Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Ed Koerber via cygwin]

I am using the following version of cygwin on a Windows 7 computer: 

$ uname -a 
CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin 

Why does Malwarebytes flag this file: 

C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe 

as Adware.Elex malware? 

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Ray Donnelly]

On Sun, Mar 19, 2017 at 5:19 PM, Ed Koerber via cygwin
<cygwin@cygwin.com> wrote:
> I am using the following version of cygwin on a Windows 7 computer:
>
> $ uname -a
> CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin
>
> Why does Malwarebytes flag this file:
>
> C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe
>
> as Adware.Elex malware?

Probably because virus scanners are amongst the dumbest software on earth?

If you were to report it to Malwarebytes as a suspected false positive
that would be helpful.

>
> --
> Problem reports:       http://cygwin.com/problems.html
> FAQ:                   http://cygwin.com/faq/
> Documentation:         http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Ed Koerber via cygwin]

It bears asking to be thorough... are we sure that the cygwin package has not been compromised somehow?
________________________________
From: Ray Donnelly <mingw.android@gmail.com>
To: Ed Koerber <ekoerber@yahoo.com>; cygwin@cygwin.com 
Sent: Sunday, March 19, 2017 12:32 PM
Subject: Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware



On Sun, Mar 19, 2017 at 5:19 PM, Ed Koerber via cygwin
<cygwin@cygwin.com> wrote:
> I am using the following version of cygwin on a Windows 7 computer:
>
> $ uname -a
> CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin
>
> Why does Malwarebytes flag this file:
>
> C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe
>
> as Adware.Elex malware?

Probably because virus scanners are amongst the dumbest software on earth?

If you were to report it to Malwarebytes as a suspected false positive
that would be helpful.


>
> --
> Problem reports:      http://cygwin.com/problems.html
> FAQ:                  http://cygwin.com/faq/
> Documentation:        http://cygwin.com/docs.html
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[René Berber]

On 3/19/2017 12:18 PM, Ed Koerber via cygwin wrote:

> It bears asking to be thorough... are we sure that the cygwin package
> has not been compromised somehow?

You are correct in not taking unsubstantiated remarks as useful.

We usually run the program in question through https://www.virustotal.com/

If several, reputable, scanners flag it as a virus, then its probably a
virus.

Hope this helps.
-- 
R. Berber


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[René Berber]

Back to the list, and keep it there.

-------- Forwarded Message --------
From: 	Chris Johnson
To: 	Do not reply

I'm probably going to catch hell for this.

Don't virus scanners in general get caught by other virus scanner
because their databases have the same signatures as the viruses they
look for?  I don't know how to get around this other than an exclusion
list.

> On 3/19/2017 12:18 PM, Ed Koerber via cygwin wrote:
>
>> It bears asking to be thorough... are we sure that the cygwin package
>> has not been compromised somehow?
> You are correct in not taking unsubstantiated remarks as useful.
>
> We usually run the program in question through https://www.virustotal.com/
>
> If several, reputable, scanners flag it as a virus, then its probably a
> virus.
>
> Hope this helps.



--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[René Berber]

On 3/19/2017 6:05 PM, Chris Johnson wrote:

> Don't virus scanners in general get caught by other virus scanner
> because their databases have the same signatures as the viruses they
> look for?  I don't know how to get around this other than an exclusion
> list.

Off-topic, this has nothing to do with the original post.
-- 
R. Berber

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Brian Inglis]

On 2017-03-19 12:18, Ed Koerber via cygwin wrote:
> On Sunday, March 19, 2017 12:32 PM, Ray Donnelly wrote:
>> On Sun, Mar 19, 2017 at 5:19 PM, Ed Koerber via cygwin wrote:
>>> I am using the following version of cygwin on a Windows 7 computer:
>>> $ uname -a
>>> CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin
>>> Why does Malwarebytes flag this file:
>>> C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe
>>> as Adware.Elex malware?
>> Probably because virus scanners are amongst the dumbest software on earth?
>> If you were to report it to Malwarebytes as a suspected false positive
>> that would be helpful.
> It bears asking to be thorough... are we sure that the cygwin package
> has not been compromised somehow?

As long as you install Cygwin setup-x86{,64} from https://cygwin.com and 
it downloads packages from a current official mirror, you are protected 
by browser validation (only as good as your browser) of HTTPS certificates, 
GPG signature validation on the setup program and setup.ini files, and 
SHA-2 SHA-512 message digest validation of the packages and contents. 

Read the MB notes on adware e.g.
https://support.malwarebytes.com/customer/portal/articles/1834873-what-are-pup-detections-are-they-threats-and-should-they-be-deleted-?b_id=6438

"What are 'PUP' detections, are they threats and should they be deleted?

PUP detections are Potentially Unwanted Programs. 
These are programs our researchers have found are sometimes added to a 
system without the user's knowledge or approval.

In Malwarebytes Anti-Malware versions 2.0 and higher, 
PUPs are set to be quarantined by default. 
This can be confirmed in Settings > Detection and Protection > 
 Non-Malware Protection."
 ***********

This warning may be generated by generic detection of Windows code that 
may resemble similar Windows code included in some adware. If this is 
generated by a static file scan, especially of Cygwin code, rather than 
while running the software, it is most likely a false positive.

If you downloaded and installed the software yourself from a reputable 
source, with good validation, you should exclude the software.

With Cygwin you can always download the tools and source code to fairly 
easily rebuild the binary packages, and some people other than the Cygwin 
developers do, starting with the dll, apps, tools, etc. so they know all 
their code can be rebuilt from the distributed source.

