Windows 10: "Trojan: Win32/Spursint.F!cl"

1,808 views
Skip to first unread message

arcu...@gmail.com

unread,
Oct 28, 2016, 4:37:10 AM10/28/16
to ChromeDriver Users
Hi,
after more than a decade of Linux/Mac, gave a try to Windows 10 on a new machine. Trying to download ChromeDriver, and Windows deletes it stating it is a malware...

Downloading from the main entry after a Google search:

http://chromedriver.storage.googleapis.com/index.html?path=2.25/


and Windows 10 for further info points to

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fSpursint.F!cl&threatid=2147717281&enterprise=0


Now, I see 4 cases:

1) that file is indeed compromised

2) Windows 10 malware detection is "crap", ie a false positive

3) Man-in-the-Middle attack (I arrived to that URL from a https one "https://sites.google.com/a/chromium.org/chromedriver/downloads", but "chromedriver.storage.googleapis.com" is on http...)

4) something completely different...

any thoughts?


Sam Uong

unread,
Oct 28, 2016, 8:04:19 PM10/28/16
to arcu...@gmail.com, ChromeDriver Users
That's concerning, thanks for reporting this. What is the MD5 checksum of the zip file that you downloaded? It should be "2727729883ac960c2edd63558f08f601".

To compute the checksum, you can use FCIV: https://support.microsoft.com/en-us/kb/889768
or CertUtil, which is built-in to Windows: http://serverfault.com/a/706165

Sam.

--
You received this message because you are subscribed to the Google Groups "ChromeDriver Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromedriver-us...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

arcu...@gmail.com

unread,
Oct 31, 2016, 5:21:05 AM10/31/16
to ChromeDriver Users, arcu...@gmail.com
I tried again today, and now it works fine...

so it was either a MitM (unlikely), or Windows 10 that screwed up (more likely)

Sam Uong

unread,
Oct 31, 2016, 4:20:00 PM10/31/16
to arcu...@gmail.com, ChromeDriver Users
That's good to hear. It appears that several AV vendors were falsely detecting malware in the ChromeDriver binary, and have since stopped. But if you see any warnings in the future, please let us know.

Sam.

seaha...@gmail.com

unread,
Feb 14, 2017, 2:17:01 AM2/14/17
to ChromeDriver Users, arcu...@gmail.com
Same thing happened to me 2/13/2017 trying to download a popular price finder Chrome Extension from https://www.joinhoney.com , the download was stopped by Microsoft Security Essentials saying the virus was Win32/Spursint.F!cl .
Reply all
Reply to author
Forward
0 new messages