Jump to content

ImgBurn Support Forum uses cookies. Read the Privacy Policy for more info. To remove this message, please click the button to the right:    I accept the use of cookies

Photo

Download Infected - File different from mirrors


Forum Rules

Read the Guides forum if you don't know how to do something. :readbook:
If you have a question or a problem, check the FAQ and use the Search to see if you can find the answer for yourself. :lightbulb:
If you're having trouble burning double layer media, read Here.
Still stuck? Create a new thread and describe your issue in detail.
Make sure you include a copy of the program's log in your post. No log = :chair:


  • Please log in to reply
7 replies to this topic

#1 kb1234

kb1234

    ISF Newbie

  • Members
  • Pip
  • 5 posts
  • Location:US

Posted 12 October 2017 - 03:57 PM

Hi,

 

I downloaded ImgBurn today, but found my anti-virus blocking the download and flagging it as a trojan.  I decided to investigate further and there does appear to be an issue with the download links.

1) The download direct from imgburn.com (Mirror 7) is flagged as a trojan.  The hash does match the one listed on your downloads page.

2) The download from imgburn.com is a different file than the one you get from the mirrors Digital Digest, Softpedia, and TechSpot.  I did not check the others.

3) All three of the mentioned mirrors provide the exact same file, and it does not set off the virus scanner, however the hash does not match the one listed on your site.

 

Could you please confirm which download is correct?  I suspect imgburn.com has been compromised, both the file and the displayed hash.

 

Thanks



#2 Ch3vr0n

Ch3vr0n

    ISF Member

  • Members
  • PipPip
  • 198 posts

Posted 12 October 2017 - 06:31 PM

You suspect wrong. Use the search. It's flagged never of the opencandy dll. Which is responsible for the ad offers. No more, no less. Neither the site nor download are compromised. You can disable the offers multiple ways, the search will tell you.

Sent from my Nexus 6P with Tapatalk

Official Dutch (nl-BE) translator for:

 

Internet Download Manager, ALL Slysoft products, VSO ConvertXtoDVD, various joomla extensions & components


#3 kb1234

kb1234

    ISF Newbie

  • Members
  • Pip
  • 5 posts
  • Location:US

Posted 13 October 2017 - 03:44 PM

You suspect wrong. Use the search. It's flagged never of the opencandy dll. Which is responsible for the ad offers. No more, no less. Neither the site nor download are compromised. You can disable the offers multiple ways, the search will tell you.

Sent from my Nexus 6P with Tapatalk

Please address the concern of the download being different from the mirrors.  Clearly something is going on here.

 

​Some additional details on the detentions for those that are interested.

 

A PUA.InstallCore threat is identified.  This is an application that potentially installs unwanted applications on the computer, this could be open candy.  Symantec identifies this as a security risk as it should.  I see this occasionally in freeware/shareware downloads at it is expected.

 

A Trojan.Gen.2 is also identified by Symantec.  This is not classified by Symantec as only a security risk, but it has a full out virus classification.  This is not a warning you would ever expect from a freeware/shareware.



#4 LIGHTNING UK!

LIGHTNING UK!

    Author of ImgBurn

  • Admin
  • PipPipPipPipPip
  • 29,303 posts
  • Gender:Male
  • Location:United Kingdom

Posted 13 October 2017 - 04:05 PM

There's nothing going on. The direct mirror download is different to the others and may indeed flag up as PUA.InstallCore. It's nothing to worry about and as has already been mentioned, it just offers 3rd party software during the installation process - which you can of course opt out of installing without it making any difference to ImgBurn itself.

As for the Trojan.Gen.2 detection... well, I don't know anything about that one. A false positive I expect. Is it actually reporting that for the setup exe itself? Seems weird it would report the PUA and that for the same file.
Please don't PM me with questions that should be posted in the forum. I won't reply - Especially if you have post count of 0!!!

Replies to posts belong in the forum where everyone can read them. Please don't PM them.

In fact, don't PM me at all unless it's something I've asked to be told about!

Before asking questions, search the forum to see if someone else already has.

Use the FAQ and Guides forums to your advantage. I don't want to have to tell you to read them!

#5 kb1234

kb1234

    ISF Newbie

  • Members
  • Pip
  • 5 posts
  • Location:US

Posted 13 October 2017 - 04:19 PM

There's nothing going on. The direct mirror download is different to the others and may indeed flag up as PUA.InstallCore. It's nothing to worry about and as has already been mentioned, it just offers 3rd party software during the installation process - which you can of course opt out of installing without it making any difference to ImgBurn itself.

As for the Trojan.Gen.2 detection... well, I don't know anything about that one. A false positive I expect. Is it actually reporting that for the setup exe itself? Seems weird it would report the PUA and that for the same file.

I recommend indicating that the downloads are different and why, especially considering a hash is provided which won't match them.  When I encountered the problem of the hash mismatch, and subsequently noticed the downloads are different, I did search the forum but found nothing.  Perhaps I missed it, but either way I would expect the information to be front and center on the download page.

 

The Trojan.Gen.2 does come from the setup.exe.  I can't say whether or not it is a false positive related to OpenCandy, but it may very well be.



#6 kb1234

kb1234

    ISF Newbie

  • Members
  • Pip
  • 5 posts
  • Location:US

Posted 13 October 2017 - 04:39 PM

Now that I have dug into this more and discovered the right keywords to search with I see a number of similarly confused users, most of them appearing to remain confused, with only a partial explanations ever given.  These could all be resolved by a clear statement on the downloads page.

 

http://forum.imgburn.com/index.php?/topic/24171-imgburn-2580...hs-do-not-match/?hl=+opencandy

 

http://forum.imgburn.com/index.php?/topic/24647-download-fro...tec/?hl=+opencandy#entry160259

 

http://forum.imgburn.com/index.php?/topic/24578-checksums-on...e-changes-often/?hl=+opencandy



#7 Ch3vr0n

Ch3vr0n

    ISF Member

  • Members
  • PipPip
  • 198 posts

Posted 13 October 2017 - 05:17 PM

Well I did say in the first reply it was opencandy and the file itself was just fine.

Sent from my Nexus 6P with Tapatalk

Official Dutch (nl-BE) translator for:

 

Internet Download Manager, ALL Slysoft products, VSO ConvertXtoDVD, various joomla extensions & components


#8 kb1234

kb1234

    ISF Newbie

  • Members
  • Pip
  • 5 posts
  • Location:US

Posted 13 October 2017 - 08:10 PM

Well I did say in the first reply it was opencandy and the file itself was just fine.

Sent from my Nexus 6P with Tapatalk

 

You can keep saying OpenCandy all you want, but it does not address any of the concerns people are having with the setup file being different on the mirrors and hashes not matching.  That is a huge concern for me.

 

I'm not concerned about OpenCandy.  Products like it are part of the freeware/shareware world, but the 'trust me I know the file is safe even though your security software says it is not' does not really fly these days.  Trust me kids, get in my car, I promise you will get a piece of candy.  I'm just coming off a project where I was called in to help a large commercial software vendor who made the same claim, and then were required by law (US) to issue recall notices later on when it was discovered there was really a security risk in the software.  It was not a cheap mistake.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users