Virus in download from a tutorial link

#1 kwegar

New Member

Group: Members
Posts: 1
Joined: 21-May 09

Posted 22 October 2009 - 12:40 PM

in the tutorial

"How to delete or rename files and folders that are in use or locked in Windows"

there is a virus in the download link file.

Eset 3.0.xxx stopped the download

22/10/2009 10:33:27 AM HTTP filter file http://ccollomb.free.fr/unlocker/unlocker1.8.7.exe a variant of Win32/Adware.ADON application connection terminated - quarantined

Wanted to let someone know.

#2 garmanma

Computer Masochist

Group: Staff Emeritus
Posts: 27,809
Joined: 27-January 07
Location:Cleveland, Ohio

Posted 22 October 2009 - 04:31 PM

Would you kindly link us to which tutorial you are referring to?

Mark

why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Animal

Bleepin' Animinion

Group: Site Admin
Posts: 18,909
Joined: 18-August 05
Gender:Male
Location:Location, Location

Posted 27 October 2009 - 01:40 PM

I'm assuming this one? http://www.bleepingcomputer.com/tutorials/delete-rename-locked-files-folders-in-windows/

An easy way to double check the validity of the DL, is to verify the MD5 checksum info against the DL. Unlocker provides that information on their page. My presumption at this point is that is a false positive by ESET. We are looking into it, as of this post. Thank you for bringing it to our attention.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown
Posted Image

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." — Douglas Adams.
Why is the word abbreviation so long?
Follow BleepingComputer on: Facebook | Twitter | Google+

#4 Grinler

Bleep Bleep!

Group: Admin
Posts: 36,603
Joined: 24-January 04
Gender:Male
Location:USA

Posted 27 October 2009 - 04:06 PM

We do not actually directly link to the download, but confirmed and the md5s do match up on the site and the download from the site. I checked the executable against virustotal and since nod32 is the only one showing it as a problem, my guess is this is a false positive.

a-squared 	4.5.0.41 	2009.10.27 	-
AhnLab-V3 	5.0.0.2 	2009.10.27 	-
AntiVir 	7.9.1.44 	2009.10.27 	-
Antiy-AVL 	2.0.3.7 	2009.10.27 	-
Authentium 	5.1.2.4 	2009.10.27 	-
Avast 	4.8.1351.0 	2009.10.27 	-
AVG 	8.5.0.423 	2009.10.27 	-
BitDefender 	7.2 	2009.10.27 	-
CAT-QuickHeal 	10.00 	2009.10.27 	-
ClamAV 	0.94.1 	2009.10.27 	-
Comodo 	2748 	2009.10.27 	-
DrWeb 	5.0.0.12182 	2009.10.27 	-
eSafe 	7.0.17.0 	2009.10.27 	-
eTrust-Vet 	35.1.7086 	2009.10.27 	-
F-Prot 	4.5.1.85 	2009.10.27 	-
F-Secure 	9.0.15370.0 	2009.10.27 	-
Fortinet 	3.120.0.0 	2009.10.27 	-
GData 	19 	2009.10.27 	-
Ikarus 	T3.1.1.72.0 	2009.10.27 	-
Jiangmin 	11.0.800 	2009.10.26 	-
K7AntiVirus 	7.10.881 	2009.10.27 	-
Kaspersky 	7.0.0.125 	2009.10.27 	-
McAfee 	5784 	2009.10.27 	-
McAfee+Artemis 	5784 	2009.10.27 	-
McAfee-GW-Edition 	6.8.5 	2009.10.27 	-
Microsoft 	1.5202 	2009.10.27 	-
NOD32 	4549 	2009.10.27 	Win32/Adware.ADON
Norman 	6.03.02 	2009.10.27 	-
nProtect 	2009.1.8.0 	2009.10.27 	-
Panda 	10.0.2.2 	2009.10.27 	-
PCTools 	4.4.2.0 	2009.10.19 	-
Prevx 	3.0 	2009.10.27 	-
Rising 	21.53.13.00 	2009.10.27 	-
Sophos 	4.46.0 	2009.10.27 	-
Sunbelt 	3.2.1858.2 	2009.10.27 	-
Symantec 	1.4.4.12 	2009.10.27 	-
TheHacker 	6.5.0.2.055 	2009.10.27 	-
TrendMicro 	8.950.0.1094 	2009.10.27 	-
VBA32 	3.12.10.11 	2009.10.27 	-
ViRobot 	2009.10.27.2007 	2009.10.27 	-
VirusBuster 	4.6.5.0 	2009.10.26 	-

Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!