Jump to content

Download from IMGBurn mirror reported infected from Symantec


TG2

Recommended Posts

Went to main site, clicked download, and then selected to download directly from ImgBurn

 

Mirror 7 - Provided by ImgBurn   (Currently hosting v2.5.8.0)

 

Going to Mirror 6 - MajorGeeks worked.

 

The file from MajorGeeks was 3.03 Meg, the file that was from Mirror 7 was 3.8G.

 

Attempted from Firefox and Chrome both immediately tiggered on the TMP file that was created in cashe, before it could even get so far as to move the file to my normal save location.

 

Other image file showing SHA1's of both files ..

 

 

post-56282-0-22295000-1499386239_thumb.png

 

and shas

post-56282-0-68016400-1499386238_thumb.png

Link to comment
Share on other sites

Just fyi .. another download of the file from mirror 7 showed again in symantec, this time with a PUP/PUA (potentially unwanted program / potentially unwanted app)

 

That the infector changed from one attempt to the next, suggests something is dynamically interfering with the file.

 

I've seen other users report issues in the past and I believe its not IMGBurn's intent, but that something is definitely wrong if this is happening to more than just one or two people ... dependent on the link clicked.

 

Also in this screen shot, note it says the file is 22 days old.. yet this version was last updated in 2013 so why would we be seeing the discrepancy?

 

Hopefully you'll have enough to test and find if there is an issue.

-TG2

 

 

 

post-56282-0-65946000-1499386847_thumb.png

Link to comment
Share on other sites

Well, there's probably some kind of intermediary at play, especially if it wanted to download a 4 GB file for the ImgBurn installer.

 

 

The PUP "warning" used to be expected as some AV treated the bundled OpenCandy as an unwanted program.  It was never a virus or anything malicious.  It just offered free software downloads that you probably didn't want.  However, nothing would be installed unless you blindly kept clicking OK without opting out.  However, OpenCandy should have been removed from the ImgBurn download installers on the mirrors since the OpenCandy servers were taken offline.

 

 

That PUP "warning" may be a false positive.  It used to be flagged in the past for OpenCandy and Symantec's AV may just be flagging it based on its installer name.  Without actually checking the file for anything internal.  Or, who knows?  Maybe OpenCandy has been replaced with something else that offers users an "alternate experience" when installing.  :unsure:

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.