General :
K-Meleon Web Browser Forum
This is what I just got doing a complete scan of a fresh install of K-Meleon. It's done this before and I posted it at that time, but can't find it now. If I remember correctly, it doesn't have any effect on anything. I'm on said computer right now, but not under that username. Will log off my name and sign in under Jerrod. See what happened. Using Avira AV.
C:\Documents and Settings\Jerrod\Local Settings\Application Data\K-Meleon\zpxd1mjo.default\Cache\3A15337Dd01
[0] Archive type: ZIP
--> KGN.exe
[DETECTION] Is the TR/Meredrop.A.1112 Trojan
[NOTE] The file was deleted!
Edit:
Logged in as Jerrod now. No ill effect, it appears. Probably should've posted this under bugs, huh?
Posted in the Avira forum also.
Edited 2 time(s). Last edit at 05/11/2009 05:44PM by cork1958.
Maybe, maybe not.
Sorry but this is plain nonsense.
A fresh install of K-Meleon will always result an emty cache!
You have for sure downloaded a zipped file containing the KGN.exe which your AV is flagging as malware. My vague guess, it was a keygen. It was flagged as malware either because it really is malignant or because it was compressed with an exotic runtime packer your AV can't unpack.
Instead of blaming K-Meleon unfounded you should take care what files you are downloading
Since the file was deleted by your AV it can't harm you anyway.
Edited 1 time(s). Last edit at 05/11/2009 06:37PM by Yogi.
Absolut
!
Edited 1 time(s). Last edit at 05/11/2009 08:00PM by guenter.
Sorry, was NOT blaming K-Meleon for anything. Simply stating the facts that immediately after installing K-Meleon, I had things to do, so I set Avira to do a complete scan, and that is it what it found.
Got the K-Meleon file straight from here, http://kmeleon.sourceforge.net/download.php, so don't try and tell me I was downloading some illicit file.
Just about the same half a**ed reply I got last time I posted this. Instead of trying to accuse me of downloading some messed up file, you last 2 posters should try to do this yourself and see what happens.
I'm on a machine today that I'm about to update K-Meleon on. Will do the same scan again and see what happens. Just uninstalled and installed K-Meleon and Adblockplus. Scanning now.
Then again, maybe it's the adblockplus file I downloaded, although I got that from here, http://adblockplus.org/en/kmeleon, so, should be safe, huh?
Hmm? Scan found nothing.
Don't even have that file, C:\Documents and Settings\Cork\Local Settings\Application Data\K-Meleon, on this computer?
Oh well. No harm, no foul!!
Edited 7 time(s). Last edit at 05/12/2009 12:20PM by cork1958.
I have used K-Meleon for years and never had a problem with downloading/installing a new version. This time ( K-Meleon 1.5.3 ) something different happened. After my installation, I was modifying my Custom Files and Folders in CCleaner to erase the new 1.5.3 files ( Cache\*,* ) when Avira notified me that Cache 001 was infected with malware. I clicked on 'Ignore' and kept modifying files. I had installed K-Meleon but not yet accessed the internet so I didn't know what could be in the Cache.
After completeing file modifications, I ran a full scan of my computer in Safe Mode using Avira and Windows Defender which found no viruses or malware. This was the first malware notice I had received in 3 years but the computer runs fine, no problems.
My post was not clear, I am sorry.
I took for granted that You setup like Yogi, me and many other old users.
Not an illicit download file but surfing already or?
Let me explain.
1.) A version that is installed under an unique new name e.g. ./Program Files/K-Meleon1.5.3en-US with de-selected multi user support does not have a cache until You are surfing. That is how I set up K-Meleon - and many other PPL do so too. That setup has Profiles in old default location in subfolder of program install folder.
Others prefer to backup Profile data. When they install and keep profile in the new default location, that is %apdata%/K-Meleon next to Mozilla folder. Normally they would clear the cache before backup (i'd anyway - that is why K-Meleon bookmarks backup extension can backup relevant files but by default no cache).
By default Setup 2.) and 3.) re-use Profiles including cache. & at least the same major versions (e.g. 1.5.x) can re-use & will not break anything.
