FROIS-01 Theme virus found

from Stardock Forums
This time it's the W32/HLLP.Phillis.ini virus. Found cleaned and deleted. I think it odd that I've never had a virus alert from a Blind before and in two weeks I've had two from Championship submissions. I don't blame the developers, without them there would be no skins and themes, but I'd ask that maybe they update their definitions and/or use multiple programs to double-check before submitting.

4,905 views 8 replies
Reply #2 from Stardock Forums Top
I should have added that the virus was picked up by McAfee. I haven't tried to run Norton on the file yet.
Sins of a Solar Empire: Rebellion
Reply #3 from Stardock Forums Top
This is the same false-positive virus that was found on another skin earlier.  It is only detected by McAfee because the skin contains the _desktop.ini file.  Not indicative of a virus necessarily.  No other virus scanner on the market is flagging this as a virus, even after McAfee adding it to their own definitions list almost a month ago.
Reply #4 from Stardock Forums Top
Thanks for the heads up Zoomba but I'm with Jombay on this one WWW Link2 (check last post in thread). Better safe than sorry.
Reply #5 from Stardock Forums Top
Reference from WWW Link

Alert ID : FrSIRT/ALRT-2006-07109
Aliases : N/A
Size : N/A
Rated as : Low Risk
Release Date : 2006-09-28

Description

W32/HLLP.Philis.ini are "_desktop.ini" files created by variants of W32/HLLP.Philis virus. These are created as a hidden system files and contain the date on which virus was executed to visit the folder in which the file resides.

References

http://vil.nai.com/vil/content/v_140656.htm

Credits

Reported by McAfee

ChangeLog

2006-09-28 - Initial Release
Reply #6 from Stardock Forums Top

W32/HLLP.Philis.ini is a sub-set of the W32/HLLP.Philis virus.  The *.ini variant is at this time ONLY detected by McAfee, and if you look at the description of the "virus" here:

http://vil.nai.com/vil/content/v_140656.htm

You'll see that it's not actually a virus that it's detecting, but an artifact of W32/HLLP.Philis.  The _desktop.ini file can not contain the virus, it is merely potentially a record of the virus executing.

Looking at the _desktop.ini file included with the latest version of FROIS-01, there is a timestamp inidicating that Dexter2005 has been infected by the W32/HLLP.Philis virus, which prepends itself to .exe files. 

The _desktop.ini file is NOT AN INFECTED FILE.  It is only a sign that the system on which it was created is infected (and even then, only sometimes, there may be legit apps that create an _desktop.ini file).  Since there are no .exes packed in a skin, this isn't even the beginnings of a concern.

However, any skin author that is told their skin is triggering this warning, they need to get their systems cleaned, because they might very well have the actual virus.

Reply #7 from Stardock Forums Top
However, any skin author that is told their skin is triggering this warning, they need to get their systems cleaned, because they might very well have the actual virus.


Then why come off defensive like it's not a problem or "even the beginnings of a concern"? I'd think it would be a concern to the skin authors who likely have the virus on their systems even if it's not a big risk to users of their skins. Again, better safe than sorry.
Reply #8 from Stardock Forums Top
My point is that the warning is not a danger to anyone who downloads the skin.
+1 Loading…