WARNING: possible trojan in wdi_simple.exe in camera folder

WARNING: possible trojan in wdi_simple.exe in camera folder

Postby CaBleman » Wed Dec 31, 2014 5:03 pm

Guys,

today my local virus scanner warned me about a possible trojan in the executable "wdi_simple.exe" in the "camera" folder of the Aerodrum installation.
I then uploaded the file to virustotal.com with the follwing result, see link below.
https://www.virustotal.com/de/file/cab29e9988af08995fffa1b41ac7e9048cd9cf6c48284674d32c0d65d9090790/analysis/1420041380/

Although this could be a false positive every windows user should be alarmed and I expect the Aerodrum people to look into/resolve this and/or communicate clearly what could be going on here.

Regards,

CaBleman

---
Last edited by CaBleman on Thu Jan 01, 2015 7:45 pm, edited 1 time in total.
CaBleman
 
Posts: 32
Joined: Thu Dec 25, 2014 3:09 pm

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

Postby Sipaliwini » Wed Dec 31, 2014 6:13 pm

Hello,

thank you for letting us know about this. We use this program to install the camera driver. It is part of libwdi, a project maintained by volunteers.

As an open source project under the GNU LGPL license, it is transparent* and trustworthy.

Because the file was compiled in 2011, it is very unlikely that a virus on the computer of the person who compiled it made its way in before publication, because it would have been detected a long time ago.
It passed our anti-viruses (AVG and Malwarebytes) when we included it in Aerodrums.

For these reasons, for the time being we are assuming a false positive.

I have posted on the development mailing list of a connected project (libusbwin32) about the issue. I will update this thread if action needs to be taken.

* The source code for libwdi is here: http://sourceforge.net/p/libwdi/code/ci/master/tree/
The code for wdi-simple is here: http://sourceforge.net/p/libwdi/code/ci/master/tree/examples/wdi-simple.c
Sipaliwini
 
Posts: 392
Joined: Thu Jan 16, 2014 12:40 pm

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

Postby Sipaliwini » Wed Dec 31, 2014 8:22 pm

The author of the program's reply sent a shiver down my spine so I had a look at were we got it from.
It turns out I compiled it from the libwdi-1.2.2 sources in November 2013. (2011 was a typo, and I had completely forgotten compiling it, things were crazy before the NAMM launch).

Pete Batard, the author of wdi-simple, suggested that I remind our users that before running a program, particularly one that asks for elevated privileges, it is important to check that you trust the maker of the program, and that the program you are about to run is indeed the program they made. This last bit is best done via software signing. We apologize for not having signed the wdi-simple and aerodrums executables yet. However there are only two legitimate ways to get the Aerodrums installer: from our website or from the DVD that came with the boxes from our first batch. We trust the computers and servers involved.

We are asking you to trust us when you install Aerodrums and the camera driver.

We believe the anti virus warning you received is a false positive.
Sipaliwini
 
Posts: 392
Joined: Thu Jan 16, 2014 12:40 pm

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

Postby CaBleman » Thu Jan 01, 2015 3:23 pm

Thanks for taking care!

The thing is that at the time of aerodrum installation there never was a warning.
Just came up two days ago, after having it installed since Boxing Day.

To have a wider check than just with my local AV software I uploaded it to virustotal.com
BTW initially, virustotal stated that a file with the same checksum had been uploaded and checked before.

And I thought I better shared the results of the twenty odd different virus scanners here (see link in my initial post above).

One question remains:
After installation, is that program needed any longer, e.g. for uninstallation? Or could it be removed w/o affecting functionality?

Regards,

CaBleman
CaBleman
 
Posts: 32
Joined: Thu Dec 25, 2014 3:09 pm

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

Postby tonygates » Thu Jan 01, 2015 7:14 pm

Same here (Avast Free)
tonygates
 
Posts: 3
Joined: Thu Aug 14, 2014 11:16 pm

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

Postby Sipaliwini » Thu Jan 01, 2015 7:54 pm

wdi-simple can be removed, it is only used once to install the camera driver.

We will look into what we can do to reassure the anti viruses that give a warning.
Sipaliwini
 
Posts: 392
Joined: Thu Jan 16, 2014 12:40 pm


Return to Support