2.) A new K-Meleon default install uses the default profiles location & reuses e.g. cache files etc. from the version before. The install is updating with fixed or newer program files. & it is not supposed to touch your Profile data.
3.) An unique new install location with multi user support will use default profiles location including cache like 2.)
That is why installing new K-Meleon did not help this user that probably has a broken Profile.
thx for reading my post.
Edited 3 time(s). Last edit at 05/12/2009 03:38PM by guenter.
So far it seems that about every AV and AS known to man occasionally draws a false positive from KM, particularly KM's root folder. I just ignor it. But it would be comforting if the problem didn't occur at all.
Charlie
~~If it ain't broke, why screw it up?~~
Absolut!
Either false
Setup 1.) does not have a cache
or true positive (attributed to wrong reason).
Setup 2 & 3 of the setup possibilities have a cache that has or has no virus.
But possible virus is not from the fresh K-Melon install but from previous surfing.
Whatever: False or true positive warning. Whatever in cache can be safely sanitized.
Cache is an archive of downloaded items. HTML, SWF, Music, exes...
Edited 2 time(s). Last edit at 05/13/2009 08:21AM by guenter.
This is a zip file in K-Meleon cache, you downloaded or view a zip file with virus:
KGN.exe => Key Generator => Please not piracy software use OpenSource or Free software.
Like you did this is solved when you cleared your cache.
(Virus in zip files aren't dangerous if you don't execute it)
K-Meleon in Spanish
Don't get me wrong. I'm not accusing you of anything. It was just an advice. For all I care you are free to download any file from any server you can access.
Be sure that both of us like few others as well, did download and run K-M 1.5.3!
Let me give you just a second advice
1. Either Avira's RTM (real time monitor) is enabled:
Your AV will warn/block access to/delete (according to your configurations) the flagged file at the latest after its download completed.
2. Or the RTM is disabled and your AV is set only for on demand scanning:
Always scan files you download before you decide to install.
*** Unexperienced users generally tend to set their AV to automatically delete flagged files, a setting which can lead to serious problems in case of a FP (false positive).
I'm sure you have downloaded KM 1.5.3, but do yo use Avira?
I do not have RTM enabled.
I DO scan all files manually after download and DO have it set to delete automatically. If it's infected, I don't want it!!
Now, I just came up with this Malwarebytes.
Files Infected:
C:\Program Files\Kmeleon\SetDefault.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
It's been deleted. Again with no adverse effects, it appears.
Edited 2 time(s). Last edit at 05/14/2009 05:00PM by cork1958.
SetDefault? My guess. It is sanitized from a heuristic mechanism.
Else You had a virus in Your cache & have opened it.
No adverse effect?
Make another browser default and then try to set K-Meleon as default browser
It is possible that a virus slips into an official download. AFAIK this has never happened to the K-Meleon project.
I am here to do support since version 0.82 came out.
During these years every once in a while an anti - virus program claimed:
K-Meleon.exe, or Loader.exe is a virus. setDefault seems new.
If there was a real threat coming from the K-Meleon installer download several users would have found a virus.
Edited 2 time(s). Last edit at 05/14/2009 05:26PM by guenter.
http://www.hijackthis-forum.de/archiv/2776-false-positive-k-meleon-browser.html
http://nsis.sourceforge.net/NSIS_False_Positives
please note that setdefault by alain was compiled with NSIS and obviously avira doesn't like NSIS. no k-meleon package since version 0.1 has ever contained a virus.
antiviruses have false positives maybe equal in number as the real viruses.. until someone reports to them a false positive; an innocent application will be flagged as malware.
i suggest you report to their forum that kmeleon's setdefault.exe is a false positive..it's not k-meleon's problem, it's their problem.
I advised you to scan the package before installation and not after.
However it seems you know better. So far no more comments on my side except the below image:
I have since a lot of years K-Meleon and Avira antivir and never had problems or false positives with K-Meleon or NSIS files. Please update your antivir or reduce your heuristic Avira antivir level to Medium.
K-Meleon in Spanish
Edited 1 time(s). Last edit at 05/15/2009 10:25AM by desga2.
