LOVE Backdoor?

General discussion about LÖVE, Lua, game development, puns, and unicorns.
User avatar
Ensayia
Party member
Posts: 399
Joined: Sat Jun 12, 2010 7:57 pm

Re: LOVE Backdoor?

Post by Ensayia »

Where did you get your malware scanner from? There are dozens of fake ones out there that randomly mark stuff as 'infected' and ask you to buy their software to clean it.

Looking at the site it seems to be somewhat legit at first glance. Given that others are scanning it with no results you probably got a false positive.
User avatar
Kadoba
Party member
Posts: 399
Joined: Mon Jan 10, 2011 8:25 am
Location: Oklahoma

Re: LOVE Backdoor?

Post by Kadoba »

Ensayia wrote:Where did you get your malware scanner from? There are dozens of fake ones out there that randomly mark stuff as 'infected' and ask you to buy their software to clean it.

Looking at the site it seems to be somewhat legit at first glance. Given that others are scanning it with no results you probably got a false positive.
Malwarebytes is great. I do computer repair work and I use it all the time to remove the kind of programs you're talking about.
Dragon
Prole
Posts: 6
Joined: Wed Jun 29, 2011 4:01 pm

Re: LOVE Backdoor?

Post by Dragon »

It was a backdoor.bitrose in love.exe. It was the only thing Malwarebytes could find, even after a full system scan. Norton hasn't found anything. I'm going to try reinstalling LOVE. I dunno why something would only infect it and nothing else. I found the malware the day after I installed LOVE.
User avatar
miko
Party member
Posts: 410
Joined: Fri Nov 26, 2010 2:25 pm
Location: PL

Re: LOVE Backdoor?

Post by miko »

Dragon wrote:There was a backdoor in love.exe when I installed love today.

Please explain this.
Your copy of love.exe could be infected. Or the in-memory process of running love.exe could be infected. You could check the md5 sum of your love.exe file to compare it with the original (BTW, it would help if such md5 sums were published on the download page!). Here is what I get:

Code: Select all

$ md5sum love-0.7.2-win-x86.exe 
20dd6d33bffc0c2aab1906657fbfeab9  love-0.7.2-win-x86.exe
The "Please explain this" request should be directed to the support of the antivirus program you are using, because we do not know how it works and why it makes such statements.
My lovely code lives at GitHub: http://github.com/miko/Love2d-samples
User avatar
bartbes
Sex machine
Posts: 4946
Joined: Fri Aug 29, 2008 10:35 am
Location: The Netherlands
Contact:

Re: LOVE Backdoor?

Post by bartbes »

Actually, I heard this very claim once before, afaik it had the same backdoor.bitrose, and the md5sum was identical. At the time I concluded we probably match some badly written rule.
User avatar
Ryne
Party member
Posts: 444
Joined: Fri Jan 29, 2010 11:10 am

Re: LOVE Backdoor?

Post by Ryne »

Dragon wrote:It was a backdoor.bitrose in love.exe. It was the only thing Malwarebytes could find, even after a full system scan. Norton hasn't found anything. I'm going to try reinstalling LOVE. I dunno why something would only infect it and nothing else. I found the malware the day after I installed LOVE.
I'm not sure what version of malware bytes you're using but Virus Total uses the most updated versions of 42 different virus scanners, most notably NOD32, and it didn't find anything. Every so often I scan a file with VT and see some of the lower-end scanners picking something up but if NOD32 says it's clean, I'm fine. In my opinion NOD32 is easily the best scanner available.
@rynesaur
User avatar
Taehl
Dreaming in associative arrays
Posts: 1025
Joined: Mon Jan 11, 2010 5:07 am
Location: CA, USA
Contact:

Re: LOVE Backdoor?

Post by Taehl »

NOD32 and Sophos (which VT also uses, I think) are both amazing, and personally, I'd trust anything they both said was clean.
Earliest Love2D supporter who can't Love anymore. Let me disable pixel shaders if I don't use them, dammit!
Lenovo Thinkpad X60 Tablet, built like a tank. But not fancy enough for Love2D 0.10.0+.
Dragon
Prole
Posts: 6
Joined: Wed Jun 29, 2011 4:01 pm

Re: LOVE Backdoor?

Post by Dragon »

Using WinMD5free, I get the MD5 of f3a36ca8d2acfca8def3874c88dfeb35.

I'm going to contact malwarebytes about this.
User avatar
miko
Party member
Posts: 410
Joined: Fri Nov 26, 2010 2:25 pm
Location: PL

Re: LOVE Backdoor?

Post by miko »

Dragon wrote:Using WinMD5free, I get the MD5 of f3a36ca8d2acfca8def3874c88dfeb35.

I'm going to contact malwarebytes about this.
Three things:
1. I was md5summing love-0.7.2-win-x86.exe file, which is an installer, and is different from the installed love.exe file. I hope you have compared the correct one. You could compare sums of installed love.exe file, if you have access to another computer, and are sure that this computer is not infected with a virus.

2. Always compare md5sum with another known file, i.e. the one you have just downloaded and md5summed on another computer. Trust no one else, even me ;) Except when the md5sums are published on the download site, then you can treat it as official.

3. If the files you compare differ (and so their md5sums differ), that means something is wrong. It could be a virus, or a bad disk sector causing read error, short/damaged file because of installation/transmission problem, or an older version of the file. The antivirus company will not tell you what is wrong, they can only try to find some known signs of a virus (and they do sometimes get it wrong).
My lovely code lives at GitHub: http://github.com/miko/Love2d-samples
User avatar
Ryne
Party member
Posts: 444
Joined: Fri Jan 29, 2010 11:10 am

Re: LOVE Backdoor?

Post by Ryne »

I hope you didn't download LÖVE from softpedia. :p
@rynesaur
Post Reply

Who is online

Users browsing this forum: No registered users and 7 guests