Tryed to get win32forth today from sourceforge, and Microsoft Security Essentials found Worm: Win32/Orbina!rts - details below. Sorry that it is in German, but I guess you get the essentials.
Beschreibung: Dieses Programm ist gefährlich. Es verbreitet sich selbst über eine Netzwerkverbindung.
Empfohlene Aktion: Lassen Sie dieses entdeckte Element nur zu, wenn Sie dem Programm oder dem Softwareherausgeber vertrauen.
Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung.
Elemente: containerfile:C:\Dokumente und Einstellungen\Michael\Eigene Dateien \w32f61200.exe file:C:\Dokumente und Einstellungen\Michael\Eigene Dateien \w32f61200.exe->(nsis-3-fkernel.exe) webfile:c:\Dokumente und Einstellungen\All Users\Anwendungsdaten \Microsoft\Microsoft Antimalware\LocalCopy\{66A50D87-3169-4DE2-A80D- B32924E041DF}-w32f61200.exe|http://heanet.dl.sourceforge.net/project/ win32forth/Win32Forth%20-%20stable%20release/Win32forth%20V6.12.00/ w32f61200.exe webfile:C:\Dokumente und Einstellungen\Michael\Eigene Dateien \w32f61200.exe|http://heanet.dl.sourceforge.net/project/win32forth/ Win32Forth%20-%20stable%20release/Win32forth%20V6.12.00/w32f61200.exe
> Tryed to get win32forth today from sourceforge, and Microsoft Security > Essentials found > Worm: Win32/Orbina!rts - details below. Sorry that it is in German, > but I guess you get the essentials.
> Beschreibung: Dieses Programm ist gefährlich. Es verbreitet sich > selbst über eine Netzwerkverbindung.
> Empfohlene Aktion: Lassen Sie dieses entdeckte Element nur zu, wenn > Sie dem Programm oder dem Softwareherausgeber vertrauen.
> Security Essentials hat Programme erkannt, die Ihre Privatsphäre > gefährden oder Ihren Computer beschädigen könnten. Sie können auf die > von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne > sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese > Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen > anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als > Administrator an, oder bitten Sie den Sicherheitsadministrator um > Unterstützung.
> Elemente: > containerfile:C:\Dokumente und Einstellungen\Michael\Eigene Dateien > \w32f61200.exe > file:C:\Dokumente und Einstellungen\Michael\Eigene Dateien > \w32f61200.exe->(nsis-3-fkernel.exe) > webfile:c:\Dokumente und Einstellungen\All Users\Anwendungsdaten > \Microsoft\Microsoft Antimalware\LocalCopy\{66A50D87-3169-4DE2-A80D- > B32924E041DF}-w32f61200.exe|http://heanet.dl.sourceforge.net/project/ > win32forth/Win32Forth%20-%20stable%20release/Win32forth%20V6.12.00/ > w32f61200.exe > webfile:C:\Dokumente und Einstellungen\Michael\Eigene Dateien > \w32f61200.exe|http://heanet.dl.sourceforge.net/project/win32forth/ > Win32Forth%20-%20stable%20release/Win32forth%20V6.12.00/w32f61200.exe
It's common to get hits due to the nature of the executable code; it's perfectly safe, however.
On 17 Mai, 19:20, Alex McDonald <b...@rivadpm.com> wrote:
> On May 17, 10:04 pm, Michael <michael.ka...@onlinehome.de> wrote:
> > Tryed to get win32forth today from sourceforge, and Microsoft Security > > Essentials found > > Worm: Win32/Orbina!rts - details below.
> It's common to get hits due to the nature of the executable code; it's > perfectly safe, however.
It's interesting: Win32Forth version 6.12 gets complaints from various anti-virus software. Until I excluded the Win32Forth (version 6.12) folder from searching, my avast anti-virus snatched away and pinched Win32for.exe every time - but not so with Win32Forth version 6.14: there are no complaints about version 6.14 - and no complaints about version 4.2 neither.
Despite Win32Forth version 6.14 being better off, it is irritating that it says on sourceforge:
Looking for the latest version? Download Win32Forth V6.14.00 (5.9 MB) but: Win32Forth - stable release: Win32forth V6.12.00 2007-07-14 etc.
I am reading this text in a way that version 6.14. is not a stable release, and other people may do so, too, and get in trouble with their av-software when loading and/or using version 6.12. Strange somehow.
> On 17 Mai, 19:20, Alex McDonald <b...@rivadpm.com> wrote: > > On May 17, 10:04 pm, Michael <michael.ka...@onlinehome.de> wrote: > > > Tryed to get win32forth today from sourceforge, and Microsoft Security > > > Essentials found > > > Worm: Win32/Orbina!rts - details below.
