Espaņol     English

 Main Page      News      Downloads      Documents      Forums    

Severe problems with the beta version ZinjaI-test-w32-20141118.exe

Yesterday (21/11/2014) I realized that the trial version of ZinjaI I published two days earlier (19/11/2014) could contain a virus on its installer for Windows. Hence I removed the file immediately, and now I am quite ashamed publishing this notice to alert the few users who reached downloading it.

I analyzed the installation with Microsoft Security Essentials, and it seems that it would be a virus called win32.parite.B. I see that it is a virus known for some time, so any antivirus should have detected. But maybe not all users use an antivirus (I did not). With the same antivirus I found that it can be removed without problems, and that apparently it does not easily replicates to other programs, as I fully analyzed a PC with Windows I use to test ZinjaI before publishing, and for various other things and I did not found infected files that not directly related to this ZinjaI installation. I have not found system files or other applications that also use frequently on that PC infected.

I found no symptoms of the infection (ie, I do not perceive what the effect of the virus is). Several times I have seen certain antivirus false positives in ZinjaI's components, but this time I think it's real. I do not have yet any hypothesis of how this could have leaked to the installer, as I compile and pack ZinjaI for Windows from a GNU/Linux system, in theory bypassing any real Windows (could a program been infected on the Windows emulator?). I will investigate the matter to determine the causes and publish more conclusive details.

For now, I recommen deleting and reinstalling an earlier version instead, and performing a full scan with an updated antivirus (as the I mentioned earlier). I confirmed that none of the ZinjaI's (or PSeInt's) previous versions have this problem.


Update (12/03/2014):

I verified that none of the complements published on the site is infected (analyzing them with the same antivirus that detected the problem in the first place) and rebuld all ZinjaI's binaries from scratch (both MinGW and libraries, which were downloaded and compiled again respectively). Now when I compile or pack something related to ZinjaI/PSeInt I make sure to use a root C drive for the Windows emulator on Linux different from the one I use for any other emulation. Also, before uploading files to Windows I analyze them with Microsoft Security Essentials on a virtual machine that contains nothing but the antivirus and ZinjaI files. With these precautions, I published a new test version for Windows.

Apparently the virus infected the virtual C drive used by my emulator (wine), surely cased by emulating some (external to ZinjaI) infected program. I recently changed my notebook and it seems that the virus jumped when passing data from the old notebook (I checked it was clean of viruses) to the new one (perhaps I connected the external hardrive/penstick I use to copy things to another PC with Windows). Luckily I have not heard from users that have been affected by the problem.