ferec
9th August 2004 17:09 UTC
nsisdl.dll contains Download.Trojan
Symantec is telling me that the nsisdl.dll contains the Download.Trojan virus.
I also just clicked on the link to download the nightly build ZIP file and it also comes up with the trojan.
Is this correct or does the download code in nsisdl look like the trojan?
ferec
9th August 2004 17:29 UTC
So, is this something new that we should alert Symantec of? The links you posted reference other viruses, but not Download.Trojan.
razor_x
9th August 2004 17:44 UTC
Originally posted by ferec
So, is this something new that we should alert Symantec of? The links you posted reference other viruses, but not Download.Trojan.
download.trojan is a generic TYPE not a specific.Alot of code may fit the "profile" of download.trojan for example...nsisdl.dll may be loosly associated merely because attemps connections.This is called a "false positive".
Joel
9th August 2004 17:46 UTC
I also have Norton AV and I don't have that alert....
ferec
9th August 2004 17:50 UTC
I only get it if I manually kick off a scan of that directory. We are using the Symantec AV Corporate Edition.
So - sounds like the consensus is that this is a false-positive.
razor_x
9th August 2004 18:40 UTC
Quote:
screff
10th August 2004 01:31 UTC
The same thing happens to me. If I try to compile any NSI scripts Symantec AV quarantines the dll saying that it is Download.Trojan.
I'm using Symantec Anti-Virus Corporate Edition 9.0.0.338 Scan engine 1.2.0.13 with defs at 8/9/2004 rev. 37.
I think the definitions that came out today started detecting it.
I posted to Symantec's support forum in the hopes that they will fix this in their next virus definition upgrades. The post is available here: http://*******.com/6csvr
Joel
10th August 2004 15:08 UTC
Is the nsisdll the only file infected according to Symantec scan engine?
ferec
10th August 2004 17:10 UTC
Yes, that was the only one quarantined.
shins
10th August 2004 17:57 UTC
Here's a screenshot of the alert if anyone is interested.
ekiller200
10th August 2004 22:01 UTC
I don't know why Norton is flagging this dll now? I could be wrong but I do belive norton comes out with new virus defs on tuesdays. A dll that can fetch a file from the internet along with a dll to execute a the downloaded file could beconsidered dangerous.. But it is also a great tool.
Nevertheless.. I fixed this Norton problem by rebuilding nsisdl.dll from source. I don't know the detail on why this works, but I am going to look into this more.(to make sure it doesn't happen again)
unfortunately I think all clients who are using our old install will have this problem if they are running norton antivirus..
zimsms
11th August 2004 13:19 UTC
Hello All,
I have quite a few installers, that worked fine yesterday, now the same binary a day later is popping up the Norton Virus Quarantine as posted above. Has anyone found a resolution to this?
pengyou
11th August 2004 14:27 UTC
Has anyone found a resolution to this?
It seems that updating to the latest definitions (10 August or later) will stop Symantec/Norton AntiVirus from quarantining nsisdl.dll:
http://sourceforge.net/tracker/index...49&atid=373085
zimsms
11th August 2004 14:32 UTC
Live update says there are no new defs. How do I get the ones for August 10th?
[EDIT]
N/m I got it. Why can't they just get live update to do it as well! Thanks!
[/EDIT]
screff
11th August 2004 19:28 UTC
I can confirm the 8/10/2004 rev. 23 definitions fix the problem. woohoo!
go_jesse
26th August 2004 17:47 UTC
Mcafee is now doing the same thing, defs version 4388
[doh] i should have read the other thread
coopey247
26th August 2004 20:20 UTC
I've got McAfee 7.1, Virus Definitions 4388, created on Aug 25th. It is calling nsisdl.dll a "Downloader-OG" trojan. How dare they mess with my NSIS, i oughta......
VegetaSan
27th August 2004 13:19 UTC
I dont have that problem (using Mcafee). This is kinda weird....
zimsms
27th August 2004 15:00 UTC
Hello McAfee users,
It states right on the McAfee Customer Support Knowledge Base page that the virus definition files 4388, are incorrectly identifying nsisdl.dll as being a virus. They also state that this has been addressed in the 4389 definitions. However, they haven't released the 4389 definitions as of yet.
Brummelchen
27th August 2004 17:12 UTC
@mcafee users - define "nsisdl.dll" as exception rule (file/folder) for read&write. (access and manually scan)
no target folder needed, just the name cause this dll is mostly used in a nsis-tmp-folder.
MarkEWaite
20th May 2006 12:22 UTC
Symantec's virus definition file dated 18 May 2006 version 17 again shows NSISdl.dll from NSIS 2.16 as infected with Trojan.Download. http://nsis.sourceforge.net has a new version, 2.17, that Symantec does not report as virus infected, but we've manufactured 1500 CD's that include NSISdl.dll and don't want to destroy those CD's because Symantec has a false positive in their definition file.
Any suggestions on the best way to persuade Symantec that their flagging is a false positive?
kichik
20th May 2006 12:27 UTC
Use their own tools to report it or the submission form. There is no need to destroy any CDs, they'll fix it.
More at: http://sourceforge.net/tracker/index...49&atid=373085
Originally posted by ferec I only get it if I manually kick off a scan of that directory. We are using the Symantec AV Corporate Edition.
So - sounds like the consensus is that this is a false-positive. well i have been using nsisdl.dll for some time..while it has some issues,being a trojan isnt one of them :) |