Home of the Squeezebox™ & Transporter® network music players.
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member
    Join Date
    Dec 2006
    Location
    London, UK
    Posts
    34

    LMS Windows nightly build 7.9.1-1513400996 reported as infected with malware

    On my local Windows PC running as LMS server, Kaspersky Internet security 2018 has deleted the automatic download of LogitechMediaServer-7.9.1-1513400996.exe and reports it is infected with the malware Trojan-Banker.Win32.Banbra.wihm
    Anybody else seeing this behaviour from AV software? Is it possible that an LMS nightly has been infected?
    LMS 7.9.1 | Touch | Boom | Boom | SB3

  2. #2
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,832

    LMS Windows nightly build7.9.1-1513400996 reported as infected with malware

    Clean according to virustotal.com:

    https://www.virustotal.com/#/url/92c...8a48/detection

    Even Kaspersky!

    How did you download the file? Could you double-check your installer on
    virustotal.com?

    --

    Michael

  3. #3
    Member
    Join Date
    Dec 2006
    Location
    London, UK
    Posts
    34
    [QUOTE=mherger;902330]Clean according to virustotal.com:

    https://www.virustotal.com/#/url/92c...8a48/detection

    Even Kaspersky!

    How did you download the file? Could you double-check your installer on
    virustotal.com?

    Thanks Michael, reassuring
    It was downloaded by LMS as I have the automatically download updates option enabled
    LMS 7.9.1 | Touch | Boom | Boom | SB3

  4. #4
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,832

    LMS Windows nightly build7.9.1-1513400996 reported as infected with malware

    >> It was downloaded by LMS as I have the automatically download updates
    >> option enabled


    Did you double-check the file by uploading it to totalvirus.com? It
    could have been infected while on your system.

    --

    Michael

  5. #5
    Member
    Join Date
    Dec 2006
    Location
    London, UK
    Posts
    34
    Quote Originally Posted by mherger View Post
    >> It was downloaded by LMS as I have the automatically download updates
    >> option enabled


    Did you double-check the file by uploading it to totalvirus.com? It
    could have been infected while on your system.

    --

    Michael

    I have now thanks for the suggestion. I uploaded both 1513400996 and the latest build which my LMS had downloaded to the cache and Kaspersky had again quarantined as infected. 1513400996 and 1513951369 are both given a clean bill of health by all but one service - Dr Web flags them both as infected with a Trojan 1.56129.
    If I download 1513951369 direct from downloads/slimdevices.com via Firefox, a Kaspersky scan says it is clean. Once I run the .exe, both Windows Defender and Kaspersky detect a Trojan and block the program from running.
    I suspect this is a problem specific to my machine.
    LMS 7.9.1 | Touch | Boom | Boom | SB3

  6. #6
    I'm seeing this problem too, with Kaspersky. I'll do more troubleshooting later and report back.

  7. #7
    So the installer for 1513951369 (22 Dec) is seen by Kaspersky as malware and deleted on download. It was also deleting the automatic downloads in the cache for this version. I disabled Kaspersky and installed 1513951369, but on re-enabling protection it reports squeezesvr.exe as malware and quarantines/deletes it. I'm not sure where to find previous versions to try - to see if the issue is a change in Kaspersky signatures or some recent change in LMS triggering a false positive.

    For now I've added the LMS program files and data folders to Kaspersky exclusions and everything's working fine.

    -Alex

  8. #8
    Babelfish's Best Boy mherger's Avatar
    Join Date
    Apr 2005
    Location
    Switzerland
    Posts
    19,832

    LMS Windows nightly build7.9.1-1513400996 reported as infected with malware

    > For now I've added the LMS program files and data folders to Kaspersky
    > exclusions and everything's working fine.


    Please double-check your copy on virustotal.com. It _could_ be infected,
    after all.

    --

    Michael

  9. #9
    Member
    Join Date
    Dec 2006
    Location
    London, UK
    Posts
    34
    I've reverted to 7.9.1 - 1512734075 from Dec 8th as I had this version sitting around in my download folder. Kaspersky is happy with this version.
    LMS 7.9.1 | Touch | Boom | Boom | SB3

  10. #10
    Same thing happened to me with Avast and the auto install which was caught mid-stream by Avast and corrupted the current install of LMS. Had to uninstall and do a clean install of the LogitechMediaServer-7.9.1-1508904967 version to get back up and running. Why is version LogitechMediaServer-7.9.1-1513951369 coming up as infected?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •