From: Erik on
I have a recent experience similar to this but with R2009a. McAfee VirusScan Enterprise (v8.5i) found 2 trojans (I deleted those) and then Malwarebytes v1.46 found 3 more (also deleted those)

McAfee and Malwarebytes found them all in the folder:
c:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks

McAfee:
adrtddm6430.mexw32
scblock.mexw32

Malwarebytes:
adbbpci20019.mexw32
adbbpci20023.mexw32
encadapci1710.mexw32

The research lab im part of, most of our computers run R2009a (and have been for quite a while) and all of them have McAfee but this is the first time (that i'm aware of) that McAfee picked up trojans in the MatLab directory.





"JH " <jhlaks(a)colorado.edu> wrote in message <ho2qi1$88k$1(a)fred.mathworks.com>...
> My anti-virus scanner hit on
>
> C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\digespia2a.mexw32
>
> and reports it as containing a component used by a trojan. Has anyone else had this problem?
>
> Thanks,
> -Jason
From: Steven Lord on

"Erik " <emisawa2(a)uiuc.edu> wrote in message
news:hvauuo$b5o$1(a)fred.mathworks.com...
>I have a recent experience similar to this but with R2009a. McAfee
>VirusScan Enterprise (v8.5i) found 2 trojans (I deleted those) and then
>Malwarebytes v1.46 found 3 more (also deleted those)
>
> McAfee and Malwarebytes found them all in the folder:
> c:\Program
> Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
>
> McAfee:
> adrtddm6430.mexw32
> scblock.mexw32
>
> Malwarebytes:
> adbbpci20019.mexw32
> adbbpci20023.mexw32
> encadapci1710.mexw32
>
> The research lab im part of, most of our computers run R2009a (and have
> been for quite a while) and all of them have McAfee but this is the first
> time (that i'm aware of) that McAfee picked up trojans in the MatLab
> directory.

I suspect that those detections were false positive results. By deleting
those MEX-files some of the functionality in Real-Time Workshop and/or XPC
Target may not longer work. If you need to reinstall to reenable that
functionality, and you receive those same warnings from your virus scanner
after the reinstall, please quarantine (rather than deleting) those files
and contact Technical Support. They can work with you to test if those
files have been infected or if the virus scanner/malware detector have found
false positives.

--
Steve Lord
slord(a)mathworks.com
comp.soft-sys.matlab (CSSM) FAQ: http://matlabwiki.mathworks.com/MATLAB_FAQ
To contact Technical Support use the Contact Us link on
http://www.mathworks.com


From: Erik on
After reading your post, I tested two other machines, both with McAfee and with the latest definitions.

Machine 2, running r2008a, not the latest definitions: no trojans
Machine 2, running r2008a, latest definitions: no trojans
Machine 3, running r2009a: 5 trojans, all in the same folder as before but most are "new" files...

ctrcbctr05.mexw32
dinipctio10.mexw32
rs232_rec.mexw32
scblock.mexw32 (also found on machine 1)
xpcregstack.mex32

I will contact my university's central tech support and software distribution hub about this but do you want me to contact Mathworks/MatLab tech as well?

-Erik



>
> "Erik " <emisawa2(a)uiuc.edu> wrote in message
> > McAfee and Malwarebytes found them all in the folder:
> > c:\Program
> > Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks
> >
> > McAfee:
> > adrtddm6430.mexw32
> > scblock.mexw32
> >
> > Malwarebytes:
> > adbbpci20019.mexw32
> > adbbpci20023.mexw32
> > encadapci1710.mexw32
> >
> > The research lab im part of, most of our computers run R2009a (and have
> > been for quite a while) and all of them have McAfee but this is the first
> > time (that i'm aware of) that McAfee picked up trojans in the MatLab
> > directory.
From: Erik on
Is there a way to edit messages? I think I found a solution:
http://www.mathworks.com/support/bugreports/634557

(I'm glad I didn't contact any of the people i said i was going to, that could have been embarrassing!)
From: Gordon Weast on
Yes, the solution in that bug report is a MATLAB script that
recreates all of the mex files using the mex compiler you have
configured.

Recreated this way, the files don't show up as a trojan virus.

The source code for all of the files is shipped so you can look
at them and see that there isn't anything resembling a virus anywhere
in them. We believe this is a false detection, but we're having
some trouble convincing the antivirus people of that fact.

A slightly different set of files is tagged in R2009a. In R2009b
and R2010a no files show up in the virus scan report.

Gordon Weast
xPC Target Development
The MathWorks

Erik wrote:
> Is there a way to edit messages? I think I found a solution:
> http://www.mathworks.com/support/bugreports/634557
>
> (I'm glad I didn't contact any of the people i said i was going to, that
> could have been embarrassing!)