theWord
https://forum.theword.net/

Anti-Virus programs false alarms
https://forum.theword.net/viewtopic.php?f=8&t=6673
Page 1 of 2

Author:  csterg [ Mon Aug 24, 2015 4:59 pm ]
Post subject:  Anti-Virus programs false alarms

Hi All,
it is no unusual for Anti-Virus programs to report false alarms on theWord Bible software or accompanying modules installers. Unfortunately there is no easy way to avoid such false alarms. It seems that the safest bet for those cases is to manually whitelist with the AV vendors the software itself.

If you are a regular user and you come up with a AV threat, please post here the details of the warning (AV vendor, product, version and info on false positive) so someone can go through the process of contacting the AV vendor and manually white-listing the software. This is a very sad situation, especially in light of the effort that has been made to make theWord available for free to everyone. I hope that the community can help eliminate such cases.

Here is a useful link to check any .exe file for possible virus with several different AV programs: https://www.virustotal.com/
Thank you
Costas

Author:  mrbulow [ Thu Aug 27, 2015 11:31 pm ]
Post subject:  Re: Anti-Virus programs false alarms

I had problems downloading due to virus false-alarms. My workaround was to use a web service a called Save Web Files, and save theWord directly to Dropbox. That got it past the anti-virus and I was able to install.

Author:  Angela711 [ Thu Oct 01, 2015 5:55 am ]
Post subject:  Re: Anti-Virus programs false alarms

I use Norton Security and this is what it says for me.

Filename: tw3main.exe
Threat name: SONAR.Heuristic.132Full Path: Not Available
SONAR Protection monitors for suspicious program activity on your computer.
tw3main.exe Threat name: SONAR.Heuristic.132
Locate

Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

High
This file risk is high

File: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe No Action Required
File: c:\program files (x86)\The Word\ english.lng Threat Removed
Directory: c:\users\angela\appdata\local\temp\ nsi3b00.tmp Threat Removed
____________________________

System Settings Actions

Event: Process start (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: PE file creation: c:\users\angela\appdata\local\temp\nsi3b00.tmp\ system.dll (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
Event: Process start: c:\users\angela\appdata\local\temp\se_289867361\ tw3main.exe, PID:5652 (Performed by c:\users\angela\appdata\local\temp\se_289867361\tw3main.exe, PID:5652) No action taken
____________________________


File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

I am able to bypass security, but not sure if it is safe to.
Thank you.
Angela

Author:  csterg [ Thu Oct 01, 2015 8:59 am ]
Post subject:  Re: Anti-Virus programs false alarms

Thanks Angela.

Author:  davidcoxmex [ Thu Dec 10, 2015 6:00 pm ]
Post subject:  Re: Anti-Virus programs false alarms

PARA HABLADORES DEL ESPAÑOL

Esta entrada es sobre alertas falsas cuando tratas de instalar theWord en tu computadora. A veces esto pasa. No hay forma fácil para resolver esto. Lo más "fácil" es que tu programa de antivirus poner el software theWord en una lista blanca de programas sin virus.

Si tienes un aviso, por favor pon los datos del asunto aquí y Costas y yo vamos a investigarlo para ver si podemos ponerlo en una lista blanca.

También se puede analizar cualquier archivo "exe" usando el sitio https://www.virustotal.com/.

Solución 1:

Usa un servicio web que se llama Save Web Files, y descargar directamente a Dropbox. Desde allí instala el programa.

Solución 2:

Se puede apagar tu antivirus y instalar el programa después, y luego rebootear. Este tiene el riesgo de que si el exe ha sido infectado, vas a infectar tu computador.

Anota que el procedimiento correcto será
1) Entra en el ordenador de tareas (Control-Alt-Del), y parar el programa de antivirus que tienes.
2) descargar theword desde el sitio oficial theword.net. Anota donde lo descargaste.
3) Antes de correr el programa que descargaste, rebootea el sistema para que el antivirus ya está trabajando.
4) Ahora abre el antivirus y analiza el archivo de descarga. Si no encuentra virus, bien. Si encuentra virus, o dice que es virus, de nuevo tienes que ver si quieres presumir que es un alerto falso negativo, o si está bien el archivo.
5) instala theWord.

Observación: Yo uso theWord en forma compacta, esto es, instalado en tal forma que el sistema operativo no sabe que existe. No hay entradas en el registro, no hay nada que Windows va a saber que aun existe. Este se llama instalación a USB, y se puede usar así. Entonces si vas a un cafe internet y descargas el programa a un USB, se puede usarlo así. Trae tal USB a tu computadora y escanea con el antivirus. Si pasa bien, copia la carpeta entera a tu disco duro y va desde allí. La desventaja es que como no está registrado con tu sistema operativa, el clic en un archivo de theWord no va a instalar el módulo a la carpeta correcta ni va a poder abrir theWord así.

Author:  LeeJames [ Mon Jan 01, 2018 1:49 pm ]
Post subject:  Re: Anti-Virus programs false alarms

I really would like to upgrade to version 5 but I simply cannot do that when the software is reported as containing malware by several different scanners.

For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).

My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.

Author:  JG [ Mon Jan 01, 2018 5:12 pm ]
Post subject:  Re: Anti-Virus programs false alarms

I have alerted Costas to this potential issue.

You could always just update to the latest beta file if that shows clean.

Author:  csterg [ Mon Jan 01, 2018 8:17 pm ]
Post subject:  Re: Anti-Virus programs false alarms

Lee wrote:
I really would like to upgrade to version 5 but I simply cannot do that when the software is reported as containing malware by several different scanners.

For now I'll have to stick with version 4, which comes up clean on all the virus scans (except one).

My suggestion to Costas would be to please revert the program back to however it used to work in version 4, before it started showing as containing malware.

I will have to disagree: check it out here: https://www.virustotal.com
It comes clean from every AV
Costas

Author:  LeeJames [ Mon Jan 01, 2018 10:52 pm ]
Post subject:  Re: Anti-Virus programs false alarms

csterg wrote:
I will have to disagree: check it out here: https://www.virustotal.com
It comes clean from every AV
Costas

That's strange, when I scan it, it shows as malware with four different scanners, here's a screen grab:
https://imgsafe.org/image/a9f49734a1

I got the installer file from the main download page (http://www.theword.net/index.php?article.download), choosing the link under "Upgrade from a previous version" (I don't want to lose my settings.)

I'd also like to point out that the downloader page doesn't say anything about which version number it is that you're downloading. If anyone goes to that page to see if there's a new version, they won't know.

Author:  csterg [ Mon Jan 01, 2018 11:10 pm ]
Post subject:  Re: Anti-Virus programs false alarms

I re-checked, I get the same results.
I checked the binary files on the sites, they are correct, nothing has been tampered.

Here are your options:
1. Trust the file and run it
2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)
3. Don't upgrade

I have no idea whatsoever how to make every AV happy out there. Actually I can't, there is no way to do this. These AV have bugs and report false positives, so it's just a question of trust. This is the new era of the Internet, sorry

Costas

Author:  LeeJames [ Tue Jan 02, 2018 2:22 am ]
Post subject:  Re: Anti-Virus programs false alarms

csterg wrote:
2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)

Thank you Costas, that worked perfectly! :) It's not that I don't trust you personally, I just have to be really careful about malware, because I am doing important work for the Lord and would not want to risk losing what I'm working on because it's so important.

But I am sincerely very grateful to you. In fact I have just made a thread of gratitude here:
viewtopic.php?f=3&t=7432

Author:  csterg [ Tue Jan 02, 2018 11:11 am ]
Post subject:  Re: Anti-Virus programs false alarms

Lee wrote:
csterg wrote:
2. Get an archive from http://www.theword.net/files/beta and just overwrite your theword.exe (it works)

Thank you Costas, that worked perfectly! :) It's not that I don't trust you personally, I just have to be really careful about malware, because I am doing important work for the Lord and would not want to risk losing what I'm working on because it's so important.

But I am sincerely very grateful to you. In fact I have just made a thread of gratitude here:
viewtopic.php?f=3&t=7432

Lee, i totally understand. Trust me, even if i trust me .exe files, I always have the fear that maybe the hostinsg provider gets hacked and someone injects a virus on the .exe files there...

Author:  JG [ Tue Jan 02, 2018 11:29 am ]
Post subject:  Re: Anti-Virus programs false alarms

Costas, would it help to put a MD5 hash so that ones would know the file is as you intended.

Author:  csterg [ Tue Jan 02, 2018 12:50 pm ]
Post subject:  Re: Anti-Virus programs false alarms

JG wrote:
Costas, would it help to put a MD5 hash so that ones would know the file is as you intended.

Yes and no.
First, I believe that 99% of the users that download theWord don't know what an hash is. I only see hashes in downloads of developer-specific resources.
Second, the main packages of theWord that you download are generated dynamically (the installers), so the hashes are not easy to display.
Costas

Author:  FollowsTheWay146 [ Fri Jun 05, 2020 1:08 am ]
Post subject:  Re: Anti-Virus programs false alarms

At the time of this post, VirusTotal.com is showing "2 engines detected this file".

[File checked: theword-setup-en.exe (downloaded onto a Win 8.1 computer, filesize=50.2MB)].

1. Cybereason: Malicious.d98a9e

2. Zillya: Adware.Fiseria.Win32.4973

----------------
This came up because I had recommended theWord to a friend and she downloaded it to a Windows 10 computer and Microsoft told her that this install would "harm your device," so she stopped the installation and pinged me about it. I downloaded it myself and ran it through VirusTotal to check it, and thus the findings above. I thought I would post in case anyone else ran VirusTotal.

I am awaiting her response to, "what was the exact error message from Microsoft" before I asked for Forum help about her installation-on-Windows-10 issue, but if anyone reads this and knows the answer, please let me know. Thank you. Basically, is it safe to install on Windows 10 despite Microsoft's warning? It being just Microsoft being Microsoft? Perhaps they want to hinder the word of God?

EDIT: my friend ended up just installing theWord on the Win10 machine ignoring all the warnings. She said there were a LOT of warnings along way. Just an FYI.

Page 1 of 2 All times are UTC + 2 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/