Installer and ipoint.exe/itype.exe conflict

[Dee Tooké]

I'm trying to understand how the Windows 64-bit installer would be trying to modify files that my machine currently has locked by ipoint.exe (the mouse handler) and itype.exe (the keyboard handler).

The installer is asking if it's OK to terminate those two tasks so it can continue.

That makes me suspicious that the installer download (which came from the tortoisesvn links to sourceforge) may have been infected by a keylogger/mouselogger. Why else would an svn client need access to anything that a keyboard or mouse handler is using. I don't expect tortoise to be modifying any of my standard Windows library files.

Attempted to attach this screenshot but I guess I haven't been here long enough to be allowed:
http://i.imgur.com/iZPB7qb.png

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3068757

To unsubscribe from this discussion, e-mail: [users-un...@tortoisesvn.tigris.org].

[Gavin Lambert]

On 19/11/2013 07:10, Quoth Dee Tooké:

> I'm trying to understand how the Windows 64-bit installer would be
> trying to modify files that my machine currently has locked by
> ipoint.exe (the mouse handler) and itype.exe (the keyboard handler).
>
> The installer is asking if it's OK to terminate those two tasks so it can continue.
>
> That makes me suspicious that the installer download (which came from
> the tortoisesvn links to sourceforge) may have been infected by a
> keylogger/mouselogger. Why else would an svn client need access to
> anything that a keyboard or mouse handler is using. I don't expect
> tortoise to be modifying any of my standard Windows library files.

It's fairly common, especially if you don't frequently install software,
or do Windows Updates.

The most likely thing is that they both happen to use the same shared
library (eg. the C++ runtime library), and TSVN wants to install an
updated version of it.

Also note that ipoint and itype aren't actually system files -- they're
providing extra services (typically configuration for non-standard
buttons for your mouse/keyboard) but if something *wanted* to do
key/mouse logging it wouldn't need to go anywhere near them.

If you want to be paranoid, you can submit the installer to
virustotal.com, which will scan it with most antivirus/malware scanners.
If most of them say the file is ok, you should be fine. (Note that
occasionally one or two might report a false positive.)

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3068792

[Dee Tooké]

Thanks Gavin. It goes against all my natural anti malware urges but I'll go for it. I scanned with Avast, Spybot and MalwareBytes. That'll have to be enough.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3068793

[Gavin Lambert]

On 19/11/2013 11:36, Quoth Dee Tooké:

> Thanks Gavin. It goes against all my natural anti malware urges but
> I'll go for it. I scanned with Avast, Spybot and MalwareBytes.
> That'll have to be enough.

Well, by the time it tells you it wants to close those things down, it's
too late anyway, if it really were infected with something. That's why
you scan things before you run them. :)

In any case, the TSVN installers are signed -- you can just verify the
signature (which Windows does automatically before granting admin
permissions -- though it relies on you to check the developer name) to
ensure that the file hasn't been tampered with after it left Stefan's hands.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3068800