[vim/vim] [Win32] uninstall-gui.exe has been detected as a virus (#2933)
Linwei
version: GVim 8.1.1
uninstall-gui.exe is extracted from gvim_8.1.0001_x86.exe. and it has been detected as a virus recently:
Kaspersky reported a Trojan-Ransom.Win32.Agent.gen in uninstall-gui.exe after installing gvim 8.1.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
Linwei
Tony Mechelynck
This is a repeat phenomenon on Windows: the same self-installers are used for both viruses and legitimate payloads, and it quite often happens that antivirus software erroneously latches on some code present in the common self-installer code rather than in the specific payload. The last I heard, Vim itself was not infected, but your antivirus detector might well be mistaken — as I said, that often happens, especialy with self-installers for every kind of software payloads. Also sometimes with zipped executables. If I were you, I would complain to my antivirus company.
A more radical solution would be to switch to Linux: that's what I did a few years ago, and I'm not going back, because I'm happier this way (not to mention the infinitely better quality-price ratio, and that's a mathematician talking); but maybe you aren't yet ready yet for that move. If and when you do, I recommend openSUSE, which has quite a Windows-like look and feel, but, like all Unix-like OSes, with more stress on console use, similar to what used to be the case with DOS's COMMAND.COM, and of course on Unix-like backends and the Linux kernel. I call it "the best of two worlds".
Best regards,
Tony.
K.Takata
Please report to the AV software vendor like #2895.
We don't have resources to report these kind of false-positive cases to each AV vendor.
Technically, this might be solved by code signing, but it's not free of charge. So it's not an option.
K.Takata
Closed #2933.
Bram Moolenaar
> version: GVim 8.1.1
>
> `uninstall-gui.exe` is extracted from [gvim_8.1.0001_x86.exe](https://github.com/vim/vim-win32-installer/releases/download/v8.1.0001/gvim_8.1.0001_x86.exe). and it has been detected as a virus recently:
>
> 
>
> Kaspersky reported a Trojan-Ransom.Win32.Agent.gen in `uninstall-gui.exe` after installing gvim 8.1.
warning. The size of the file is 45'424 bytes.
--
There are two ways of constructing a software design. One way is to make
it so simple that there are obviously no deficiencies. The other way
is to make it so complicated that there are no obvious deficiencies.
-C.A.R. Hoare
/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Gary Johnson
>
> > version: GVim 8.1.1
> >
> > `uninstall-gui.exe` is extracted from [gvim_8.1.0001_x86.exe](https://
> github.com/vim/vim-win32-installer/releases/download/v8.1.0001/
> gvim_8.1.0001_x86.exe). and it has been detected as a virus recently:
> >
> > 
> >
> > Kaspersky reported a Trojan-Ransom.Win32.Agent.gen in `uninstall-gui.exe`
> after installing gvim 8.1.
>
> I checked with Avira and it didn't see a problem. Most likely a bogus
> warning. The size of the file is 45'424 bytes.
from https://github.com/vim/vim-win32-installer/releases. The
corporate IT watchdog program said that uninstall-gui.exe was on its
list of unsafe programs and refused to run it. The installer itself
proceeded as though the uninstaller had been run successfully.
This is the first update to 8.1 I've tried since installing 8.1.1 so
it's the first time I've run the 8.1 uninstaller.
When the installer continued with the actual installation process
and presented the list of optional items to install, I unchecked the
desktop icons, startup menu and context menu items since they had
already been installed by the original installer, had not been
uninstalled, and because I was concerned about installing any of
those twice.
The update to 8.1.31 seems to have been successful. Is this an OK
workaround to the bogus virus detection problem? Am I missing
anything important by not running uninstall-gui.exe?
Regards,
Gary
vim-dev ML
>
> >
> > `uninstall-gui.exe` is extracted from [gvim_8.1.0001_x86.exe](https://
> github.com/vim/vim-win32-installer/releases/download/v8.1.0001/
> >
> > 
> >
> after installing gvim 8.1.
>
> warning. The size of the file is 45'424 bytes.
I ran into this problem when running gvim_8.1.0031_x86.exe obtained
from https://github.com/vim/vim-win32-installer/releases. The
corporate IT watchdog program said that uninstall-gui.exe was on its
list of unsafe programs and refused to run it. The installer itself
proceeded as though the uninstaller had been run successfully.
This is the first update to 8.1 I've tried since installing 8.1.1 so
it's the first time I've run the 8.1 uninstaller.
When the installer continued with the actual installation process
and presented the list of optional items to install, I unchecked the
desktop icons, startup menu and context menu items since they had
already been installed by the original installer, had not been
uninstalled, and because I was concerned about installing any of
those twice.
The update to 8.1.31 seems to have been successful. Is this an OK
workaround to the bogus virus detection problem? Am I missing
anything important by not running uninstall-gui.exe?
Regards,
Gary