I DO scan all files immediately after downloading, NOT after installing, and stated that in previous post.
Heuristics IS set at medium. First thing I do EVERYDAY is update AV. What's the sense of scanning with an AV that is even a day old?!!
I know the possibility of getting as many false positives exists as actual infections. Was just posting this here partially to see if anyone else has ever come across this and if not, to inform others of the possibilty they can.
I have posted this in the Avira forum also.
Thanks for the replies
Hope I wasn't coming across as harsh, but I DO know what I'm doing guys!
Edited 2 time(s). Last edit at 05/16/2009 11:41AM by cork1958.
All of your examples in this thread are referring to scans made after installation:
In case the scan of the install package turns out clean but after installation your AV will give a warning (be it caused by a FP or a real infection) you can assume that the components of the install package can't be the real cause
You can take your foot off the accelerator here, it is not so important whether you know what you are doing or not.
I've just recently installed 1.5.3, I use ESET Smart Security, it flagged up a trojan warning during install that I ignored. Just out of curiosity what do you guy's make of this by Anvir Task manager?
http://i678.photobucket.com/albums/vv143/tbolin32/untitled.jpg
Truly dangerous - even addictive - using it as default since 2003
Edited 1 time(s). Last edit at 05/24/2009 11:12PM by guenter.
I understand, guenter, but I think its a 'buggy' problem. I used the same AV and it's never 'warned' about any other KM version I've tried . Same with the Anvir it's at most described it as 'unknown.' (The loader, I'm talking about)
Loader has been incriminated by defenseware several times in the past.
It has the same ill behaviors as IE-preloader, several other RAM steelers and autostarts like them and viruses.
Edited 2 time(s). Last edit at 05/24/2009 11:35PM by guenter.
Ookee Dookee, thats makes good sense, thanks guenter.
General discussion about K-Meleon
Infected K-Meleon
Posted by:
cork1958
Date: May 11, 2009 05:35PM
This is what I just got doing a complete scan of a fresh install of K-Meleon. It's done this before and I posted it at that time, but can't find it now. If I remember correctly, it doesn't have any effect on anything. I'm on said computer right now, but not under that username. Will log off my name and sign in under Jerrod. See what happened. Using Avira AV.
C:\Documents and Settings\Jerrod\Local Settings\Application Data\K-Meleon\zpxd1mjo.default\Cache\3A15337Dd01
[0] Archive type: ZIP
--> KGN.exe
[DETECTION] Is the TR/Meredrop.A.1112 Trojan
[NOTE] The file was deleted!
Edit:
Logged in as Jerrod now. No ill effect, it appears. Probably should've posted this under bugs, huh?
Posted in the Avira forum also.
Edited 2 time(s). Last edit at 05/11/2009 05:44PM by cork1958.
Re: Infected K-Meleon
Posted by:
Yogi
Date: May 11, 2009 06:32PM
Quote
panzer
False positive?
Maybe, maybe not.
Quote
cork1958
This is what I just got doing a complete scan of a fresh install of K-Meleon.
Sorry but this is plain nonsense.
A fresh install of K-Meleon will always result an emty cache!
You have for sure downloaded a zipped file containing the KGN.exe which your AV is flagging as malware. My vague guess, it was a keygen. It was flagged as malware either because it really is malignant or because it was compressed with an exotic runtime packer your AV can't unpack.
Instead of blaming K-Meleon unfounded you should take care what files you are downloading
Since the file was deleted by your AV it can't harm you anyway.
Edited 1 time(s). Last edit at 05/11/2009 06:37PM by Yogi.
Re: Infected K-Meleon
Posted by:
guenter
Date: May 11, 2009 07:59PM
Quote
Yogi
A fresh install of K-Meleon will always result an emty cache!
Absolut
!Edited 1 time(s). Last edit at 05/11/2009 08:00PM by guenter.
Re: Infected K-Meleon
Posted by:
cork1958
Date: May 12, 2009 11:28AM
Sorry, was NOT blaming K-Meleon for anything. Simply stating the facts that immediately after installing K-Meleon, I had things to do, so I set Avira to do a complete scan, and that is it what it found.
