1 Topic by Claudio2020

  • Claudio2020
  • New member
  • Offline
  • Registered: 2021-01-03
  • Posts: 2

Topic: Virus alert by BitDefender.

Hello, today I downloaded gparted-live-1.1.0-8-i686.iso and ran BitDefender on it just out of curiosity. I got an alert:
Gen:Trojan.Heur2.GZ.@pX@ba9RSym
Since MalwareBytes didn't detect anything I assume it's a false positive but I wanted you to know anyway.
Thanks.
Claudio.

2 Reply by Claudio2020

  • Claudio2020
  • New member
  • Offline
  • Registered: 2021-01-03
  • Posts: 2

Re: Virus alert by BitDefender.

Hello again.
I would welcome an assurance that the file gparted-live-1.1.0-8-i686.iso is clean because I submitted it to virustotal.com and 8 AV products are saying it's trojanized.
Thanks.
Claudio.

3 Reply by class413

  • class413
  • Moderator
  • Offline
  • Registered: 2007-05-25
  • Posts: 2,376

Re: Virus alert by BitDefender.

GParted doesn't include any malware. You can download the GParted iso files from the official GParted web site (download page) and verify the checksum values. So, you can be sure that the file is safe. Correct values are given in the download page.
We can't know what happens with files provided by third party sites all over the web.

*** It is highly recommended to backup any important files before doing resize/move operations. ***

4 Reply by mfleetwo

  • mfleetwo
  • Developer
  • Offline
  • Registered: 2012-05-18
  • Posts: 477

Re: Virus alert by BitDefender.

Was also independently reported as:
* GitLab issue #128 GParted Live USB ISO flagged as Trojan with Windows Defender (closed)

5 Reply by cj (edited by cj 2021-01-05 12:41:52)

  • cj
  • New member
  • Offline
  • Registered: 2021-01-05
  • Posts: 2

Re: Virus alert by BitDefender.

Virus alert as well with Gdata anti virus program:

  in   live\vmlinuz  generated from gparted-live-1.1.0-8-i686.iso (from GParted website)

Virus: Gen:Trojan.Heur2GZ.@pX@ba9RSym

Best regards
and a happy New Year
Carl

6 Reply by mfleetwo

  • mfleetwo
  • Developer
  • Offline
  • Registered: 2012-05-18
  • Posts: 477

Re: Virus alert by BitDefender.

That is a false positive report by GData.


The antivirus software solutions which are (were) falsly detecting the 32-bit (i686) ISO as being infected can (could) be seen here virustotal.com gparted-live-1.1.0-8-i686.iso
* ALYac                 (!) Gen:Trojan.Heur2.GZ.@pX@ba9RSym
* Arcabit               (!) Trojan.Heur2.GZ.EF8C6F
* BitDefender           (!) Gen:Trojan.Heur2.GZ.@pX@ba9RSym
* BitDefenderTheta      (!) AI:Packer.DF8058F61F
* FireEye               (!) Gen:Trojan.Heur2.GZ.@pX@ba9RSym
* GData                 (!) Gen:Trojan.Heur2.GZ.@pX@ba9RSym
* MAX                   (!) Malware (ai Score=82)
* Sangfor Engine Zero   (!) Malware
50 other malware solutions report GParted 32-bit ISO as clean.


The 64-bit (amd64) ISO is detected as clean by all malware solutions virustotal.com gparted-live-1.1.0-8-amd64.iso


I have submitted file live/vmlinuz as a false positive report to these antivirus provides:
* BitDefender
* GData
Haven't found a way to report this to other antivirus vendors.

7 Reply by cj

  • cj
  • New member
  • Offline
  • Registered: 2021-01-05
  • Posts: 2

Re: Virus alert by BitDefender.

That is a sophisticated and very helpful reply. Exemplary!

Many thanks
Carl

8 Reply by mfleetwo

  • mfleetwo
  • Developer
  • Offline
  • Registered: 2012-05-18
  • Posts: 477

Re: Virus alert by BitDefender.

I see that 7 of those previous 8 false positives now report the GParted 32-bit (i686) ISO as being clean.  virustotal.com gparted-live-1.1.0-8-i686.iso

The only false positive report remaining is:
* BitDefenderTheta      (!) AI:Packer.DF8058F61F

BitDefender Theta is reportedly a 100% Machine Learning system so I guess that we just have to wait for it to learn itself that the GParted ISO is not infected with malware!