[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Potential Malware in Pygame 1.9.2a0.win32-py3.2



Viruses are opportunistic. If your stuff is vulnerable when you encounter one, you will catch the crud.

I know someone who loaded Windows from scratch using local media, then patched at MS.com, then downloaded and installed an antivirus product. And the antivirus scan found viruses. =)

She did the same routine a second time and no viruses.

All within two hours. A mystery!

Gumm

On 6/30/2014 10:35, Jeffrey Kleykamp wrote:
That could be but this computer is only a month old. I think this may just be a false positive...


On Mon, Jun 30, 2014 at 1:26 PM, Thomas Kluyver <takowl@xxxxxxxxx> wrote:
I extracted fastevent.pyd, the first file you saw a problem with (md5 cb274a3f1a83260d82957409855ca077), and checked it with virustotal. Still nothing:
https://www.virustotal.com/en-gb/file/30d7c47d4385ff2b16b23544c4525e6699dddcaa7c3ddf3c66f302f78e78c333/analysis/1404149051/

Another possibility is that you have a virus elsewhere on the system which is infecting those files as they get installed.

Thomas


On 30 June 2014 10:01, Jeffrey Kleykamp <jeffrey.kleykamp@xxxxxxxxx> wrote:
The file itself doesn't trip any alarms for me either. After installing and doing 'import pygame' I get the warning. The md5sum is the same for my file.

Jeffrey


On Mon, Jun 30, 2014 at 12:53 PM, Thomas Kluyver <takowl@xxxxxxxxx> wrote:
Did you download this from the pygame website? I've just downloaded that same file and checked it with virustotal (which scans with a load of different AV engines), and it was all clear:
https://www.virustotal.com/en-gb/file/18d88fb656e1868e0949e0189d1a2b03d697bd9d9a539cc7131089b4284157bf/analysis/1404146796/

So I'd suspect it's a false positive, although it's possible that someone is doing a MITM attack to give you a modified download. Check the md5sum of the file you downloaded - it should be:
71e8d3d1679a9d803302ff2923406def

Thomas


On 30 June 2014 07:44, Jeffrey Kleykamp <jeffrey.kleykamp@xxxxxxxxx> wrote:
It also said it was Win32 Malware Gen.

http://www.ehow.com/info_12106213_win32-malwaregen.html

Who made the msi?


On Mon, Jun 30, 2014 at 1:49 AM, diliup gabadamudalige <diliupg@xxxxxxxxx> wrote:
this could be potentially dangerous! does anyone else have more info? i am using this version.


On Mon, Jun 30, 2014 at 3:13 AM, Jeffrey Kleykamp <jeffrey.kleykamp@xxxxxxxxx> wrote:
I just downloaded and installed
pygame-1.9.2a0.win32-py3.2.msi
and my webroot secure anywhere caught some malware in it. I have no idea if this is real or what. Here's the log,


Automated Cleanup Engine
Starting Cleanup at 29/06/2014 - 21:35:57 GMT

Starting Routine> Removing c:\python32\lib\site-packages\pygame\fastevent.pyd...#(PX5: 5958229000E66EC43402003B3C2E0700DECDFB7E - MD5: CB274A3F1A83260D82957409855CA077)...
Deleting File> c:\python32\lib\site-packages\pygame\fastevent.pyd

Automated Cleanup Engine
Starting Cleanup at 29/06/2014 - 21:36:05 GMT

Starting Routine> Removing c:\python32\lib\site-packages\pygame\rwobject.pyd...#(PX5: 9715EE78004EFB243081002B48A504004E3053AE - MD5: 2C5778D0816BEBA8ECC7D1FE11B23384)...
Deleting File> c:\python32\lib\site-packages\pygame\rwobject.pyd

Automated Cleanup Engine
Starting Cleanup at 29/06/2014 - 21:36:13 GMT

Starting Routine> Removing c:\python32\lib\site-packages\pygame\surflock.pyd...#(PX5: 84FADE1C0046001620F7009522A6E30019BD6E14 - MD5: 685D26D6E4EF4ADE48436B92B9118669)...
Deleting File> c:\python32\lib\site-packages\pygame\surflock.pyd


--

   Jeffrey Kleykamp



--
Diliup Gabadamudalige

http://www.diliupg.com
http://soft.diliupg.com/

**********************************************************************************************
This e-mail is confidential. It may also be legally privileged. If you are not the intended recipient or have received it in error, please delete it and all copies from your system and notify the sender immediately by return e-mail. Any unauthorized reading, reproducing, printing or further dissemination of this e-mail or its contents is strictly prohibited and may be unlawful. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
**********************************************************************************************




--

   Jeffrey Kleykamp




--

   Jeffrey Kleykamp




--

   Jeffrey Kleykamp