Jump to content

ImgBurn Support Forum uses cookies. Read the Privacy Policy for more info. To remove this message, please click the button to the right:    I accept the use of cookies

Photo

Download from IMGBurn mirror reported infected from Symantec



  • Please log in to reply
2 replies to this topic

#1 TG2

TG2

    ISF Newbie

  • New Members
  • Pip
  • 2 posts

Posted 07 July 2017 - 12:11 AM

Went to main site, clicked download, and then selected to download directly from ImgBurn

 

Mirror 7 - Provided by ImgBurn   (Currently hosting v2.5.8.0)

 

Going to Mirror 6 - MajorGeeks worked.

 

The file from MajorGeeks was 3.03 Meg, the file that was from Mirror 7 was 3.8G.

 

Attempted from Firefox and Chrome both immediately tiggered on the TMP file that was created in cashe, before it could even get so far as to move the file to my normal save location.

 

Other image file showing SHA1's of both files ..

 

 

ImgBurn-Symtantec.png

 

and shas

Img_burn_shas.png



#2 TG2

TG2

    ISF Newbie

  • New Members
  • Pip
  • 2 posts

Posted 07 July 2017 - 12:20 AM

Just fyi .. another download of the file from mirror 7 showed again in symantec, this time with a PUP/PUA (potentially unwanted program / potentially unwanted app)

 

That the infector changed from one attempt to the next, suggests something is dynamically interfering with the file.

 

I've seen other users report issues in the past and I believe its not IMGBurn's intent, but that something is definitely wrong if this is happening to more than just one or two people ... dependent on the link clicked.

 

Also in this screen shot, note it says the file is 22 days old.. yet this version was last updated in 2013 so why would we be seeing the discrepancy?

 

Hopefully you'll have enough to test and find if there is an issue.

-TG2

 

 

 

PUA_potentially_unwanted.png



#3 dbminter

dbminter

    ISF God

  • Beta Team Members
  • PipPipPipPipPip
  • 5,541 posts
  • Gender:Male

Posted 07 July 2017 - 03:30 AM

Well, there's probably some kind of intermediary at play, especially if it wanted to download a 4 GB file for the ImgBurn installer.

 

 

The PUP "warning" used to be expected as some AV treated the bundled OpenCandy as an unwanted program.  It was never a virus or anything malicious.  It just offered free software downloads that you probably didn't want.  However, nothing would be installed unless you blindly kept clicking OK without opting out.  However, OpenCandy should have been removed from the ImgBurn download installers on the mirrors since the OpenCandy servers were taken offline.

 

 

That PUP "warning" may be a false positive.  It used to be flagged in the past for OpenCandy and Symantec's AV may just be flagging it based on its installer name.  Without actually checking the file for anything internal.  Or, who knows?  Maybe OpenCandy has been replaced with something else that offers users an "alternate experience" when installing.  :unsure:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users