[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2



Nice to see the pygame list responding to this. Thanks for the report
jeffrey and thanks Thomas for the triage :)

On Mon, Jun 30, 2014 at 10:35 AM, Jeffrey Kleykamp
<jeffrey.kleykamp@xxxxxxxxx> wrote:
> That could be but this computer is only a month old. I think this may just
> be a false positive...
>
>
> On Mon, Jun 30, 2014 at 1:26 PM, Thomas Kluyver <takowl@xxxxxxxxx> wrote:
>>
>> I extracted fastevent.pyd, the first file you saw a problem with (md5
>> cb274a3f1a83260d82957409855ca077), and checked it with virustotal. Still
>> nothing:
>>
>> https://www.virustotal.com/en-gb/file/30d7c47d4385ff2b16b23544c4525e6699dddcaa7c3ddf3c66f302f78e78c333/analysis/1404149051/
>>
>> Another possibility is that you have a virus elsewhere on the system which
>> is infecting those files as they get installed.
>>
>> Thomas
>>
>>
>> On 30 June 2014 10:01, Jeffrey Kleykamp <jeffrey.kleykamp@xxxxxxxxx>
>> wrote:
>>>
>>> The file itself doesn't trip any alarms for me either. After installing
>>> and doing 'import pygame' I get the warning. The md5sum is the same for my
>>> file.
>>>
>>> Jeffrey
>>>
>>>
>>> On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver <takowl@xxxxxxxxx>
>>> wrote:
>>>>
>>>> Did you download this from the pygame website? I've just downloaded that
>>>> same file and checked it with virustotal (which scans with a load of
>>>> different AV engines), and it was all clear:
>>>>
>>>> https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/
>>>>
>>>> So I'd suspect it's a false positive, although it's possible that
>>>> someone is doing a MITM attack to give you a modified download. Check the
>>>> md5sum of the file you downloaded - it should be:
>>>> 71e8d3d1679a9d803302ff2923406def
>>>>
>>>> Thomas
>>>>
>>>>
>>>> On 30 June 2014 07:44, Jeffrey Kleykamp <jeffrey.kleykamp@xxxxxxxxx>
>>>> wrote:
>>>>>
>>>>> It also said it was Win32 Malware Gen.
>>>>>
>>>>> http://www.ehow.com/info_12106213_win32-malwaregen.html
>>>>>
>>>>> Who made the msi?
>>>>>
>>>>>
>>>>> On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige
>>>>> <diliupg@xxxxxxxxx> wrote:
>>>>>>
>>>>>> this could be potentially dangerous! does anyone else have more info?
>>>>>> i am using this version.
>>>>>>
>>>>>>
>>>>>> On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp
>>>>>> <jeffrey.kleykamp@xxxxxxxxx> wrote:
>>>>>>>
>>>>>>> I just downloaded and installed
>>>>>>> pygame-1.9.2a0.win32-py3.2.msi
>>>>>>> and my webroot secure anywhere caught some malware in it. I have no
>>>>>>> idea if this is real or what. Here's the log,
>>>>>>>
>>>>>>>
>>>>>>> Automated Cleanup Engine
>>>>>>> Starting Cleanup at 29/06/2014 - 21:35:57 GMT
>>>>>>>
>>>>>>> Starting Routine> Removing
>>>>>>> c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5:
>>>>>>> 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5:
>>>>>>> CB274A3F1A83260D82957409855CA077)...
>>>>>>> Deleting File> c:\python32\lib\site-packages\pygame\fastevent.pyd
>>>>>>>
>>>>>>> Automated Cleanup Engine
>>>>>>> Starting Cleanup at 29/06/2014 - 21:36:05 GMT
>>>>>>>
>>>>>>> Starting Routine> Removing
>>>>>>> c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5:
>>>>>>> 9715EE78004EFB243081002B48A504004E3053AE - MD5:
>>>>>>> 2C5778D0816BEBA8ECC7D1FE11B23384)...
>>>>>>> Deleting File> c:\python32\lib\site-packages\pygame\rwobject.pyd
>>>>>>>
>>>>>>> Automated Cleanup Engine
>>>>>>> Starting Cleanup at 29/06/2014 - 21:36:13 GMT
>>>>>>>
>>>>>>> Starting Routine> Removing
>>>>>>> c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5:
>>>>>>> 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5:
>>>>>>> 685D26D6E4EF4ADE48436B92B9118669)...
>>>>>>> Deleting File> c:\python32\lib\site-packages\pygame\surflock.pyd
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>       Jeffrey Kleykamp
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Diliup Gabadamudalige
>>>>>>
>>>>>> http://www.diliupg.com
>>>>>> http://soft.diliupg.com/
>>>>>>
>>>>>>
>>>>>> **********************************************************************************************
>>>>>> This e-mail is confidential. It may also be legally privileged. If you
>>>>>> are not the intended recipient or have received it in error, please delete
>>>>>> it and all copies from your system and notify the sender immediately by
>>>>>> return e-mail. Any unauthorized reading, reproducing, printing or further
>>>>>> dissemination of this e-mail or its contents is strictly prohibited and may
>>>>>> be unlawful. Internet communications cannot be guaranteed to be timely,
>>>>>> secure, error or virus-free. The sender does not accept liability for any
>>>>>> errors or omissions.
>>>>>>
>>>>>> **********************************************************************************************
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>       Jeffrey Kleykamp
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>       Jeffrey Kleykamp
>>
>>
>
>
>
> --
>
>       Jeffrey Kleykamp



-- 
A musician must make music, an artist must paint, a poet must write,
if he is to be ultimately at peace with himself.
- Abraham Maslow