Hi,
I've downloaded synthesia 10.4.
Apparently both the install EXE and the zipped version include a malware "W32.Agent.lmAK".
I found it using the online virus scan site: https://www.virustotal.com
Could you please check it up. I really don't want to install it until it is clean.
Thanks, Isak.
Malware in installation files
No explicit, hateful, or hurtful language. Nothing illegal.
Where?
[0 / 66] VirusTotal report for the 10.4 installer
[0 / 66] VirusTotal report for the 10.4 zip
Both of those are by pointing VirusTotal at the URL directly. Are you sure you don't have something on your machine that is infecting new files as you download them?
[0 / 66] VirusTotal report for the 10.4 installer
[0 / 66] VirusTotal report for the 10.4 zip
Both of those are by pointing VirusTotal at the URL directly. Are you sure you don't have something on your machine that is infecting new files as you download them?
By comparison, here are the scan results of the first third-party (ccm.net) download I found when Googling Synthesia download:
https://www.virustotal.com/#/url/7eb5a4 ... /detection
Make a habit of only downloading software from the official source (ie. in Synthesia's case, this web site).
https://www.virustotal.com/#/url/7eb5a4 ... /detection
Make a habit of only downloading software from the official source (ie. in Synthesia's case, this web site).
Hi,
Thank you for your reply.
I did download from the same location as you did.
In fact I even get the same HASH256 for the zip file.
I've noticed that when you do URL scan, it does different virus checks.
When I uploaded the zip file, if used the "aegislab" engine which found the malware. This engine is not used for the URL.
Could you please run the test on the uploaded file itself.
btw: virus total doesn't find a problem on the install EXE directly. only after installing, and scanning the synthesia.exe file, it find the malware. On the ZIP file, it finds directly.
I'm not sure if it'll work for you, but here is my url for the tets results:
https://www.virustotal.com/#/file/5d806 ... /detection
Thanks, Isak.
Thank you for your reply.
I did download from the same location as you did.
In fact I even get the same HASH256 for the zip file.
I've noticed that when you do URL scan, it does different virus checks.
When I uploaded the zip file, if used the "aegislab" engine which found the malware. This engine is not used for the URL.
Could you please run the test on the uploaded file itself.
btw: virus total doesn't find a problem on the install EXE directly. only after installing, and scanning the synthesia.exe file, it find the malware. On the ZIP file, it finds directly.
I'm not sure if it'll work for you, but here is my url for the tets results:
https://www.virustotal.com/#/file/5d806 ... /detection
Thanks, Isak.
Yeah, in general the easiest thing you can do to be sure is right-click on a downloaded file, go to properties, and look at the Digital Signatures tab. Anything we release will be signed by "Synthesia LLC". The presence of that valid signature guarantees it at least hasn't been tampered with since it left our servers.
Otherwise I just submitted a false positive report to AegisLab. (F-Secure complained about the 10.4 Android release -- for a completely different detection -- but updated it to "clean" as soon as I asked them why.) We'll see if AegisLab does the same.
Otherwise I just submitted a false positive report to AegisLab. (F-Secure complained about the 10.4 Android release -- for a completely different detection -- but updated it to "clean" as soon as I asked them why.) We'll see if AegisLab does the same.