Haskell Platform 8.2.2 - virus?

Brandon Allbery allbery.b at gmail.com
Thu Dec 28 21:29:44 UTC 2017 

This wouldn't be the first time some program that uses heuristic execution
patterns to detect malware decided it didn't like the STG.

On Thu, Dec 28, 2017 at 4:15 PM, Matthew Lamari <matt.lamari at gmail.com>
wrote:

>
> The site gave me the 5ffdaa sha256 you have below for touchy.exe.
>
> That said, I still have the 2 builds yield different results from Hitman
> Pro on the clean boxes. And Bitdefender, on my machine, (albeit being
> obtuse) chucks a fit over it. It doesn't detect the EXE files; but detects
> secondary consequences of them running.
>
>
> *I really think something is afoot here.*
>
>
>
>
> On 12/28/2017 3:00 PM, lonetiger at gmail.com wrote:
>
> Upload one of the binaries it flagged to https://www.virustotal.com/en/
> and send the link.
>
>
>
> As far as I can tell, they’re all clean
>
>
>
> https://www.virustotal.com/en/file/9cc2a6032dde8d8ab572f949104124
> 2ab4c76d2b7d36eea5283c82cf9bf9fd69/analysis/
>
> https://www.virustotal.com/en/file/5ffdaa7da4381637ab2a0ec327118c
> d933398a477430e2f5d94e9d53c53f2782/analysis/
>
>
>
> *From: *Matthew Lamari <matt.lamari at gmail.com>
> *Sent: *Thursday, December 28, 2017 20:29
> *To: *ghc-devs at haskell.org
> *Subject: *Haskell Platform 8.2.2 - virus?
>
>
>
>
>
> New Haskell install was tripping my Bitdefender like crazy and in weird
>
> ways - not new as that's how bitdefender rolls. However, I retested in a
>
> clean test, with (free) Hitman Pro
>
>
>
> I started from a base case with 2 clean windows 8 VMs.
>
>
>
> New 8.2.2 install - has virus
>
> Old 8.0.2 Jan 2017 - no virus
>
>
>
>
>
> According to Hitman Pro, touchy.exe, haddock-8.2.2, ghc-8.2.2.exe, and
>
> unlit.exe have some problem post-install. I went no further on the VMs.
>
>
>
> "Detection Names
>
> Kaspersky           Trojan-Downloader.Win32.Paph.fsv
>
> "
>
>
>
> Bitdefender didn't get it on install but would lock the whole thing down
>
> on the first run of "Cabal".
>
>
>
> _______________________________________________
>
> ghc-devs mailing list
>
> ghc-devs at haskell.org
>
> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
>
>
>
>
>
> _______________________________________________
> ghc-devs mailing list
> ghc-devs at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
>
>


-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b at gmail.com                                  ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20171228/4dae27ce/attachment.html>

More information about the ghc-devs mailing list