Page 1 of 1

WARNING: possible trojan in wdi_simple.exe in camera folder

PostPosted: Wed Dec 31, 2014 5:03 pm
by CaBleman
Guys,

today my local virus scanner warned me about a possible trojan in the executable "wdi_simple.exe" in the "camera" folder of the Aerodrum installation.
I then uploaded the file to virustotal.com with the follwing result, see link below.
https://www.virustotal.com/de/file/cab29e9988af08995fffa1b41ac7e9048cd9cf6c48284674d32c0d65d9090790/analysis/1420041380/

Although this could be a false positive every windows user should be alarmed and I expect the Aerodrum people to look into/resolve this and/or communicate clearly what could be going on here.

Regards,

CaBleman

---

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

PostPosted: Wed Dec 31, 2014 6:13 pm
by Sipaliwini
Hello,

thank you for letting us know about this. We use this program to install the camera driver. It is part of libwdi, a project maintained by volunteers.

As an open source project under the GNU LGPL license, it is transparent* and trustworthy.

Because the file was compiled in 2011, it is very unlikely that a virus on the computer of the person who compiled it made its way in before publication, because it would have been detected a long time ago.
It passed our anti-viruses (AVG and Malwarebytes) when we included it in Aerodrums.

For these reasons, for the time being we are assuming a false positive.

I have posted on the development mailing list of a connected project (libusbwin32) about the issue. I will update this thread if action needs to be taken.

* The source code for libwdi is here: http://sourceforge.net/p/libwdi/code/ci/master/tree/
The code for wdi-simple is here: http://sourceforge.net/p/libwdi/code/ci/master/tree/examples/wdi-simple.c

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

PostPosted: Wed Dec 31, 2014 8:22 pm
by Sipaliwini
The author of the program's reply sent a shiver down my spine so I had a look at were we got it from.
It turns out I compiled it from the libwdi-1.2.2 sources in November 2013. (2011 was a typo, and I had completely forgotten compiling it, things were crazy before the NAMM launch).

Pete Batard, the author of wdi-simple, suggested that I remind our users that before running a program, particularly one that asks for elevated privileges, it is important to check that you trust the maker of the program, and that the program you are about to run is indeed the program they made. This last bit is best done via software signing. We apologize for not having signed the wdi-simple and aerodrums executables yet. However there are only two legitimate ways to get the Aerodrums installer: from our website or from the DVD that came with the boxes from our first batch. We trust the computers and servers involved.

We are asking you to trust us when you install Aerodrums and the camera driver.

We believe the anti virus warning you received is a false positive.

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

PostPosted: Thu Jan 01, 2015 3:23 pm
by CaBleman
Thanks for taking care!

The thing is that at the time of aerodrum installation there never was a warning.
Just came up two days ago, after having it installed since Boxing Day.

To have a wider check than just with my local AV software I uploaded it to virustotal.com
BTW initially, virustotal stated that a file with the same checksum had been uploaded and checked before.

And I thought I better shared the results of the twenty odd different virus scanners here (see link in my initial post above).

One question remains:
After installation, is that program needed any longer, e.g. for uninstallation? Or could it be removed w/o affecting functionality?

Regards,

CaBleman

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

PostPosted: Thu Jan 01, 2015 7:14 pm
by tonygates
Same here (Avast Free)

Re: WARNING: possible trojan in wdi_simple.exe in camera fol

PostPosted: Thu Jan 01, 2015 7:54 pm
by Sipaliwini
wdi-simple can be removed, it is only used once to install the camera driver.

We will look into what we can do to reassure the anti viruses that give a warning.