Those who noticed that the website was not working yesterday (22nd January), might be interested to know that it was because the zx_p2wav.exe file was picked up as containing a Trojan.
It can still be downloaded from http://forum.tlienhard.com/phpBB3/downl ... php?id=238
but can anyone re-compile it to ensure it doesn't get identified as a trojan again by virustotal.com (it showed only 4 minor virus engines out of 53 identified an issue with the file).
zx_p2wav.exe
zx_p2wav.exe
Rich Mellor
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
Re: zx_p2wav.exe
Now we know what RWAP has been up to, trojaning our .p files to make a zeddy botnet!
Re: zx_p2wav.exe
Well now I have a mass of data as to what you all get up to on your ZX81s.... 
Rich Mellor
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
-
RetroTechie
- Posts: 379
- Joined: Tue Nov 01, 2011 12:16 am
- Location: Hengelo, NL
- Contact:
Re: zx_p2wav.exe
Well I've had the exact same (bit-for-bit) .zip on my harddrive as is downloaded from above link - for years. I'm surely not the only one who's tried it, so you can be pretty sure that the .exe in it has been through different virus scanners, at various points in time. So if there were a trojan in there, that same .exe would be flagged as trojan by pretty much all scanners today, I think.
In other words: the .exe in above .zip is perfectly safe to run, this is clearly a false positive. Just a thought: would it be useful to report it as such, to maintainers of those few scanners that threw up a false positive?
In other words: the .exe in above .zip is perfectly safe to run, this is clearly a false positive. Just a thought: would it be useful to report it as such, to maintainers of those few scanners that threw up a false positive?
Re: zx_p2wav.exe
I have sent it to the various companies who reported malware in the file.
Not sure what you do about ClamAV which is probably what my hosting company use - its heuristics checker warns about the characteristics of the program (probably the file conversion!)
Not sure what you do about ClamAV which is probably what my hosting company use - its heuristics checker warns about the characteristics of the program (probably the file conversion!)
Rich Mellor
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
Re: zx_p2wav.exe
By the way - I thought the site was longer dead as it did not automatically update the temporarily webcontent (security issue from your provider). Today I tried (after several days with the same message) to press CTRL-F5 for a reload and the forum appeared again. So could loose some more people who think you forum is dead. This is also a wrong handling from your provider which maybe set a too long cache-time for the temporary site. I am using the latest Firefox with default settings.RWAP wrote:Those who noticed that the website was not working yesterday (22nd January), might be interested to know that it was because the zx_p2wav.exe file was picked up as containing a Trojan.
-
RetroTechie
- Posts: 379
- Joined: Tue Nov 01, 2011 12:16 am
- Location: Hengelo, NL
- Contact:
Re: zx_p2wav.exe
More so: I don't understand why an entire site would be pulled offline, when a trojan is detected. If a provider's anti-virus is so sure it's spotted a trojan lurking in a site, wouldn't it make more sense to stop serving that particular file? (and inform site owner, etc). After all, false positives are pretty much a fact when using a virus-scanner.PokeMon wrote:This is also a wrong handling from your provider (..)
Re-compiling the .exe to avoid this issue, is counter-productive imho: Then you'd have 2 .exe's, with zero functional difference between them. One 'clean', and one flagged as 'trojan' by some virus-scanners. Worse: whatever caused virus-scanners to trip on the original .exe, might also cause (other?!?) virus-scanners to trip on the re-compiled .exe. That would just create confusion, and thus doesn't help things at all.
Re: zx_p2wav.exe
That's odd - I did get the same temporary page the next day but as soon as I did SHIFT F5 in Firefox, it updated - maybe CTRL F5 does not clear the cache?PokeMon wrote:By the way - I thought the site was longer dead as it did not automatically update the temporarily webcontent (security issue from your provider). Today I tried (after several days with the same message) to press CTRL-F5 for a reload and the forum appeared again. So could loose some more people who think you forum is dead. This is also a wrong handling from your provider which maybe set a too long cache-time for the temporary site. I am using the latest Firefox with default settings.RWAP wrote:Those who noticed that the website was not working yesterday (22nd January), might be interested to know that it was because the zx_p2wav.exe file was picked up as containing a Trojan.
Rich Mellor
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
RWAP Software
RWAP Adventures
SellMyRetro
Retro-Printer Module
Also Involved in:
Icephorm
Re: zx_p2wav.exe
I think CTRL-F5 does pretty the same as SHIFT-F5 while SHIFT-F5 calls the HTML inspector window in my browser.