Thread: Trojan in Calibre portable 4.91?
View Single Post
Old 01-27-2020, 11:49 AM   #31
BetterRed
null operator (he/him)
BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.BetterRed ought to be getting tired of karma fortunes by now.
 
Posts: 21,800
Karma: 30237628
Join Date: Mar 2012
Location: Sydney Australia
Device: none
Quote:
Originally Posted by stumped View Post
I would ( still) like to see a reasoned explanation of why 16 different engines find something suspicious once the program has installed.
My reading of that issue is that the detection occurred when calibre portable 4.9.1 was installed over the top of an existing install (XXXX). When it was installed into an empty directory (YYYY) it was OK, but when the install from YYYY was copied over the previous version in XXXX, Bitdefender and VT found malware.

That suggests to me there is something in that XXXX directory that shouldn't be there. Maybe the old exe got infected on that computer after it was installed with a payload that's smart enough to attach itself to the replacement. I would have moved the library to YYYY and nuked XXXX

BR
Last edited by BetterRed; 01-27-2020 at 12:04 PM. Reason: clarity
BetterRed is offline   Reply With Quote