> > It's common to get hits due to the nature of the executable code; > > it's perfectly safe, however.
> It's interesting: Win32Forth version 6.12 gets complaints from various > anti-virus software.
Personally, I've never gotten a false positive from anti-virus scanner no matter how strict the scan. If doesn't pass your virus scanner, don't use it. I think I'm going to re-run some on Win32Forth 6.12...
> > On 17 Mai, 19:20, Alex McDonald <b...@rivadpm.com> wrote: > > > On May 17, 10:04 pm, Michael <michael.ka...@onlinehome.de> wrote: > > > > Tryed to get win32forth today from sourceforge, and Microsoft Security > > > > Essentials found > > > > Worm: Win32/Orbina!rts - details below.
> > > It's common to get hits due to the nature of the executable code; > > > it's perfectly safe, however.
> > It's interesting: Win32Forth version 6.12 gets complaints from various > > anti-virus software.
> Personally, I've never gotten a false positive from anti-virus scanner no > matter how strict the scan. If doesn't pass your virus scanner, don't use > it. I think I'm going to re-run some on Win32Forth 6.12...
> Rod Pemberton
The problem is the PE header built by 6.12, and the way the code section is declared in it with a length descriptor that contains a value that far exceeds the actual length of the section. It was addressed in 6.14.
> > On 17 Mai, 19:20, Alex McDonald <b...@rivadpm.com> wrote: > > > On May 17, 10:04 pm, Michael <michael.ka...@onlinehome.de> wrote: > > > > Tryed to get win32forth today from sourceforge, and Microsoft Security > > > > Essentials found > > > > Worm: Win32/Orbina!rts - details below.
> > > It's common to get hits due to the nature of the executable code; > > > it's perfectly safe, however.
> > It's interesting: Win32Forth version 6.12 gets complaints from various > > anti-virus software.
> Personally, I've never gotten a false positive from anti-virus scanner no > matter how strict the scan. If doesn't pass your virus scanner, don't use > it. I think I'm going to re-run some on Win32Forth 6.12...
Then you have never used Panda AV or AVG They complain with Win32Forth 6.12 and 6.14 on Windows XP, Vista and 7.
> > > On 17 Mai, 19:20, Alex McDonald <b...@rivadpm.com> wrote: > > > > On May 17, 10:04 pm, Michael <michael.ka...@onlinehome.de> wrote: > > > > > Tryed to get win32forth today from sourceforge, and Microsoft Security > > > > > Essentials found > > > > > Worm: Win32/Orbina!rts - details below.
> > > > It's common to get hits due to the nature of the executable code; > > > > it's perfectly safe, however.
> > > It's interesting: Win32Forth version 6.12 gets complaints from various > > > anti-virus software.
> > Personally, I've never gotten a false positive from anti-virus scanner no > > matter how strict the scan. If doesn't pass your virus scanner, don't use > > it. I think I'm going to re-run some on Win32Forth 6.12...
> > Rod Pemberton
> The problem is the PE header built by 6.12, and the way the code > section is declared in it with a length descriptor that contains a > value that far exceeds the actual length of the section. It was > addressed in 6.14.
I get AV flags on version 6.14 from SuperAntiSpyware (with current updates). I forget the exact messsage, but it is something about a Trojan and I think a name Haoge or similar. I was just running a scan but it won't let me go back to see the report. First I have to reboot the computer and by the time that is done I'll likely not remember what Forth is much less this thread... life with no memory is a pita.
> > > On 17 Mai, 19:20, Alex McDonald <b...@rivadpm.com> wrote: > > > > On May 17, 10:04 pm, Michael <michael.ka...@onlinehome.de> wrote: > > > > > Tryed to get win32forth today from sourceforge, and Microsoft Security > > > > > Essentials found > > > > > Worm: Win32/Orbina!rts - details below.
> > > > It's common to get hits due to the nature of the executable code; > > > > it's perfectly safe, however.
> > > It's interesting: Win32Forth version 6.12 gets complaints from various > > > anti-virus software.
> > Personally, I've never gotten a false positive from anti-virus scanner no > > matter how strict the scan. If doesn't pass your virus scanner, don't use > > it. I think I'm going to re-run some on Win32Forth 6.12...
> Then you have never used Panda AV or AVG > They complain with Win32Forth 6.12 and 6.14 on Windows XP, Vista and > 7.
> groetjes Coos
I'd be interested to know why that's the case. Macafee makes no complaint about either version.
