silvestre Posted August 14, 2019 Posted August 14, 2019 Hi! (" My") Windows 10 Security detected a virus when downloading v2.5.8.0 from imgburn.com - and thus the downloaded file is immediately discarded. This does not happen when downloading from other mirrors - I tested 4 of them. In addition, neither CRC32 nor SHA-1 match the value stated in your downloading page.
dbminter Posted August 14, 2019 Posted August 14, 2019 Which mirrors did you use? There are 7. Always choose Mirror 7 if you didn't choose it before. That's one maintained by ImgBurn.com and the least likely to be altered by the other providers to include PUP's.
silvestre Posted August 16, 2019 Author Posted August 16, 2019 Hi! The site from where I downloaded (what it seems to be a v.2.5.8.0 infected by threat according to Windows 10 Defender) is indeed the mirror 7, managed by imgburn.com. As I have told, Edge have destroyed it before I had access to it. Using the same tools - and the same browsing section -, I tried other mirrors to download v.2.5.8.0. They were: majorgeeks (mirror 6), techspot (5), free-codes (4) and softpedia (3). They all passed the Windows Defender screening and they all delivered the same image (i.e., all presented the same SHA-1 value). Nonetheless, the SHA-1 value does not match the one presented at the download page. The software used to calculate SHA-1 belongs to 7-zip, v19.00.
silvestre Posted August 16, 2019 Author Posted August 16, 2019 I hope these snapshots (attached) help. Downloads and snapshots from today (2019-08-16).
dbminter Posted August 16, 2019 Posted August 16, 2019 Sure would have been nice of Microsoft to actually SAY what the virus was. Without it saying, there's no way of knowing if it's an actual virus or just a PUP positive. I downloaded the file from Mirror 7 and scanned it with Avast and Malwarebytes with no positive results. So, Microsoft is most likely detecting some Potentially Unwanted Program (PUP). They're not viruses but people blindly click and install them. Some AV programs are lazy and don't differentiate between viruses and PUP's. As for the hash discrepancy, LUK might have had to put in a replacement for OpenCandy, the PUP, which was discontinued. And he just forgot to update the SHA value on the page. Until he chimes in on the subject, it's up for debate.
dbminter Posted August 16, 2019 Posted August 16, 2019 Yep, just as I thought. It's a PUP. They're not viruses. LUK must have updated the installer package to replace OpenCandy with something else? Anyway, you could normally avoid it, but your AV scanner is deleting the file before it can be used. I don't know anything about Windows Defender, so I can't tell you how to exclude the file. Just be aware when you run the installer to uncheck things you don't want installed along with ImgBurn. Or, before running the installer if you ever get it, turn off your Internet connection until the installer in finished. That way, it can't phone home to a server for free offers.
Recommended Posts