trojan in 2008b?
in [Matlab]
|
From: Erik on 16 Jun 2010 12:43 I have a recent experience similar to this but with R2009a. McAfee VirusScan Enterprise (v8.5i) found 2 trojans (I deleted those) and then Malwarebytes v1.46 found 3 more (also deleted those) McAfee and Malwarebytes found them all in the folder: c:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks McAfee: adrtddm6430.mexw32 scblock.mexw32 Malwarebytes: adbbpci20019.mexw32 adbbpci20023.mexw32 encadapci1710.mexw32 The research lab im part of, most of our computers run R2009a (and have been for quite a while) and all of them have McAfee but this is the first time (that i'm aware of) that McAfee picked up trojans in the MatLab directory. "JH " <jhlaks(a)colorado.edu> wrote in message <ho2qi1$88k$1(a)fred.mathworks.com>... > My anti-virus scanner hit on > > C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\digespia2a.mexw32 > > and reports it as containing a component used by a trojan. Has anyone else had this problem? > > Thanks, > -Jason
From: Steven Lord on 16 Jun 2010 12:52 "Erik " <emisawa2(a)uiuc.edu> wrote in message news:hvauuo$b5o$1(a)fred.mathworks.com... >I have a recent experience similar to this but with R2009a. McAfee >VirusScan Enterprise (v8.5i) found 2 trojans (I deleted those) and then >Malwarebytes v1.46 found 3 more (also deleted those) > > McAfee and Malwarebytes found them all in the folder: > c:\Program > Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks > > McAfee: > adrtddm6430.mexw32 > scblock.mexw32 > > Malwarebytes: > adbbpci20019.mexw32 > adbbpci20023.mexw32 > encadapci1710.mexw32 > > The research lab im part of, most of our computers run R2009a (and have > been for quite a while) and all of them have McAfee but this is the first > time (that i'm aware of) that McAfee picked up trojans in the MatLab > directory. I suspect that those detections were false positive results. By deleting those MEX-files some of the functionality in Real-Time Workshop and/or XPC Target may not longer work. If you need to reinstall to reenable that functionality, and you receive those same warnings from your virus scanner after the reinstall, please quarantine (rather than deleting) those files and contact Technical Support. They can work with you to test if those files have been infected or if the virus scanner/malware detector have found false positives. -- Steve Lord slord(a)mathworks.com comp.soft-sys.matlab (CSSM) FAQ: http://matlabwiki.mathworks.com/MATLAB_FAQ To contact Technical Support use the Contact Us link on http://www.mathworks.com
From: Erik on 16 Jun 2010 13:15 After reading your post, I tested two other machines, both with McAfee and with the latest definitions. Machine 2, running r2008a, not the latest definitions: no trojans Machine 2, running r2008a, latest definitions: no trojans Machine 3, running r2009a: 5 trojans, all in the same folder as before but most are "new" files... ctrcbctr05.mexw32 dinipctio10.mexw32 rs232_rec.mexw32 scblock.mexw32 (also found on machine 1) xpcregstack.mex32 I will contact my university's central tech support and software distribution hub about this but do you want me to contact Mathworks/MatLab tech as well? -Erik > > "Erik " <emisawa2(a)uiuc.edu> wrote in message > > McAfee and Malwarebytes found them all in the folder: > > c:\Program > > Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks > > > > McAfee: > > adrtddm6430.mexw32 > > scblock.mexw32 > > > > Malwarebytes: > > adbbpci20019.mexw32 > > adbbpci20023.mexw32 > > encadapci1710.mexw32 > > > > The research lab im part of, most of our computers run R2009a (and have > > been for quite a while) and all of them have McAfee but this is the first > > time (that i'm aware of) that McAfee picked up trojans in the MatLab > > directory.
From: Erik on 16 Jun 2010 13:34 Is there a way to edit messages? I think I found a solution: http://www.mathworks.com/support/bugreports/634557 (I'm glad I didn't contact any of the people i said i was going to, that could have been embarrassing!)
From: Gordon Weast on 16 Jun 2010 14:36 Yes, the solution in that bug report is a MATLAB script that recreates all of the mex files using the mex compiler you have configured. Recreated this way, the files don't show up as a trojan virus. The source code for all of the files is shipped so you can look at them and see that there isn't anything resembling a virus anywhere in them. We believe this is a false detection, but we're having some trouble convincing the antivirus people of that fact. A slightly different set of files is tagged in R2009a. In R2009b and R2010a no files show up in the virus scan report. Gordon Weast xPC Target Development The MathWorks Erik wrote: > Is there a way to edit messages? I think I found a solution: > http://www.mathworks.com/support/bugreports/634557 > > (I'm glad I didn't contact any of the people i said i was going to, that > could have been embarrassing!)
|
Pages: 1 Prev: sftp download Next: Displaying multi-dimensional locations in 2D |