RSS/Atom feed Twitter
Site is read-only, email is disabled
  1. Chat
  2. Useful links
  3. Polls

Featured content

Virus

This discussion is connected to the gimp-user-list.gnome.org mailing list which is provided by the GIMP developers and not related to gimpusers.com.

This is a read-only list on gimpusers.com so this discussion thread is read-only, too.

5 of 5 messages available
Toggle history

Please log in to manage your subscriptions.
Virus susanem 29 Apr 09:25
  Virus Michael Schumacher 30 Apr 09:22
   Virus Joel Rees 30 Apr 10:28
    Virus Steve Kinney 30 Apr 17:18
   Virus susanem 30 Apr 12:40
susanem
2018-04-29 09:25:22 UTC (almost 6 years ago)
postings
2

Virus

Hi,
I have just downloaded the latest version of GIMP fro the GIMP downloads page. On trying to install the software, Windows Defender popped up with a messge that there was a virus. I said to run anyway. AVG blocked the download and quarantined it. I then downloaded GIMP from the bittorrent on the downloads page and came up with exactly the same problems.

I have ran AVG, Malware, CCleaner etc and am left with a file in my downloads fold which I cannot delete. It says that it needs administrator rights to delete it which it should have as there is only administrator on my laptop. The fie says it is 0kb in size but actually it is not. If I right clight and run as administrator, I get the message that the operation did not complete successfuly as the file contains potentially unwanted software or a virus.

I have tried to delete the file with IObit shredder but it i says that it is occupied by another program.

The file name is gimp-2.10.0-x64-setup

Can anyone please help? Thanks

Michael Schumacher
2018-04-30 09:22:22 UTC (almost 6 years ago)

Virus

On 04/29/2018 11:25 AM, susanem wrote:

Hi, I have just downloaded the latest version of GIMP fro the GIMP downloads page. On trying to install the software, Windows Defender popped up with a messge that there was a virus. I said to run anyway. AVG blocked the download and quarantined it. I then downloaded GIMP from the bittorrent on the downloads page and came up with exactly the same problems.

This is because both methods get you the same file - the torrent is set up to use various mirror servers as web seeds.

The initial anti-virus reports have been a common sight for years, and are due to the fact that antivirus software is at least partially based on whitelists and more recently on reputation-based scores, meaning users of the antivirus software can report whether they consider a file trustworthy (this is the "FileRep" or "Reputation" 'virus' reports you might see popping up).

And yes, this means people can attempt to poison such scores.

There more on that here: https://www.reddit.com/r/GIMP/comments/8fputy/was_gimp_hacked_and_replaced_by_malware/

I have ran AVG, Malware, CCleaner etc and am left with a file in my downloads fold which I cannot delete. It says that it needs administrator rights to delete it which it should have as there is only administrator on my laptop. The fie says it is 0kb in size but actually it is not. If I right clight and run as administrator, I get the message that the operation did not complete successfuly as the file contains potentially unwanted software or a virus.

It's likely that your AV software is now preventing you from doing anything with the file, including to delete it. You should update it to make sure that the false positive is gone.

Regards,
Michael
GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD
Joel Rees
2018-04-30 10:28:44 UTC (almost 6 years ago)

Virus

On Mon, Apr 30, 2018 at 6:22 PM, Michael Schumacher wrote:

On 04/29/2018 11:25 AM, susanem wrote:

Hi, I have just downloaded the latest version of GIMP fro the GIMP downloads page. On trying to install the software, Windows Defender popped up with a messge that there was a virus. I said to run anyway. AVG blocked the download and quarantined it. I then downloaded GIMP from the bittorrent on the downloads page and came up with exactly the same problems.

This is because both methods get you the same file - the torrent is set up to use various mirror servers as web seeds.

The initial anti-virus reports have been a common sight for years, and are due to the fact that antivirus software is at least partially based on whitelists and more recently on reputation-based scores, meaning users of the antivirus software can report whether they consider a file trustworthy (this is the "FileRep" or "Reputation" 'virus' reports you might see popping up).

And yes, this means people can attempt to poison such scores.

There more on that here: https://www.reddit.com/r/GIMP/comments/8fputy/was_gimp_hacked_and_replaced_by_malware/

I have ran AVG, Malware, CCleaner etc and am left with a file in my downloads fold which I cannot delete. It says that it needs administrator rights to delete it which it should have as there is only administrator on my laptop. The fie says it is 0kb in size but actually it is not. If I right clight and run as administrator, I get the message that the operation did not complete successfuly as the file contains potentially unwanted software or a virus.

It's likely that your AV software is now preventing you from doing anything with the file, including to delete it. You should update it to make sure that the false positive is gone.

Is the MSWindows world that seriously bad these days, that you don't bother asking what site it was downloaded from, what the hash was, etc.?

Joel Rees

One of these days I'll get someone to pay me
to design a language that combines the best of Forth and C.
Then I'll be able to leap wide instruction sets with a single #ifdef,
run faster than a speeding infinite loop with a #define,
and stop all integer size bugs with my bare cast.
http://defining-computers.blogspot.com/2017/06/reinventing-computers.html

More of my delusions:
http://reiisi.blogspot.com/2017/05/do-not-pay-modern-danegeld-ransomware.html
http://reiisi.blogspot.jp/p/novels-i-am-writing.html
susanem
2018-04-30 12:40:24 UTC (almost 6 years ago)
postings
2

Virus

This is because both methods get you the same file - the torrent is set
up to use various mirror servers as web seeds.

The initial anti-virus reports have been a common sight for years, and are due to the fact that antivirus software is at least partially based
on whitelists and more recently on reputation-based scores, meaning users of the antivirus software can report whether they consider a file
trustworthy (this is the "FileRep" or "Reputation" 'virus' reports you might see popping up).

And yes, this means people can attempt to poison such scores.

There more on that here: https://www.reddit.com/r/GIMP/comments/8fputy/was_gimp_hacked_and_replaced_by_malware/ It's likely that your AV software is now preventing you from doing anything with the file, including to delete it. You should update it to
make sure that the false positive is gone.

Many thanks for your reply Muchael. I have managed to get rid of the file. I ran Windows Malicious Software removal too then cleaned the machine again and rebooted. Then I was able to delete the file.

My AVG is always kept bang up to date adn I will add the GIMP site to it's whiltelist adn have another go at the download Regards
Susan

Steve Kinney
2018-04-30 17:18:07 UTC (almost 6 years ago)

Virus

On 04/30/2018 06:28 AM, Joel Rees wrote:

Is the MSWindows world that seriously bad these days, that you don't bother asking what site it was downloaded from, what the hash was, etc.?

That bad and worse.

"If you want a vision of the future, imagine a boot stamping on a human face - forever." - George Orwell

User said the file came from gimp.org, and a spoofing or MITM attack is /most/ unlikely. The problem described will prevent the file from being read, so no hash can be calculated.

As for repairs, I'm sure there are ways: And that they are more complicated, harder for a non-professional user to get right, and FAR less reliable than just installing Linux and having done with all that nonsense once and for all.

:o/