Jump to content

Old WYSIWYG Web-Editor Kompozer program - Malware.Heuristic.1001?

fredonmac

By fredonmac
in File Detections

 Share

Recommended Posts

fredonmac

fredonmac

Posted
Posted

WYSIWYG Web-Editor Kompozer is an old program and don't run as App on new only 64 bit Macs in Mac version, it's only a 32 bit program.

So I installed them as Windows App with Crossover. Before I test the downloaded files on VirusTotal

For the kompozer-0.8b3.de.win32.zip ver  I get this warning Jiangmi  Trojan.Generic.gesgj

So I installed the kompozer-0.8b3.de.win32.exe version (no warning in VirusTotal) in Crossover. After installing zipped the installed KompoZer 'windows' directory and test them with VirusTotal.

Now I get this warnings:

Jiangmin  Trojan.Generic.gesgj

Malwarebytes Malware.Heuristic.1001

How I could upload this zipped file for test to you?

PS: The Linux version kompozer-0.8b3.de.gcc4.2-i686.tar.gz   get this warning  Bkav Pro VEX14F4.Webshell

My Mac: M1 Mac Mini, Monterey 12.5.1

Nice greetings

Fred

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
3 minutes ago, fredonmac said:

but I think VirusTotal use them!

The engine format and configuration in VirusTotal is different than the consumer and corporate products’ default configuration. In VirusTotal Malwarebytes uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

Link to post
Share on other sites
fredonmac

fredonmac

Posted
  • Author
Posted

Crossover (wine engine) are runable on different OS, as MacOS, Linux, ChromeOS

A Windows virus running by Crossover (with wine engine) have access to the user files of the host system (MacOS, Linux, ChromeOS). But have no access not to the host OS self.

I think an ransomware encryption virus running on wine could encrypt all user files.

https://www.codeweavers.com/crossover

Link to post
Share on other sites
fredonmac

fredonmac

Posted
  • Author
Posted
43 minutes ago, Porthos said:

https://www.codeweavers.com/support/forums/general/?t=27;forumcurPos=900;msg=45900

I am aware, this discussion is now somewhat 'academic' - an 'Evil windows.exe' could very well 'edit' the user directory mapped via drive letter in. In my case mapped via drive letter 'Y'.

I run only some windows programs that could not compromised via internet. But I test this installable binaries carefully before I install them in Crossover.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.