gas-attack
5th May 2004 22:08 UTC
NSIS installers easily infected by Win32/Pinfi?!?!
First, I must say I'm not creating installers myself (yet).
Whenever I download some, a few days later, they are still executable, but when I let a virus scanner (AntiVir, but I heard Norton does as well) run over them, it detects "Win32/Pinfi" and repairs the file. If I now try to execute it, a bug message is coming up that the CRC is wrong. So I can conclude that this virus even changes the CRC, right? It only infects NSIS installers, and only in my download dir. Hope you can improve that someway.
Joost Verburg
5th May 2004 22:35 UTC
If you system is infected there is nothing NSIS can do about it. See http://securityresponse.symantec.com...w32.pinfi.html for removal instructions.
If it's a false positive, contact the author of your virus scanner.
gas-attack
7th May 2004 16:38 UTC
Originally posted by Joost Verburg
If you system is infected there is nothing NSIS can do about it. See http://securityresponse.symantec.com...w32.pinfi.html for removal instructions.
If it's a false positive, contact the author of your virus scanner.
Got rid of the virus. Just wanted to say that NSIS CRC is corrupted by this virus so that it looks like a normal uninfected file again and then spreads over other NSIS installers. But the fact that only 1.x installers were infected shows that it was improved in 2.0, so the problem will soon have been gone.
Joost Verburg
7th May 2004 18:02 UTC
You can recompile NSIS with an option to make the self-validation more strict.