VB2008 SP1 Install - Trojan backdoor.win32.vb.ffx

Question

Followed  link in IDE(VB2008 express) for SP1 update.  When I started install I received a Trojan warning from Kaspersky about

backdoor.win32.vb.ffx

file
http://download.microsoft.com/download/6/4/B/64B33C58-2E6D-4478-BFAF-5DB045785F31/Ixpvb.exe//PE_Patch/vs_setup.cab/FL_setup_bin_96384_96384_cn_ln.3643236F_FC70_11D3_A536_0090278A1BB8

The installer seems to be trying to install 3.5 SP1.  

Allow / Deny?

        

Answer 1

I'm having the same issue. I can't Publish my application now, since Kaspersky keeps telling me that C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin has a trojan!

Is this legit or not?

-robin

Answer 2

other people are complaining in other forums about trojans and the inability to publish after SP1 was installed.

how long till MS responds????

Answer 3

got same problem while installing VS2008 SP1, Kaspersky reported trojan backdoor.win32.vb.ffx in setup.bin on vista sp1 (kaspersky 7.0.325)

Kaspersky could not able to disinfect the file though

Any idea???

Thanks,

Answer 4

Yes I'm getting this with zone alarm with both files and paths stated above.

Having all sorts of problems, I'm trying to remove VS2008 completely now and attempting a total reinstall, SP1 initially didn't install properly, further info here:

http://groups.google.co.uk/group/microsoft.public.vstudio.general/browse_thread/thread/5aa34a37f6d32b01/985c30160d8c62a7?lnk=st&q=postings%40alexshirley.com#985c30160d8c62a7

Answer 5

After installing Visual Studio 2008 Service Pack 1
Moreover, I am having Kaspersk Internet Security 2009 I got the following Alarm on the following file : [C:\ Program Files\Microsoft SDKs\Windows\v6.0A\ Bootstrapper\Engine\setup.bin]
Trojan Program:
Backdoor.Win32. VB. ffx

Actions Available:
(Delete - recommended)
(Block)

This maybe a false alarm from Kaspersky and shall be reported to Kaspersky
The other possibility is that Microsoft uses a file which may have a Trojan!

waiting for Microsoft support ...

---

Dr.X.vb

Answer 6

I am getting the same thing with F-secure internet security 2008, for both files. Could there really be a virus?

Answer 7

The same problem,waiting for Microsoft's support....

Answer 8

Same here, F-secure  simply reported it deleted the file (C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin), it didn't even offer *not* to delete it

Answer 9

I'm having the same issue with  "Avast!"    C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin       Avast says that it's a Trojan-gen

Answer 10

Antoniz said:

I'm having the same issue with  "Avast!"    C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin       Avast says that it's a Trojan-gen

I created a new bug in MS Connect    https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=361896

Answer 11

Same problem here with Kaspersky..  Detected as a Trojan/Backdoor.

Answer 12

I'd be very surprised if we don't get some sort of response from MS today, this can be perceived as a VERY serious issue.
Many thanks....

Answer 13

Hi everyone, I know you’ve all been waiting anxiously for a response from us on this issue, and we appreciate your patience.  Since the issue was first reported, we’ve been working with the AV companies to confirm the virus alert on setup.bin as a false positive.

The AV companies have all been great helping us get this resolved; with them, we are ensuring that this is properly addressed in updated virus definition files from each of the companies.  While there are some scanners that are still flagging this as a virus, the majority of our partners have already updated their signatures.

For more information on which scanners have updated signatures for this, please see this site: http://www.virustotal.com/analisis/a3afa20071b67a8fa794173be1ec60d5 If you are running a scanner that is still detecting a virus in setup.bin, please watch for updated signatures from your AV vendor to resolve the issue.

Thanks to everyone who reported the issue, we appreciate the early heads up each of you have given us.  I'll be around here on the thread if anyone has any other questions with this issue.

-Jeremy Kelley
Program Manager
Developer Division Community Connection Team
Microsoft

---

Jeremy Kelley

Answer 14

Any news on zonealarm? (nothing in that doc)... thanks.

Answer 15

Ok thanks indeed since I had updated Avast! no virus is detected if I scan setup.bin

Thanks.

Answer 16

MSDNAlexS:

We're following up with ZoneAlarm and we'd like to confirm that you're getting the same hit reported by the others, namely that it's reporting a virus on the "setup.bin" file.  If you could confirm that, along with which version of the product you're using (we would normally assume that it's the AV product, but to be safe we want to confirm with you).

Thanks!

-Jeremy Kelley

---

Jeremy Kelley

Answer 17

A quick follow-up.  We've been in contact with ZoneAlarm and their Anti-Virus software should be all set.  If you have a problem with ZoneAlarm Anti-spyware, please let us know, we haven't received any word that there is a problem with the Anti-spyware software, but we are being proactive to nail down any related issues.

-Jeremy

---

Jeremy Kelley

Answer 18

I'm using MSDN Visual Studio Pro, came apparent when upgrading to SP1 (I have since totally removed all VS components, and now running VS2008 Pro without SP).

Anyway in ZA 7.0.483.000 logs are:

AV/treatment,2008/08/14,01:07:04 +1:00 GMT,Backdoor.Win32.VB.ffx,C:\WINDOWS\Installer\$PatchCache$\Managed\4E1DAD7D4F54B2B398A9AE271876CEF4\9.0.30729\FL_setup_bin_96384_96384_cn_ln.3643236F_FC70_11D3_A536_0090278A1BB8,File Repair Failed,Auto

AND

AV/treatment,2008/08/14,00:30:14 +1:00 GMT,Backdoor.Win32.VB.ffx,C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin,File Repair Failed,Auto

Many thanks!

Answer 19

Thanks for getting back to us MSDNAlexS, a definition update for ZA should be available shortly if it isn't already.  If you could let me know when you've got the update that would be fantastic, I want to make sure we close the loop with you on this issue, and that you've got it resolved.

-Jeremy

---

Jeremy Kelley

Answer 20

Thanks Jeremy

I'm running antivirus engine version 3, DAT file version 957330476 right now, not sure if this is the fix or not (update is the latest).

Please confirm, or otherwise I shall just assume when this next version increments that will be the fix and I'll go ahead with the upgrade.

Off to bed now (midnight in the UK), I'll see if I can handle this over the weekend.

Cheers!

Alex

Answer 21

ZA incremented to 957364652, I installed SP 1.... No problems.... THANKYOU!

Alex

Answer 22

Ok, So I got it installed, but now when I go to register it I get security violations and pop-up blocked.

when i allow popups IE shows blank window with spinner in the tab.

what fun this has been.

I have problems with all secure sites.

Answer 23

downloaded, installed firefox.  was able to register.

also, checked my other secure site problems, and so far they are all better.

i guess i am moving to firefox.