VIRUS INCLUDED

from WinCustomize Forums
Just thought that I would have a peek at the 47 WindowBlinds listed in the GUI Championships for 2006.
I downloaded about half a dozen just of them for a better appreciation and soon discovered that,according to my security suite, both FROIS - 01 and VVA both downloaded with the W32/HLLP.Philis.ini virus onboard.
Needless to say my security suite promptly removed both.
Just thought I would bring it to your attention.
windowblinds
2,987 views 4 replies
Reply #1 from WinCustomize Forums Top

I'll bet that's McAffee ....that 'suite' of yours....and it's a false positive...

Checked with 4 or 5 alternate AVs [yesterday]...and clean as a whistle...

Reply #2 from WinCustomize Forums Top
My Mcafee picked em up too and it is a false positive and you shouldn't worry the skins install fine with no problems.
Groupy 2 - Organize multiple applications into grouped tabs on your Windows desktop
Reply #3 from WinCustomize Forums Top
So...your positive its a false positive and not a negative positive or even worse a positive positive!!!
Reply #4 from WinCustomize Forums Top

W32/HLLP.Philis.ini is a sub-set of the W32/HLLP.Philis virus.  The *.ini variant is at this time ONLY detected by McAfee, and if you look at the description of the "virus" here:

http://vil.nai.com/vil/content/v_140656.htm

You'll see that it's not actually a virus that it's detecting, but an artifact of W32/HLLP.Philis.  The _desktop.ini file can not contain the virus, it is merely potentially a record of the virus executing.

Looking at the _desktop.ini file included with the latest version of FROIS-01, there is a timestamp inidicating that Dexter2005 has been infected by the W32/HLLP.Philis virus, which prepends itself to .exe files. 

The _desktop.ini file is NOT AN INFECTED FILE.  It is only a sign that the system on which it was created is infected (and even then, only sometimes, there may be legit apps that create an _desktop.ini file).  Since there are no .exes packed in a skin, this isn't even the beginnings of a concern.

However, any skin author that is told their skin is triggering this warning, they need to get their systems cleaned, because they might very well have the actual virus.