+Cdn Howlers Posted May 8, 2015 Share Posted May 8, 2015 Every PQ I downloaded just now (4 of them) at approx 10:40 EST was infected with TrojanDownloader:Win32/Kadena.gen!plock - somebody please check this out! Quote Link to comment
+cron Posted May 8, 2015 Share Posted May 8, 2015 Every PQ I downloaded just now (4 of them) at approx 10:40 EST was infected with TrojanDownloader:Win32/Kadena.gen!plock - somebody please check this out! Did you run a full scan on your computer? Any other files infected? The files could have been infected on Groundspeak's servers, but they could also have been infected by your own computer while they were downloaded and written on your disk. Quote Link to comment
+Cdn Howlers Posted May 8, 2015 Author Share Posted May 8, 2015 Every PQ I downloaded just now (4 of them) at approx 10:40 EST was infected with TrojanDownloader:Win32/Kadena.gen!plock - somebody please check this out! Did you run a full scan on your computer? Any other files infected? The files could have been infected on Groundspeak's servers, but they could also have been infected by your own computer while they were downloaded and written on your disk. nope - I'm clean ; just checked my logs - I run several layers of protection Quote Link to comment
+cron Posted May 8, 2015 Share Posted May 8, 2015 One way to be sure would be to download a zip file from another site. Same warning, virus is most likely local. No warning, you've tagged it. Quote Link to comment
+palmetto Posted May 8, 2015 Share Posted May 8, 2015 I just downloaded a PQ, it was fine. Quote Link to comment
Keystone Posted May 8, 2015 Share Posted May 8, 2015 (edited) Pocket queries are zipped text files. In twelve years of downloading pocket queries, I've never had a legitimate problem, including the ones I downloaded today. In my experience, similar reports over the years have all been "false positives," due either to unrelated malware on the user's computer, or to overly aggressive antivirus software settings. In the past, "virus" reports have had root causes relating to a string of text within one of the downloaded caches that set off an alarm due to its similarity to a filename, etc., associated with a real threat. Edited May 8, 2015 by Keystone Quote Link to comment
+Cdn Howlers Posted May 8, 2015 Author Share Posted May 8, 2015 One way to be sure would be to download a zip file from another site. Same warning, virus is most likely local. No warning, you've tagged it. Done; no probs. Quote Link to comment
+Cdn Howlers Posted May 8, 2015 Author Share Posted May 8, 2015 Pocket queries are zipped text files. In twelve years of downloading pocket queries, I've never had a legitimate problem, including the ones I downloaded today. In my experience, similar reports over the years have all been "false positives," due either to unrelated malware on the user's computer, or to overly aggressive antivirus software settings. In the past, "virus" reports have had root causes relating to a string of text within one of the downloaded caches that set off an alarm due to its similarity to a filename, etc., associated with a real threat. Payload was in the .zip from Groundspeak.. But I fully moderator's point - obviously my fault/problem and not Groundspeak, because what would I know? I'll go away now; was only passing this on for other's benefit. Quote Link to comment
+Cdn Howlers Posted May 8, 2015 Author Share Posted May 8, 2015 One way to be sure would be to download a zip file from another site. Same warning, virus is most likely local. No warning, you've tagged it. Done; no probs. Should add it was in 3 of my PQ's; none of which overlap on any waypoints so unlikely it was just a random string that triggered my heuristics. Quote Link to comment
+cron Posted May 8, 2015 Share Posted May 8, 2015 Malware can be injected anywhere along the line of transmission (from Groundspeak to you, through all the service providers and the potential man in the middle). If more people report it, then it could be Groundspeak. If not, anywhere else or a false positive. As a side note for the moderator, viruses can be injected in almost any type of files, including the simplest. Quote Link to comment
+Lil Devil Posted May 8, 2015 Share Posted May 8, 2015 PQs are text files which are never executed. So even if they did somehow contain a virus (if someone included a virus in their cache description) it would never be executed and would never do any harm. Quote Link to comment
+cron Posted May 8, 2015 Share Posted May 8, 2015 PQs are text files which are never executed. So even if they did somehow contain a virus (if someone included a virus in their cache description) it would never be executed and would never do any harm. Hmmm... The problem is not the file, it's what is using the file. Viruses exploit flaws in software (PDF in PDF viewer, DOC in WinWord, TXT in Notepad, etc.) to execute and infect a computer. Quote Link to comment
+Cdn Howlers Posted May 8, 2015 Author Share Posted May 8, 2015 PQs are text files which are never executed. So even if they did somehow contain a virus (if someone included a virus in their cache description) it would never be executed and would never do any harm. Hmmm... The problem is not the file, it's what is using the file. Viruses exploit flaws in software (PDF in PDF viewer, DOC in WinWord, TXT in Notepad, etc.) to execute and infect a computer. Such as when there's a pile of gibberrish appended to a ###-wpts.gpx file after the </gpx> - which should be the eof. But as I said, I'll no longer bother Groundspeak with such trivia. Quote Link to comment
+niraD Posted May 8, 2015 Share Posted May 8, 2015 Maybe you could offer to forward the corrupt ZIP file to Groundspeak. I just downloaded one myself. There was nothing appended to the end of either GPX file. Quote Link to comment
+Chrysalides Posted May 9, 2015 Share Posted May 9, 2015 Such as when there's a pile of gibberrish appended to a ###-wpts.gpx file after the </gpx> - which should be the eof. But as I said, I'll no longer bother Groundspeak with such trivia. Don't be that way just because people are skeptical. Extraordinary claims require extraordinary evidence. Send your PQ to Groundspeak - actually, if it is still in your queue, a lackey can just take a look at it, so send them an email : http://support.Groundspeak.com/index.php?pg=request I checked my PQs. There are no extra files and no suspicious bits of binary data in any of them. Did you download from the "download now" link in the email, or directly from the "pocket queries ready for download" tab? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.