LOVE Backdoor?

[Ensayia]

Where did you get your malware scanner from? There are dozens of fake ones out there that randomly mark stuff as 'infected' and ask you to buy their software to clean it.

Looking at the site it seems to be somewhat legit at first glance. Given that others are scanning it with no results you probably got a false positive.

[Kadoba]

Where did you get your malware scanner from? There are dozens of fake ones out there that randomly mark stuff as 'infected' and ask you to buy their software to clean it.

Looking at the site it seems to be somewhat legit at first glance. Given that others are scanning it with no results you probably got a false positive.

Malwarebytes is great. I do computer repair work and I use it all the time to remove the kind of programs you're talking about.

[Dragon]

It was a backdoor.bitrose in love.exe. It was the only thing Malwarebytes could find, even after a full system scan. Norton hasn't found anything. I'm going to try reinstalling LOVE. I dunno why something would only infect it and nothing else. I found the malware the day after I installed LOVE.

[miko]

There was a backdoor in love.exe when I installed love today.

Please explain this.

Your copy of love.exe could be infected. Or the in-memory process of running love.exe could be infected. You could check the md5 sum of your love.exe file to compare it with the original (BTW, it would help if such md5 sums were published on the download page!). Here is what I get:

Code: Select all

$ md5sum love-0.7.2-win-x86.exe 
20dd6d33bffc0c2aab1906657fbfeab9  love-0.7.2-win-x86.exe

The "Please explain this" request should be directed to the support of the antivirus program you are using, because we do not know how it works and why it makes such statements.

[bartbes]

Actually, I heard this very claim once before, afaik it had the same backdoor.bitrose, and the md5sum was identical. At the time I concluded we probably match some badly written rule.

[Ryne]

It was a backdoor.bitrose in love.exe. It was the only thing Malwarebytes could find, even after a full system scan. Norton hasn't found anything. I'm going to try reinstalling LOVE. I dunno why something would only infect it and nothing else. I found the malware the day after I installed LOVE.

I'm not sure what version of malware bytes you're using but Virus Total uses the most updated versions of 42 different virus scanners, most notably NOD32, and it didn't find anything. Every so often I scan a file with VT and see some of the lower-end scanners picking something up but if NOD32 says it's clean, I'm fine. In my opinion NOD32 is easily the best scanner available.

[Taehl]

NOD32 and Sophos (which VT also uses, I think) are both amazing, and personally, I'd trust anything they both said was clean.

[Dragon]

Using WinMD5free, I get the MD5 of f3a36ca8d2acfca8def3874c88dfeb35.

I'm going to contact malwarebytes about this.

[miko]

Using WinMD5free, I get the MD5 of f3a36ca8d2acfca8def3874c88dfeb35.

I'm going to contact malwarebytes about this.

Three things:
1. I was md5summing love-0.7.2-win-x86.exe file, which is an installer, and is different from the installed love.exe file. I hope you have compared the correct one. You could compare sums of installed love.exe file, if you have access to another computer, and are sure that this computer is not infected with a virus.

2. Always compare md5sum with another known file, i.e. the one you have just downloaded and md5summed on another computer. Trust no one else, even me Except when the md5sums are published on the download site, then you can treat it as official.

3. If the files you compare differ (and so their md5sums differ), that means something is wrong. It could be a virus, or a bad disk sector causing read error, short/damaged file because of installation/transmission problem, or an older version of the file. The antivirus company will not tell you what is wrong, they can only try to find some known signs of a virus (and they do sometimes get it wrong).

[Ryne]

I hope you didn't download LÖVE from softpedia. :p