Jump to content

Pocket Query Trojan!

Cdn Howlers

By Cdn Howlers
in Website

Followers 2

Recommended Posts

cron

+cron

Posted
Posted

Every PQ I downloaded just now (4 of them) at approx 10:40 EST was infected with TrojanDownloader:Win32/Kadena.gen!plock - somebody please check this out!

 

Did you run a full scan on your computer? Any other files infected?

 

The files could have been infected on Groundspeak's servers, but they could also have been infected by your own computer while they were downloaded and written on your disk.

Link to comment
Cdn Howlers

+Cdn Howlers

Posted
  • Author
Posted

Every PQ I downloaded just now (4 of them) at approx 10:40 EST was infected with TrojanDownloader:Win32/Kadena.gen!plock - somebody please check this out!

 

Did you run a full scan on your computer? Any other files infected?

 

The files could have been infected on Groundspeak's servers, but they could also have been infected by your own computer while they were downloaded and written on your disk.

 

nope - I'm clean ; just checked my logs - I run several layers of protection

Link to comment
Keystone

Keystone

Posted
Posted (edited)

Pocket queries are zipped text files. In twelve years of downloading pocket queries, I've never had a legitimate problem, including the ones I downloaded today.

 

In my experience, similar reports over the years have all been "false positives," due either to unrelated malware on the user's computer, or to overly aggressive antivirus software settings. In the past, "virus" reports have had root causes relating to a string of text within one of the downloaded caches that set off an alarm due to its similarity to a filename, etc., associated with a real threat.

Edited by Keystone
Link to comment
Cdn Howlers

+Cdn Howlers

Posted
  • Author
Posted

Pocket queries are zipped text files. In twelve years of downloading pocket queries, I've never had a legitimate problem, including the ones I downloaded today.

 

In my experience, similar reports over the years have all been "false positives," due either to unrelated malware on the user's computer, or to overly aggressive antivirus software settings. In the past, "virus" reports have had root causes relating to a string of text within one of the downloaded caches that set off an alarm due to its similarity to a filename, etc., associated with a real threat.

 

Payload was in the .zip from Groundspeak.. But I fully moderator's point - obviously my fault/problem and not Groundspeak, because what would I know? I'll go away now; was only passing this on for other's benefit.

Link to comment
Cdn Howlers

+Cdn Howlers

Posted
  • Author
Posted

One way to be sure would be to download a zip file from another site. Same warning, virus is most likely local. No warning, you've tagged it.

Done; no probs.

Should add it was in 3 of my PQ's; none of which overlap on any waypoints so unlikely it was just a random string that triggered my heuristics.

Link to comment
cron

+cron

Posted
Posted

Malware can be injected anywhere along the line of transmission (from Groundspeak to you, through all the service providers and the potential man in the middle).

 

If more people report it, then it could be Groundspeak. If not, anywhere else or a false positive.

 

As a side note for the moderator, viruses can be injected in almost any type of files, including the simplest.

Link to comment
cron

+cron

Posted
Posted

PQs are text files which are never executed. So even if they did somehow contain a virus (if someone included a virus in their cache description) it would never be executed and would never do any harm.

 

Hmmm... The problem is not the file, it's what is using the file. Viruses exploit flaws in software (PDF in PDF viewer, DOC in WinWord, TXT in Notepad, etc.) to execute and infect a computer.

Link to comment
Cdn Howlers

+Cdn Howlers

Posted
  • Author
Posted

PQs are text files which are never executed. So even if they did somehow contain a virus (if someone included a virus in their cache description) it would never be executed and would never do any harm.

 

Hmmm... The problem is not the file, it's what is using the file. Viruses exploit flaws in software (PDF in PDF viewer, DOC in WinWord, TXT in Notepad, etc.) to execute and infect a computer.

Such as when there's a pile of gibberrish appended to a ###-wpts.gpx file after the </gpx> - which should be the eof. But as I said, I'll no longer bother Groundspeak with such trivia.

Link to comment
Chrysalides

+Chrysalides

Posted
Posted

Such as when there's a pile of gibberrish appended to a ###-wpts.gpx file after the </gpx> - which should be the eof. But as I said, I'll no longer bother Groundspeak with such trivia.

Don't be that way just because people are skeptical. Extraordinary claims require extraordinary evidence. Send your PQ to Groundspeak - actually, if it is still in your queue, a lackey can just take a look at it, so send them an email : http://support.Groundspeak.com/index.php?pg=request

 

I checked my PQs. There are no extra files and no suspicious bits of binary data in any of them.

 

Did you download from the "download now" link in the email, or directly from the "pocket queries ready for download" tab?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 2
Go to topic listing
×
×
  • Create New...