Hi, I downloaded this file:

http://worldwind.arc.nasa.gov/cache/13-machu_picchu.exe

And AVG (www.grisoft.com) Program version 7.0.300, Virus base 266.5.0, Release Date 25/02/2005

Found this: Trojan Horse BackDoor Iroffer.3.AR inside.

There's no info available from Grisoft on it at the moment, but I thought you might like to know anyway.

I too had a trojan reported in two on the worldwind cache files. One was the alps I believe, and I can't remember what the other was.

Both were downloaded from NASA directly in the days when worldwind was first released and the servers were taking massive hits. I haven't touched them since.

The trojan reported was some version of backdoor - sorry I can't remember exactly what. AVG found it but I've deleted the files so I can't be more specific.

It's probably a false alarm engendered by an AVG update - at least I'm hoping it is. I don't use the machine much and it is behind a NAT router and firewalled.

regards

m

Hello.

Another user reported a problem similar to yours, and he too was using AVG.

After discussion, it appears this is a problem with the AVG scanning engine.

Could you please confirm this by scanning all files with another virus scanner - you will see that it comes up with no results.

All files which are linked to or mentioned on worldwind.arc.nasa.gov are virus free as far as we are aware. There have been thousands of downloads and only these few reports, and all are from AVG.

Please be reassured that all official sources stand minimal chance of becoming infected with viruses.

Lastly, please only download files from locations listed either in pinned topics on the forums or from worldwind.arc.nasa.gov/download.html as these are certified to match md5 and sha1 checksums.

If you download from other places on the internet, much like with any other download, I cannot verify the contents of what you are downloading.

If anyone wishes for an official response from NASA on this topic, let me know, or wait for jessi to pop along.

Disclaimer: While Twobeds.com takes every precaution to guard against virus insertion it is by no means impossible, therefore the execution of all files obtained from Twobeds.com is entirely at the users' risk. I am not a NASA spokespearson so please, if you would like to raise an issue with them, contact one of the forums administrators with the NASA logo as their avatar. These are jessi, Patrick Hogan, Randy Kim and cmaxwell.

Hi Bruce -- and the other forum poster who's reported detecting a virus in a World Wind add-on datapack,

Thanks for the reports about AVG! We don't believe there's a trojan horse in any of the add-on datapacks we've released, but I'll contact Grisoft and ask if we can double-check the trojan signature with them.

The virus protection software standard at NASA Ames Research Center is Symantec AntiVirus Corporate Edition, and everything we distribute on Nasa.gov pages or approved alternate download sites are scanned with Symantec. (We list only approved mirror download sites on Worldwind.arc.nasa.gov, and urge caution when downloading from other sources.) I do encourage people to scan all files they download with their antivirus software before using them. If your software raises an alert, please contact NASA staff so we can investigate.

We stopped offering the add-on datapacks on our site on February 22 due to very high traffic, and the Twobeds.com/Vidahost mirror stopped offering them a few days ago because of bandwidth constraints. We do understand that people are downloading the datapacks from a variety of other sites which may be untrustworthy. We would like to offer them again, if anyone is interested in helping with that effort please join us on IRC or contact the forum admin and moderation teams.

Jessi

Originally posted by Bruce@Feb 26 2005, 06:31 PM
Hi, I downloaded this file:

http://worldwind.arc.nasa.gov/cache/13-machu_picchu.exe

And AVG (www.grisoft.com) Program version 7.0.300, Virus base 266.5.0, Release Date 25/02/2005

Found this: Trojan Horse BackDoor Iroffer.3.AR inside.

There's no info available from Grisoft on it at the moment, but I thought you might like to know anyway.
Quoted post