Got the K-Meleon file straight from here, http://kmeleon.sourceforge.net/download.php, so don't try and tell me I was downloading some illicit file.
Just about the same half a**ed reply I got last time I posted this. Instead of trying to accuse me of downloading some messed up file, you last 2 posters should try to do this yourself and see what happens.
I'm on a machine today that I'm about to update K-Meleon on. Will do the same scan again and see what happens. Just uninstalled and installed K-Meleon and Adblockplus. Scanning now.
Then again, maybe it's the adblockplus file I downloaded, although I got that from here, http://adblockplus.org/en/kmeleon, so, should be safe, huh?
Hmm? Scan found nothing.
Don't even have that file, C:\Documents and Settings\Cork\Local Settings\Application Data\K-Meleon, on this computer?
Oh well. No harm, no foul!!
Edited 7 time(s). Last edit at 05/12/2009 12:20PM by cork1958.
Re: Infected K-Meleon
Posted by:
wildbill
Date: May 12, 2009 12:59PM
I have used K-Meleon for years and never had a problem with downloading/installing a new version. This time ( K-Meleon 1.5.3 ) something different happened. After my installation, I was modifying my Custom Files and Folders in CCleaner to erase the new 1.5.3 files ( Cache\*,* ) when Avira notified me that Cache 001 was infected with malware. I clicked on 'Ignore' and kept modifying files. I had installed K-Meleon but not yet accessed the internet so I didn't know what could be in the Cache.
After completeing file modifications, I ran a full scan of my computer in Safe Mode using Avira and Windows Defender which found no viruses or malware. This was the first malware notice I had received in 3 years but the computer runs fine, no problems.
Re: Infected K-Meleon
Posted by:
guenter
Date: May 12, 2009 03:24PM
Quote
cork1958
Got the K-Meleon file straight from here, http://kmeleon.sourceforge.net/download.php, so don't try and tell me I was downloading some illicit file.
My post was not clear, I am sorry.
I took for granted that You setup like Yogi, me and many other old users.
Not an illicit download file but surfing already or?
Let me explain.
1.) A version that is installed under an unique new name e.g. ./Program Files/K-Meleon1.5.3en-US with de-selected multi user support does not have a cache until You are surfing. That is how I set up K-Meleon - and many other PPL do so too. That setup has Profiles in old default location in subfolder of program install folder.
Others prefer to backup Profile data. When they install and keep profile in the new default location, that is %apdata%/K-Meleon next to Mozilla folder. Normally they would clear the cache before backup (i'd anyway - that is why K-Meleon bookmarks backup extension can backup relevant files but by default no cache).
By default Setup 2.) and 3.) re-use Profiles including cache. & at least the same major versions (e.g. 1.5.x) can re-use & will not break anything.
2.) A new K-Meleon default install uses the default profiles location & reuses e.g. cache files etc. from the version before. The install is updating with fixed or newer program files. & it is not supposed to touch your Profile data.
3.) An unique new install location with multi user support will use default profiles location including cache like 2.)
That is why installing new K-Meleon did not help this user that probably has a broken Profile.
thx for reading my post.
Edited 3 time(s). Last edit at 05/12/2009 03:38PM by guenter.
Re: Infected K-Meleon
Posted by:
caktus
Date: May 13, 2009 02:52AM
So far it seems that about every AV and AS known to man occasionally draws a false positive from KM, particularly KM's root folder. I just ignor it. But it would be comforting if the problem didn't occur at all.
Charlie
Re: Infected K-Meleon
Posted by:
guenter
Date: May 13, 2009 08:19AM
Absolut!
Either false
Setup 1.) does not have a cache
or true positive (attributed to wrong reason).
Setup 2 & 3 of the setup possibilities have a cache that has or has no virus.
But possible virus is not from the fresh K-Melon install but from previous surfing.
Whatever: False or true positive warning. Whatever in cache can be safely sanitized.
Cache is an archive of downloaded items. HTML, SWF, Music, exes...
Edited 2 time(s). Last edit at 05/13/2009 08:21AM by guenter.
