psychopy.org | Reference | Downloads | Github

Possible virus/trojan in exe file on main download page?


#1

Firstly, thank you for you all to provide this awesome package!
ESET(Nod32) Anti-Virus Software Warned me that, there is a “Generik.KEBQQTO” trojan in “StandalonePsychoPy-1.85.2-win32.exe”, after I downloaded it via this main download link: http://psychopy.org/installation.html
Maybe it was just a false alarm. However, it’s OK after I downloaded the newer standalone exe file on your github page(“StandalonePsychoPy-1.85.3b-win32.exe”): ESET(Nod32) did not warn me anything, and installation is OK.
So… maybe some computer was unfortuned…?


#2

Hmm. I scan my own dev machine constantly and nobody else has access to it, and I’m sure github works hard to keep files secure once uploaded. Nobody else has reported an issue (the file was downloaded 11216 times). So I’m confident the file itself was safe.

The two possibilities that come to mind are that:

  1. The file has become infected after arriving on your machine. Have you done a full scan of your computer?
  2. You were somehow the victim of a man-in-the-middle attack, whereby someone pretends to be giving you the file that you were expecting but actually supplies one that has been altered (had a trojan installed on its way to you).
  3. Maybe a false alarm from your antivirus.

Number 2. seems unlikely in the extreme, but it might be technically possible because the docs site is an http site. We might need to forward users to the github site rather than pass the file back from it to make this impossible, but I’ll need to check with an expert that my intuitions are correct on whether/what the potential threat is first.

What’s interesting is that I’ve had a separate report from an individual where it looks to me like a virus had been caught trying to alter a file within PsychoPy. She was worried that this was PsychoPy containing a virus but the screenshots she sent suggest that the psychopy file was the target of the virus not the cause.

Worrying to see two reports of activity in this domain though (having never had any such reports in the last 15 years!)


#3

Hello!
I experienced the same with ESET Nod32 as I tried to download the standalone package from the psychopy.org website, but I was able to download it from github.


#4

Hi,

I have encountered the same problem. But, for my case, ESET internet security 10.1 reported both psychopy.org and github version of StandalonePsychoPy-1.85.2-win32.exe as a malware.

The problem seems limited to 1.85.2. I could get 1.85.1 and 1.85.3b without any trouble.


#5

I’m pretty sure that ESET is generating a false alarm here.

I’ve tried to search for Generik.KEBQQTO and all I get is this page, so it doesn’t sound like a real known trojan. Is it always reporting this same name?

If anyone has further information, in particular whether there’s a specific file that is being identified as the problem, then it would be appreciated.

For now, I am taking down the pass-through link from psychopy.org just in case that was a problem. Users will now need to download directly from the github site


#6

Hello,

I asked ESET (CANON-ITS as Japanese representative) to check the version 1.85.2 standalone installer.
They reported that the malware detection was a false alarm and now provides a corrected virus database.

I confirmed that now I can get the file without any alarm with the latest database.


NSIS error during installation