You can always uninstall the package using the setup program, or whatever 
process is recommended by MB.

Alternatively you can ask MB for confirmation or reconsideration: 
https://forums.malwarebytes.com/topic/3228-please-read-before-reporting-a-false-positive/

MB search for "false positive" does not return much useful until you 
go into the Forums, and their products do not seem to have an easy way 
integrated to submit reports and samples. This to me is a yellow flag, 
as most similar products I have used make it easy to report and provide 
samples of either suspected malware or false positives, which have 
included earlier Cygwin and other Windows programs which were fine, and 
were quickly recategorized in updates to the AV product.

You may be better served by good AV and ad blocking software that is 
not in the Cygwin FAQ BLODA list: 
https://cygwin.com/faq/faq.html#faq.using.bloda

For Windows 7 you could download and install MSE Microsoft Security 
Essentials, using it with Windows Defender and Windows Firewall, 
and a good ad blocker that detects known problems and actual bad 
behaviour.

-- 
-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

[a tangent but hopefully not OT question] Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Paul Allen Newell]

On 03/19/2017 01:23 PM, René Berber wrote:
> On 3/19/2017 12:18 PM, Ed Koerber via cygwin wrote:
>
>> It bears asking to be thorough... are we sure that the cygwin package
>> has not been compromised somehow?
> You are correct in not taking unsubstantiated remarks as useful.
>
> We usually run the program in question through https://www.virustotal.com/
>
> If several, reputable, scanners flag it as a virus, then its probably a
> virus.
>
> Hope this helps.

Rene:

I looked at https://www.virustotal.com/ and found it interesting. That 
being said, everything on it looked "pc" and "windows" except for one 
report of issues which seemed OS/Mac based.

I went through all the documentation and tabs to other pages as best I 
could (including the FAQ).

I could not get a clear answer as to whether this site handled any and 
all queries was platform agnostic or limited to Windows (and maybe OSX).

I have to deal with Windows via Cygwin, OSX, and Centos/Fedora and can't 
figure out if I can send anything from any platform to this site.

Thanks in advance for humouring my tangent within this same thread (I 
made sure I changed the subject to reflect the tangent)

Paul

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Ed Koerber via cygwin]

Probable problem with Malwarebytes incorrectly flags the qdbusviewer-qt5.exe file reported here:

https://forums.malwarebytes.com/topic/197975-malwarebytes-flags-qdbusviewer-qt5exe-as-adwareelex-malware/


Stay tuned for the response.
________________________________
From: Ed Koerber via cygwin <cygwin@cygwin.com>
To: "cygwin@cygwin.com" <cygwin@cygwin.com> 
Sent: Sunday, March 19, 2017 12:20 PM
Subject: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware



I am using the following version of cygwin on a Windows 7 computer: 

$ uname -a 
CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin 

Why does Malwarebytes flag this file: 
C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe 

as Adware.Elex malware? 

--

Problem reports:      http://cygwin.com/problems.html
FAQ:                  http://cygwin.com/faq/
Documentation:        http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simpl

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Brian Inglis]

On 2017-03-20 07:53, Ed Koerber via cygwin wrote:
> On Sunday, March 19, 2017 12:20 PM, Ed Koerber via cygwin wrote:
>> I am using the following version of cygwin on a Windows 7 computer:
>> $ uname -a 
>> CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin 
>> Why does Malwarebytes flag this file: 
>> C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe
>> as Adware.Elex malware?
> Probable problem with Malwarebytes incorrectly flags the
> qdbusviewer-qt5.exe file reported here:
> https://forums.malwarebytes.com/topic/197975-malwarebytes-flags-qdbusviewer-qt5exe-as-adwareelex-malware/
> Stay tuned for the response.
Response:
"shadowwar
Forum Deity
shadowwar
Moderators
Posted Monday at 05:18 PM ID: 2
This will be fixed next update."

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware

[Ed Koerber via cygwin]

Thanks for posting that for me, Brian. I was going to get back to that to check for a response myself, but it has been a busy week!
________________________________
From: Brian Inglis <Brian.Inglis@SystematicSw.ab.ca>
To: cygwin@cygwin.com 
Sent: Saturday, March 25, 2017 3:06 PM
Subject: Re: Malwarebytes flags qdbusviewer-qt5.exe as Adware.Elex malware



On 2017-03-20 07:53, Ed Koerber via cygwin wrote:
> On Sunday, March 19, 2017 12:20 PM, Ed Koerber via cygwin wrote:
>> I am using the following version of cygwin on a Windows 7 computer:
>> $ uname -a 
>> CYGWIN_NT-6.1 e250 2.6.0(0.304/5/3) 2016-08-31 14:27 i686 Cygwin 
>> Why does Malwarebytes flag this file: 
>> C:\cygwin\usr\x86_64-w64-mingw32\sys-root\mingw\bin\qdbusviewer-qt5.exe
>> as Adware.Elex malware?
> Probable problem with Malwarebytes incorrectly flags the
> qdbusviewer-qt5.exe file reported here:
> https://forums.malwarebytes.com/topic/197975-malwarebytes-flags-qdbusviewer-qt5exe-as-adwareelex-malware/
> Stay tuned for the response.
Response:
"shadowwar
Forum Deity
shadowwar
Moderators
Posted Monday at 05:18 PM ID: 2
This will be fixed next update."

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada


--
Problem reports:      http://cygwin.com/problems.html
FAQ:                  http://cygwin.com/faq/
Documentation:        http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple