Silk Road forums
Discussion => Security => Topic started by: LowWaterGate on January 28, 2012, 09:37 am
-
I just installed Prevx v3.0.5.220 and its initial malware scan ID'd a dozen worms, all in the 2 address folders named: "tor browser v.2.2.35-4" & "tor browser v.2.2.35-3" .
They were executables as follows:
testopen.exe
testserve.exe
testfile.exe
testpipe.exe
certutil.exe
readntim.exe
The 6 were duplicated in each folder for a total of twelve. I'm 99% certain that they are false positives. I'd love to hear from a tor mod/expert re any wormesque problems they've seen attributable to the aforementioned files.
Thanks for reading.
LowWater
-
If you have downloaded it from the Tor website you're probably good.
Double check:
http://www.wilderssecurity.com/showthread.php?t=268723
-
randomOVDB#2,
Thanks for taking the time to think about my dilemma. I read your Wilder's thread and sent my Prevx log off to report@prevxresearch.com (just in case). Having downloaded the browser from https://www.torproject.org/ I'm not too worried but I'm a security freak. Anyway . . .
Take Care,
LowWater
-
I just installed Prevx v3.0.5.220 and its initial malware scan ID'd a dozen worms, all in the 2 address folders named: "tor browser v.2.2.35-4" & "tor browser v.2.2.35-3" .
There have been issues with Prevx in the past (not only does it flag Tor as malware, it can also cause your computer to reboot whenever you try to start Tor), and I recommend that you switch to something else. I would also recommend that you start verifying the GnuPG signature of the TBB that you download from the Tor Project website, just to make sure that you're getting the real version of the software.
-
Could someone please upload the signed hash of the latest Tor Browser Bundle for Linux?
-
supersecretsquirrel,
Thanks for your reply. I sent a similar email to Prevx' Tech Support. We'll see. Oh, what does TBB stand for?
Take Care,
LowWater
-
Oh, what does TBB stand for?
Tor Browser Bundle
-
Could someone please upload the signed hash of the latest Tor Browser Bundle for Linux?
I recommend that you get the signature (.asc file) directly from the Tor Project website and verify it yourself. Don't trust anyone on SR to do it for you.
-
supersecretsquirrel,
Thanks for the reply. Unfortunately, you just transcended my understanding of software security. would asc be the ascii file? Prevx though they were false positives (after a million uninstall/install/delete/reinstalls and given that I downloaded my "TBB" directly from the Tor site, I simple tagged those six offending files as false positives.
Again, please point me toward the .asc file and one more question. Do I just look for those six files on an *.asc list somewhere? Excuse my naivete.
Take Care,
LowWater
-
Thanks for the reply. Unfortunately, you just transcended my understanding of software security. would asc be the ascii file? Prevx though they were false positives (after a million uninstall/install/delete/reinstalls and given that I downloaded my "TBB" directly from the Tor site, I simple tagged those six offending files as false positives.
Again, please point me toward the .asc file and one more question. Do I just look for those six files on an *.asc list somewhere? Excuse my naivete.
Here's what you need to do: go to the Tor Project website and download the latest Tor Browser Bundle for whatever operating system you are running. Make sure you also download the signature file (the one with a filename ending in .asc). You can then use both files (the executable plus the signature) to verify that no one has tampered with the package you just downloaded.
Once that's done, go ahead and extract the archive and run Tor as normal. If Privex is still bitching about malware, turn it off or simply uninstall and install something better.
-
Supersecretsquirrel, thanks.
You gave me the same advice as Tor's tech support. To make a long story short they were false positives and I whitelisted them so that Prevx doesn't bitch every fifteen minutes. Considering I run Eset NOD32 and Malwarebytes and have been for years, I was a bit surprised that only Prevx was sensitive enough to find a simple worm.
Again, thanks for all your help. From my still uninfected computer -
Take Care,
LowWater