Re: Infected K-Meleon
Posted by:
desga2
Date: May 13, 2009 05:31PM
This is a zip file in K-Meleon cache, you downloaded or view a zip file with virus:
KGN.exe => Key Generator => Please not piracy software use OpenSource or Free software.
Like you did this is solved when you cleared your cache.
(Virus in zip files aren't dangerous if you don't execute it)
K-Meleon in SpanishRe: Infected K-Meleon
Posted by:
Yogi
Date: May 13, 2009 06:58PM
Quote
cork1958
Instead of trying to accuse me of downloading some messed up file,
Don't get me wrong. I'm not accusing you of anything. It was just an advice. For all I care you are free to download any file from any server you can access.
Quote
cork1958
you last 2 posters should try to do this yourself and see what happens.
Be sure that both of us like few others as well, did download and run K-M 1.5.3!
Quote
cork1958
Just uninstalled and installed K-Meleon and Adblockplus. Scanning now.
Let me give you just a second advice
1. Either Avira's RTM (real time monitor) is enabled:
Your AV will warn/block access to/delete (according to your configurations) the flagged file at the latest after its download completed.
2. Or the RTM is disabled and your AV is set only for on demand scanning:
Always scan files you download before you decide to install.
*** Unexperienced users generally tend to set their AV to automatically delete flagged files, a setting which can lead to serious problems in case of a FP (false positive).
Re: Infected K-Meleon
Posted by:
cork1958
Date: May 14, 2009 04:58PM
Quote
Yogi
Quote
cork1958
Instead of trying to accuse me of downloading some messed up file,
Don't get me wrong. I'm not accusing you of anything. It was just an advice. For all I care you are free to download any file from any server you can access.
Quote
cork1958
you last 2 posters should try to do this yourself and see what happens.
Be sure that both of us like few others as well, did download and run K-M 1.5.3!
Quote
cork1958
Just uninstalled and installed K-Meleon and Adblockplus. Scanning now.
Let me give you just a second advice
1. Either Avira's RTM (real time monitor) is enabled:
Your AV will warn/block access to/delete (according to your configurations) the flagged file at the latest after its download completed.
2. Or the RTM is disabled and your AV is set only for on demand scanning:
Always scan files you download before you decide to install.
*** Unexperienced users generally tend to set their AV to automatically delete flagged files, a setting which can lead to serious problems in case of a FP (false positive).
I'm sure you have downloaded KM 1.5.3, but do yo use Avira?
I do not have RTM enabled.
I DO scan all files manually after download and DO have it set to delete automatically. If it's infected, I don't want it!!
Now, I just came up with this Malwarebytes.
Files Infected:
C:\Program Files\Kmeleon\SetDefault.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
It's been deleted. Again with no adverse effects, it appears.
Edited 2 time(s). Last edit at 05/14/2009 05:00PM by cork1958.
Re: Infected K-Meleon
Posted by:
guenter
Date: May 14, 2009 05:21PM
SetDefault? My guess. It is sanitized from a heuristic mechanism.
Else You had a virus in Your cache & have opened it.
No adverse effect?
Make another browser default and then try to set K-Meleon as default browser
It is possible that a virus slips into an official download. AFAIK this has never happened to the K-Meleon project.
I am here to do support since version 0.82 came out.
During these years every once in a while an anti - virus program claimed:
K-Meleon.exe, or Loader.exe is a virus. setDefault seems new.
If there was a real threat coming from the K-Meleon installer download several users would have found a virus.
Edited 2 time(s). Last edit at 05/14/2009 05:26PM by guenter.
Re: Infected K-Meleon
Posted by:
disrupted
Date: May 14, 2009 06:49PM
http://www.hijackthis-forum.de/archiv/2776-false-positive-k-meleon-browser.html
http://nsis.sourceforge.net/NSIS_False_Positives
please note that setdefault by alain was compiled with NSIS and obviously avira doesn't like NSIS. no k-meleon package since version 0.1 has ever contained a virus.
antiviruses have false positives maybe equal in number as the real viruses.. until someone reports to them a false positive; an innocent application will be flagged as malware.
i suggest you report to their forum that kmeleon's setdefault.exe is a false positive..it's not k-meleon's problem, it's their problem.
