Visual Studio Developer Center >
Visual Studio Forums
>
Visual Studio Setup and Installation
>
VB2008 SP1 Install - Trojan backdoor.win32.vb.ffx
VB2008 SP1 Install - Trojan backdoor.win32.vb.ffx
- 0Followed link in IDE(VB2008 express) for SP1 update. When I started install I received a Trojan warning from Kaspersky about
backdoor.win32.vb.ffx
file
http://download.microsoft.com/download/6/4/B/64B33C58-2E6D-4478-BFAF-5DB045785F31/Ixpvb.exe//PE_Patch/vs_setup.cab/FL_setup_bin_96384_96384_cn_ln.3643236F_FC70_11D3_A536_0090278A1BB8
The installer seems to be trying to install 3.5 SP1.
Allow / Deny?
Answers
- 2Hi everyone, I know you’ve all been waiting anxiously for a response from us on this issue, and we appreciate your patience. Since the issue was first reported, we’ve been working with the AV companies to confirm the virus alert on setup.bin as a false positive.
The AV companies have all been great helping us get this resolved; with them, we are ensuring that this is properly addressed in updated virus definition files from each of the companies. While there are some scanners that are still flagging this as a virus, the majority of our partners have already updated their signatures.
For more information on which scanners have updated signatures for this, please see this site: http://www.virustotal.com/analisis/a3afa20071b67a8fa794173be1ec60d5 If you are running a scanner that is still detecting a virus in setup.bin, please watch for updated signatures from your AV vendor to resolve the issue.
Thanks to everyone who reported the issue, we appreciate the early heads up each of you have given us. I'll be around here on the thread if anyone has any other questions with this issue.
-Jeremy Kelley
Program Manager
Developer Division Community Connection Team
Microsoft
Jeremy Kelley- Marked As Answer byJeremy KelleyMSFT, AdministratorFriday, August 15, 2008 6:22 PM
All Replies
- 1Thanks for getting back to us MSDNAlexS, a definition update for ZA should be available shortly if it isn't already. If you could let me know when you've got the update that would be fantastic, I want to make sure we close the loop with you on this issue, and that you've got it resolved.
-Jeremy
Jeremy Kelley - 0I'm having the same issue. I can't Publish my application now, since Kaspersky keeps telling me that C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin has a trojan!
Is this legit or not?
-robin
- 0other people are complaining in other forums about trojans and the inability to publish after SP1 was installed.
how long till MS responds???? - 0got same problem while installing VS2008 SP1, Kaspersky reported trojan backdoor.win32.vb.ffx in setup.bin on vista sp1 (kaspersky 7.0.325)
Kaspersky could not able to disinfect the file though
Any idea???
Thanks, - 0Yes I'm getting this with zone alarm with both files and paths stated above.
Having all sorts of problems, I'm trying to remove VS2008 completely now and attempting a total reinstall, SP1 initially didn't install properly, further info here:
http://groups.google.co.uk/group/microsoft.public.vstudio.general/browse_thread/thread/5aa34a37f6d32b01/985c30160d8c62a7?lnk=st&q=postings%40alexshirley.com#985c30160d8c62a7
- 0
After installing Visual Studio 2008 Service Pack 1
Moreover, I am having Kaspersk Internet Security 2009 I got the following Alarm on the following file : [C:\ Program Files\Microsoft SDKs\Windows\v6.0A\ Bootstrapper\Engine\setup.bin]
Trojan Program:
Backdoor.Win32. VB. ffxActions Available:
(Delete - recommended)
(Block)This maybe a false alarm from Kaspersky and shall be reported to Kaspersky
The other possibility is that Microsoft uses a file which may have a Trojan!waiting for Microsoft support ...
Dr.X.vb - 0I am getting the same thing with F-secure internet security 2008, for both files. Could there really be a virus?
- 0The same problem,waiting for Microsoft's support....
- 0Same here, F-secure simply reported it deleted the file (C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin), it didn't even offer *not* to delete it
- Edited byYoco Thursday, August 14, 2008 8:06 AMadded file name
- 0I'm having the same issue with "Avast!" C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin Avast says that it's a Trojan-gen
- 0Antoniz said:
I'm having the same issue with "Avast!" C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin Avast says that it's a Trojan-gen
I created a new bug in MS Connect https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=361896 - 0Same problem here with Kaspersky.. Detected as a Trojan/Backdoor.
- 0I'd be very surprised if we don't get some sort of response from MS today, this can be perceived as a VERY serious issue.
Many thanks....
- 0Any news on zonealarm? (nothing in that doc)... thanks.
- 0Ok thanks indeed since I had updated Avast! no virus is detected if I scan setup.bin
Thanks.
- Edited byAntoniz Friday, August 15, 2008 7:55 PMMy english is not correct :p
- 0MSDNAlexS:
We're following up with ZoneAlarm and we'd like to confirm that you're getting the same hit reported by the others, namely that it's reporting a virus on the "setup.bin" file. If you could confirm that, along with which version of the product you're using (we would normally assume that it's the AV product, but to be safe we want to confirm with you).
Thanks!
-Jeremy Kelley
Jeremy Kelley - 0A quick follow-up. We've been in contact with ZoneAlarm and their Anti-Virus software should be all set. If you have a problem with ZoneAlarm Anti-spyware, please let us know, we haven't received any word that there is a problem with the Anti-spyware software, but we are being proactive to nail down any related issues.
-Jeremy
Jeremy Kelley - 0I'm using MSDN Visual Studio Pro, came apparent when upgrading to SP1 (I have since totally removed all VS components, and now running VS2008 Pro without SP).
Anyway in ZA 7.0.483.000 logs are:
AV/treatment,2008/08/14,01:07:04 +1:00 GMT,Backdoor.Win32.VB.ffx,C:\WINDOWS\Installer\$PatchCache$\Managed\4E1DAD7D4F54B2B398A9AE271876CEF4\9.0.30729\FL_setup_bin_96384_96384_cn_ln.3643236F_FC70_11D3_A536_0090278A1BB8,File Repair Failed,Auto
AND
AV/treatment,2008/08/14,00:30:14 +1:00 GMT,Backdoor.Win32.VB.ffx,C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bootstrapper\Engine\setup.bin,File Repair Failed,Auto
Many thanks!
- 0Thanks Jeremy
I'm running antivirus engine version 3, DAT file version 957330476 right now, not sure if this is the fix or not (update is the latest).
Please confirm, or otherwise I shall just assume when this next version increments that will be the fix and I'll go ahead with the upgrade.
Off to bed now (midnight in the UK), I'll see if I can handle this over the weekend.
Cheers!
Alex
- 0ZA incremented to 957364652, I installed SP 1.... No problems.... THANKYOU!
Alex - 0Ok, So I got it installed, but now when I go to register it I get security violations and pop-up blocked.
when i allow popups IE shows blank window with spinner in the tab.
what fun this has been.
I have problems with all secure sites.- Edited bydbasnett Wednesday, August 20, 2008 2:39 PMA reason is required between 4 and 255 characters.
- 0downloaded, installed firefox. was able to register.
also, checked my other secure site problems, and so far they are all better.
i guess i am moving to firefox.
