by G3ZSS »

My Log4OM crashed yesterday and Windows Defender also reported the Trojan fethar.B!cl. I tried deleting and reinstalling Log4OM but still got the same problem - it would not install. I downloaded a trial version of Bitdefender and then ran a full system scan. Bitdefender reported one infected file and a few questionable files on my PC. Once these were all cleaned up, I could successfully install Log4OM again. Phew... My other lesson was Dropbox is not secure, as Bitdefender found a few files on Dropbox infected with "ransomware" - these were in a folder on Dropbox that I had not used in a while, and did not mind shredding. So I do suggest you go into the Bitdefender Modules and run a full system scan (mine took 3 hours!). 73 Peter, G3ZSS.
73 Peter G3ZSS
Locked