Re: Infected K-Meleon
Posted by:
Yogi
Date: May 14, 2009 07:30PM
Quote
cork1958
Now, I just came up with this Malwarebytes.
Files Infected:
C:\Program Files\Kmeleon\SetDefault.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
I advised you to scan the package before installation and not after.
However it seems you know better. So far no more comments on my side except the below image:
Re: Infected K-Meleon
Posted by:
desga2
Date: May 15, 2009 10:24AM
I have since a lot of years K-Meleon and Avira antivir and never had problems or false positives with K-Meleon or NSIS files. Please update your antivir or reduce your heuristic Avira antivir level to Medium.
K-Meleon in SpanishEdited 1 time(s). Last edit at 05/15/2009 10:25AM by desga2.
Re: Infected K-Meleon
Posted by:
cork1958
Date: May 16, 2009 11:38AM
I DO scan all files immediately after downloading, NOT after installing, and stated that in previous post.
Heuristics IS set at medium. First thing I do EVERYDAY is update AV. What's the sense of scanning with an AV that is even a day old?!!
I know the possibility of getting as many false positives exists as actual infections. Was just posting this here partially to see if anyone else has ever come across this and if not, to inform others of the possibilty they can.
I have posted this in the Avira forum also.
Thanks for the replies
Hope I wasn't coming across as harsh, but I DO know what I'm doing guys!
Edited 2 time(s). Last edit at 05/16/2009 11:41AM by cork1958.
Re: Infected K-Meleon
Posted by:
Yogi
Date: May 16, 2009 12:27PM
Quote
cork1958
I DO scan all files immediately after downloading, NOT after installing, and stated that in previous post.
All of your examples in this thread are referring to scans made after installation:
Quote
cork1958
1.) C:\Documents and Settings\Jerrod\Local Settings\Application
Data\K-Meleon\zpxd1mjo.default\Cache\3A15337Dd01
[0] Archive type: ZIP
--> KGN.exe
[DETECTION] Is the TR/Meredrop.A.1112 Trojan
[NOTE] The file was deleted!
2.) Just uninstalled and installed K-Meleon and Adblockplus. Scanning now.
3.) Files Infected:
C:\Program Files\Kmeleon\SetDefault.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
In case the scan of the install package turns out clean but after installation your AV will give a warning (be it caused by a FP or a real infection) you can assume that the components of the install package can't be the real cause
Re: Infected K-Meleon
Posted by:
Arrow
Date: May 17, 2009 04:23AM
Quote
cork1958
Thanks for the replies
Hope I wasn't coming across as harsh, but I DO know what I'm doing guys!
You can take your foot off the accelerator here, it is not so important whether you know what you are doing or not.
Re: Infected K-Meleon
Posted by:
Paul
Date: May 24, 2009 10:58PM
I've just recently installed 1.5.3, I use ESET Smart Security, it flagged up a trojan warning during install that I ignored. Just out of curiosity what do you guy's make of this by Anvir Task manager?
http://i678.photobucket.com/albums/vv143/tbolin32/untitled.jpg
Re: Infected K-Meleon
Posted by:
guenter
Date: May 24, 2009 11:12PM
Truly dangerous - even addictive - using it as default since 2003
Edited 1 time(s). Last edit at 05/24/2009 11:12PM by guenter.
Re: Infected K-Meleon
Posted by:
Paul
Date: May 24, 2009 11:24PM
I understand, guenter, but I think its a 'buggy' problem. I used the same AV and it's never 'warned' about any other KM version I've tried . Same with the Anvir it's at most described it as 'unknown.' (The loader, I'm talking about)
Re: Infected K-Meleon
Posted by:
guenter
Date: May 24, 2009 11:33PM
Loader has been incriminated by defenseware several times in the past.
It has the same ill behaviors as IE-preloader, several other RAM steelers and autostarts like them and viruses.
Edited 2 time(s). Last edit at 05/24/2009 11:35PM by guenter.
Re: Infected K-Meleon
Posted by:
Paul
Date: May 24, 2009 11:44PM
Ookee Dookee, thats makes good sense, thanks guenter.
English
