Re: [Bug-wget] WGET for Windows (win32)

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4

From:	Ángel González
Subject:	Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4
Date:	Thu, 08 Aug 2013 22:49:47 +0200
User-agent:	Thunderbird

On Thu, Aug 8, 2013 at 12:21 AM, Andrew McGlashan <address@hidden> wrote:

Hi,

I had previously downloaded 1.11.4 of wget.exe and have been using it on
a number of machines, recently I downloaded a /fresh/ copy and found it
had a different file size.

These are the files I have:

23/10/2008  09:40 PM           403,968 wget-1-11-4--wrong-md5sum.exe
26/04/2009  01:03 AM           401,408 wget-1-11-4.exe

And these are the md5 checksums

D:\bin>md5sum wget-1-11-4--wrong-md5sum.exe wget-1-11-4.exe
c639f0fc0cbee97148c79d9d9e31fff3 *wget-1-11-4--wrong-md5sum.exe
bd126a7b59d5d1f97ba89a3e71425731 *wget-1-11-4.exe


These links show both versions as having ONE detection of virus:

   http://md5.virscan.org/c639f0fc0cbee97148c79d9d9e31fff3
         Scanner results :   3% Scanner(s) (1/39) found malware!
                    Time :   2008/10/27 01:55:21 (EST)

One scanner found malware for this file in a 2008 scan (Fortinet showed

it as "suspicious"). Later checks -including that scanner- didn't detectanything.

   http://md5.virscan.org/bd126a7b59d5d1f97ba89a3e71425731
         Scanner results :   3% Scanner(s) (1/37) found malware!

On this one the behavior was the opposite. There were no detections until
Sep 2011, where Rising started detecting it as

Trojan.Win32.Generic.12938BC8<http://v.virscan.org/Trojan.Win32.Generic.12938BC8.html> This stoppedin 2012. Later, in October,

it started appearing due to ClamAV detecting it with its

PUA.Win32.Packer.Upx-28<http://v.virscan.org/PUA.Win32.Packer.Upx-28.html> signature.Thissignature is not for a virus [1], it only

shows that the program was compressed using upx (which also explains the
different md5).

An analysis of bd126a7b59d5d1f97ba89a3e71425731 doesn't show any
detection on virustotal:
https://www.virustotal.com/es/file/a48ad33695a44de887bba8f2f3174fd8fb01a46a19e3ec9078b0118647ccf599/analysis/

I don't think it has any virus. But getting a safe copy of the last wgetversion

would of course be much better :)

1- See «What is PUA? I get a lot of false positives named PUA» on
https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-misc.md

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4, Micah Cowan, 2013/08/08
- Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4, Ángel González <=

Prev by Date: Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4
Next by Date: Re: [Bug-wget] Review Request (Bug 39453)
Previous by thread: Re: [Bug-wget] WGET for Windows (win32) - current version: 1.11.4
Next by thread: [Bug-wget] [PATCH] Fix --version wrapping issues and be more consistent with alignment
Index(es):
- Date
- Thread