Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install .zip files properly, always getting obvious viruses instead.


  • Please log in to reply
17 replies to this topic

#1 Borislav

Borislav

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 04 February 2018 - 06:28 AM

I am downloading files from checked sources(Irrlicht Engine's SourceForge page), and I am getting a virus instead of the download. I am supposed to get a 3d library, and instead; I am getting a weird .exe in a .zip(a .zip in a .zip), and it is obviously a virus. It asks me to install additional programs, and is micromax not irrlicht, I possibly had that issue with other files too, but my antivirus detected them and marked them as 'Failed - Virus Detected'. Can someone please explain me how to fix this? I still can't install the engine.

Thank You, Borislav.


Edited by hamluis, 04 February 2018 - 07:55 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:29 PM

Posted 04 February 2018 - 08:17 AM

I suggest you ask about your concerns in the official forum for Irrlicht.  Irrlicht Engine • Index page

 

A few years back Source Forge got a black eye from its bundling of adware with its hosted downloads. That may have

ended. Source Forge also claims to scan all downloads for malware. More info at SourceForge - Wikipedia


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:29 PM

Posted 04 February 2018 - 10:10 AM

Hi,

 

SourceForge provides links to several mirrors for the downloads maybe one of those mirrors got compromised!

 

I got this link https://netcologne.dl.sourceforge.net/project/irrlichtmp/Irrlicht-Music-Player-V.1.5.012.zip the contents seems fine, try it.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#4 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 04 February 2018 - 10:22 AM

Hi,

 

SourceForge provides links to several mirrors for the downloads maybe one of those mirrors got compromised!

 

I got this link https://netcologne.dl.sourceforge.net/project/irrlichtmp/Irrlicht-Music-Player-V.1.5.012.zip the contents seems fine, try it.

I tried multiple mirrors, also that is some music player, I am getting this for all mirrored downloads. The download you gave me is just a virus. I came to the virus forum to check what is happening with my computer, why all mirrored downloads are downloading viruses instead of the thing.



#5 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:29 PM

Posted 04 February 2018 - 10:33 AM

Ok, then a Malware check is needed...
 
 
Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Link 3
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • Please post the log generated by the tool.
.
Install and Run Malwarebytes
  • Please download Malwarebytes' Anti-Malware from here
  • Double Click the mb3-setup-{version}.exe MBAM2.jpg and follow the prompts to install the program
  • Then click Finish and wait for the program to load
  • Click Close on the 14-day Premium Trial pop-up
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu
    (If another update of the definitions is available, it will be implemented before the rest of the scanning procedure)
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart the computer when prompted to do so.
  • If the program didn't ask for a Reboot, Click on Export Summary and select Copy to Clipboard. Paste the content in your next reply
To retrieve the Malwarebytes Anti-Malware scan log information after Reboot
  • Run Malwarebytes again
  • on the left side menu Click on Reports
  • locate the event named Scan Report on the list with the most recent date
  • check the corresponding box and click View Report
  • Click the Export button and select Copy to Clipboard. Paste the content in your next reply

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#6 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 05 February 2018 - 07:37 AM

Ok, then a Malware check is needed...
 
 
Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
  • Link 3
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • Please post the log generated by the tool.
.
Install and Run Malwarebytes
  • Please download Malwarebytes' Anti-Malware from here
  • Double Click the mb3-setup-{version}.exe MBAM2.jpg and follow the prompts to install the program
  • Then click Finish and wait for the program to load
  • Click Close on the 14-day Premium Trial pop-up
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu
    (If another update of the definitions is available, it will be implemented before the rest of the scanning procedure)
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart the computer when prompted to do so.
  • If the program didn't ask for a Reboot, Click on Export Summary and select Copy to Clipboard. Paste the content in your next reply
To retrieve the Malwarebytes Anti-Malware scan log information after Reboot
  • Run Malwarebytes again
  • on the left side menu Click on Reports
  • locate the event named Scan Report on the list with the most recent date
  • check the corresponding box and click View Report
  • Click the Export button and select Copy to Clipboard. Paste the content in your next reply

 

Malwarebytes just froze in the middle of scanning. And it is surely a virus because even downloads from Mircosoft Windows(C++ Redistributable) are having a double zip. There were some exclusions. I was able to download the zip file of SCP Contamination Chamber without problems.



#7 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:29 PM

Posted 05 February 2018 - 08:51 AM

How about RKILL? try all the links.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#8 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 05 February 2018 - 11:55 AM

How about RKILL? try all the links.

RKILL worked okay, It had no errors, closed some applications(Torque3D, ROBLOX Studio) that took a lot of memory. Other sections said that everything is okay.



#9 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:29 PM

Posted 05 February 2018 - 12:02 PM

Post the rkill log please.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#10 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 05 February 2018 - 12:30 PM

Windows Version: Windows 10 Home Single Language 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * CENSORED\Roblox\Versions\version-152f363592934818\RobloxStudioBeta.exe (PID: 16092) [UP-HEUR]
 * CENSORED\Downloads\Torque3D_38_Win\Project Manager.exe (PID: 5188) [UP-HEUR]
 * CENSORED\Downloads\caesium-1.7.0-port\Caesium Portable\Caesium.exe (PID: 10820) [UP-HEUR]
 * CENSORED\Downloads\SCP - Containment Breach v1.3.9\SCP - Containment Breach\LightMapPNG.exe (PID: 37288) [UP-HEUR]
 
4 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/05/2018 02:39:15 PM
Execution time: 0 hours(s), 27 minute(s), and 36 seconds(s)
I censored some of it


#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:08:29 PM

Posted 05 February 2018 - 01:45 PM

See if you can use AdwCleaner...
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 06 February 2018 - 12:51 PM

 

See if you can use AdwCleaner...
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

I am going to try it now since I am ready to restart my computer now.



#13 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 06 February 2018 - 01:11 PM

 

 

See if you can use AdwCleaner...
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

I am going to try it now since I am ready to restart my computer now.

 

Done, finished. But it still doesn't work, maybe I should try opening the normal version of Google Chrome because I am using Comdo Dragon now. I know that it normally scans Google Chrome instead of Comodo Dragon.



#14 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 06 February 2018 - 01:18 PM

 

 

 

See if you can use AdwCleaner...
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

I am going to try it now since I am ready to restart my computer now.

 

Done, finished. But it still doesn't work, maybe I should try opening the normal version of Google Chrome because I am using Comdo Dragon now. I know that it normally scans Google Chrome instead of Comodo Dragon.

 

I tried using Google Chrome normal version, the page doesn't even work, both of the times I started it up, it first said that it is having connection reset, and then I refreshed the page and the maximum I was able to load is the grey background.



#15 Borislav

Borislav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 06 February 2018 - 01:22 PM

 

 

 

 

See if you can use AdwCleaner...
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 

I am going to try it now since I am ready to restart my computer now.

 

Done, finished. But it still doesn't work, maybe I should try opening the normal version of Google Chrome because I am using Comdo Dragon now. I know that it normally scans Google Chrome instead of Comodo Dragon.

 

I tried using Google Chrome normal version, the page doesn't even work, both of the times I started it up, it first said that it is having connection reset, and then I refreshed the page and the maximum I was able to load is the grey background.

 

Sorry for quoting a lot. But, I have finally been able to load the page for the download of an old version of the engine but it was also infected with virus. tinodro.ru(Obvious virus website). It was probably reset by Malwarebytes so I can't even access anything now.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users