Guys,
today my local virus scanner warned me about a possible trojan in the executable "wdi_simple.exe" in the "camera" folder of the Aerodrum installation.
I then uploaded the file to virustotal.com with the follwing result, see link below.
https://www.virustotal.com/de/file/cab2 ... 420041380/
Although this could be a false positive every windows user should be alarmed and I expect the Aerodrum people to look into/resolve this and/or communicate clearly what could be going on here.
Regards,
CaBleman
---
WARNING: possible trojan in wdi_simple.exe in camera folder
WARNING: possible trojan in wdi_simple.exe in camera folder
Last edited by CaBleman on Thu Jan 01, 2015 7:45 pm, edited 1 time in total.
-
- Posts: 436
- Joined: Thu Jan 16, 2014 12:40 pm
Re: WARNING: possible trojan in wdi_simple.exe in camera fol
Hello,
thank you for letting us know about this. We use this program to install the camera driver. It is part of libwdi, a project maintained by volunteers.
As an open source project under the GNU LGPL license, it is transparent* and trustworthy.
Because the file was compiled in 2011, it is very unlikely that a virus on the computer of the person who compiled it made its way in before publication, because it would have been detected a long time ago.
It passed our anti-viruses (AVG and Malwarebytes) when we included it in Aerodrums.
For these reasons, for the time being we are assuming a false positive.
I have posted on the development mailing list of a connected project (libusbwin32) about the issue. I will update this thread if action needs to be taken.
* The source code for libwdi is here: http://sourceforge.net/p/libwdi/code/ci/master/tree/
The code for wdi-simple is here: http://sourceforge.net/p/libwdi/code/ci ... i-simple.c
thank you for letting us know about this. We use this program to install the camera driver. It is part of libwdi, a project maintained by volunteers.
As an open source project under the GNU LGPL license, it is transparent* and trustworthy.
Because the file was compiled in 2011, it is very unlikely that a virus on the computer of the person who compiled it made its way in before publication, because it would have been detected a long time ago.
It passed our anti-viruses (AVG and Malwarebytes) when we included it in Aerodrums.
For these reasons, for the time being we are assuming a false positive.
I have posted on the development mailing list of a connected project (libusbwin32) about the issue. I will update this thread if action needs to be taken.
* The source code for libwdi is here: http://sourceforge.net/p/libwdi/code/ci/master/tree/
The code for wdi-simple is here: http://sourceforge.net/p/libwdi/code/ci ... i-simple.c
-
- Posts: 436
- Joined: Thu Jan 16, 2014 12:40 pm
Re: WARNING: possible trojan in wdi_simple.exe in camera fol
The author of the program's reply sent a shiver down my spine so I had a look at were we got it from.
It turns out I compiled it from the libwdi-1.2.2 sources in November 2013. (2011 was a typo, and I had completely forgotten compiling it, things were crazy before the NAMM launch).
Pete Batard, the author of wdi-simple, suggested that I remind our users that before running a program, particularly one that asks for elevated privileges, it is important to check that you trust the maker of the program, and that the program you are about to run is indeed the program they made. This last bit is best done via software signing. We apologize for not having signed the wdi-simple and aerodrums executables yet. However there are only two legitimate ways to get the Aerodrums installer: from our website or from the DVD that came with the boxes from our first batch. We trust the computers and servers involved.
We are asking you to trust us when you install Aerodrums and the camera driver.
We believe the anti virus warning you received is a false positive.
It turns out I compiled it from the libwdi-1.2.2 sources in November 2013. (2011 was a typo, and I had completely forgotten compiling it, things were crazy before the NAMM launch).
Pete Batard, the author of wdi-simple, suggested that I remind our users that before running a program, particularly one that asks for elevated privileges, it is important to check that you trust the maker of the program, and that the program you are about to run is indeed the program they made. This last bit is best done via software signing. We apologize for not having signed the wdi-simple and aerodrums executables yet. However there are only two legitimate ways to get the Aerodrums installer: from our website or from the DVD that came with the boxes from our first batch. We trust the computers and servers involved.
We are asking you to trust us when you install Aerodrums and the camera driver.
We believe the anti virus warning you received is a false positive.
Re: WARNING: possible trojan in wdi_simple.exe in camera fol
Thanks for taking care!
The thing is that at the time of aerodrum installation there never was a warning.
Just came up two days ago, after having it installed since Boxing Day.
To have a wider check than just with my local AV software I uploaded it to virustotal.com
BTW initially, virustotal stated that a file with the same checksum had been uploaded and checked before.
And I thought I better shared the results of the twenty odd different virus scanners here (see link in my initial post above).
One question remains:
After installation, is that program needed any longer, e.g. for uninstallation? Or could it be removed w/o affecting functionality?
Regards,
CaBleman
The thing is that at the time of aerodrum installation there never was a warning.
Just came up two days ago, after having it installed since Boxing Day.
To have a wider check than just with my local AV software I uploaded it to virustotal.com
BTW initially, virustotal stated that a file with the same checksum had been uploaded and checked before.
And I thought I better shared the results of the twenty odd different virus scanners here (see link in my initial post above).
One question remains:
After installation, is that program needed any longer, e.g. for uninstallation? Or could it be removed w/o affecting functionality?
Regards,
CaBleman
Re: WARNING: possible trojan in wdi_simple.exe in camera fol
Same here (Avast Free)
-
- Posts: 436
- Joined: Thu Jan 16, 2014 12:40 pm
Re: WARNING: possible trojan in wdi_simple.exe in camera fol
wdi-simple can be removed, it is only used once to install the camera driver.
We will look into what we can do to reassure the anti viruses that give a warning.
We will look into what we can do to reassure the anti viruses that give a warning.