[Zlib-devel] Fwd: Avast reports minigzip_d.exe is infected
Cosmin Truta
cosmin at cs.toronto.edu
Tue Sep 20 04:26:59 EDT 2011
MinGW puts some small initialization code in the executable, for the
benefit of Java (gcj) and C++ (g++), which, for C apps, is never used.
It's innocuous, and the space occupied is very little. Could that
trigger the attention of an antivirus? It's odd, because that code
isn't just in minigzip_d.exe. All the PE executables (zlib1.dll,
example_d.exe, minigzip_d.exe) have that in.
Could it be possible that minigzip_d.exe carried a real virus? I'd
have to re-download the precise MinGW tool versions that I used when I
built the DLL package, so that I can rebuild and compare.
Sincerely,
Cosmin
On Mon, Sep 19, 2011 at 1:26 PM, Mark Adler <madler at madler.net> wrote:
> All,
>
> This seems unlikely, but can someone check to see if the minigzip executable in zlib125-dll.zip has any unexpected code in it?
>
> Mark
>
>
> Begin forwarded message:
>> From: Cory Riddell <cory at codeware.com>
>> Date: September 19, 2011 9:25:16 AM PDT
>> To: zlib at gzip.org
>> Subject: Avast reports minigzip_d.exe is infected
>>
>> The anti-virus scanner Avast thinks test\minigzip_d.exe is infected with
>> "Win32:Flooder-HD [Tri]". When I searched for more information on this I
>> found another report here:
>> http://v.virscan.org/Win32:Flooder-HD%20[Trj].html
>>
>> This file is inside your compiled zlib DLL package.
>>
>> Has this been reported to you before? The version of Avast that found
>> this is 110919-0, 09/19/2011.
>>
>> Thanks,
>> Cory Riddell
>> Codeware
>>
>>
>
>
> _______________________________________________
> Zlib-devel mailing list
> Zlib-devel at madler.net
> http://mail.madler.net/mailman/listinfo/zlib-devel_madler.net
>
More information about the Zlib-devel
mailing list