Postgres Pro
Downloads
Home   >   mailing lists

Thread: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

From
Manoj Agrawal
Date:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up





Thanks and Regards
 
Manoj Agrawal
manoj.agrawal@hotmail.com

Attachment

Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

From
Magnus Hagander
Date:


On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.


Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.

 

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up

Hi!

Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says?  It also gives you a link to the finished analysis, so please post the link to that one as well.

//Magnus

Attachment

Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

From
Andres Freund
Date:
Hi,

On December 22, 2019 10:38:57 AM EST, Magnus Hagander <magnus@hagander.net> wrote:
>On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal
><manoj.agrawal@hotmail.com>
>wrote:
>
>> Dear PostgreSQL Team,
>>
>> I am a regular ordinary user of your application.
>> I apologies for not following your bug and security template. I
>suppose
>> this will be OK with you.
>>
>> Kindly look at this screen from Windows 10 machine.
>>
>> I have downloaded "postgresql-12.1-3-windows-x64.exe" from your
>website
>> and during installation it is reporting Malware in one of your
>executable.
>>
>
>
>Exactly which URL did you download it from? And please provide a
>checksum
>(md5, sha1 or similar) of the file downloaded to your system.
>
>
>
>>
>> *PostgreSQL\12\bin\pg_ctl.exe*
>>
>> *Threat detected: Trojan:Win32/Detplock *
>>
>> *Alert level: Severe *
>>
>> *Date: 22-12-2019 07:32 PM *
>>
>> *Category: Trojan *
>>
>> *Details: This program is dangerous and executes commands from an
>> attacker. *
>>
>> I need you to look into this on priority basis. As I am stuck-up
>>
>
>Hi!
>
>Can you please take the file from your system and upload it to
>https://www.virustotal.com/gui/home/upload, and let us know what the
>detection there says?  It also gives you a link to the finished
>analysis,
>so please post the link to that one as well.

Fwiw, there's a note on MS's page about recent false positives for this"virus":
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Detplock
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

From
Manoj Agrawal
Date:
Hi Magnus,

I apologies for troubling you at this time. But your questions are important I will try to answer all.

  1. URL from where I downloaded the installer
    https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093

    image as below:


    I have not taken checksum of the file.



  2. I did scanned the file with the url you below. Attaching the screen shot for your ref.


    Here are some of the details from the details tab. Attaching .pdf also for your reference.


Sir, please do let me know if any more information i can share with you. I will be more than happy to share with you.


Thanks and Regards
 
Manoj Agrawal
manoj.agrawal@hotmail.com

From: Magnus Hagander <magnus@hagander.net>
Sent: 22 December 2019 09:08 PM
To: Manoj Agrawal <manoj.agrawal@hotmail.com>
Cc: security@postgresql.org <security@postgresql.org>; pgsql-bugs@lists.postgresql.org <pgsql-bugs@lists.postgresql.org>
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
 


On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.


Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.

 

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up

Hi!

Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says?  It also gives you a link to the finished analysis, so please post the link to that one as well.

//Magnus

Attachment

Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

From
Magnus Hagander
Date:
Hello!

The fact that only a single scanning engine considers that being a problem, means it's almost certainly an issue with the virus scanner, and not an actual trojan. Especially given that as Andres pointed out, Mirosoft's scanner has had problems with false positives about this trojan before.

//Magnus


On Sun, Dec 22, 2019 at 5:03 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Hi Magnus,

I apologies for troubling you at this time. But your questions are important I will try to answer all.

  1. URL from where I downloaded the installer
    https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093

    image as below:
    I have not taken checksum of the file.


  2. I did scanned the file with the url you below. Attaching the screen shot for your ref.


    Here are some of the details from the details tab. Attaching .pdf also for your reference.


Sir, please do let me know if any more information i can share with you. I will be more than happy to share with you.


Thanks and Regards
 
Manoj Agrawal
manoj.agrawal@hotmail.com

From: Magnus Hagander <magnus@hagander.net>
Sent: 22 December 2019 09:08 PM
To: Manoj Agrawal <manoj.agrawal@hotmail.com>
Cc: security@postgresql.org <security@postgresql.org>; pgsql-bugs@lists.postgresql.org <pgsql-bugs@lists.postgresql.org>
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
 


On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.


Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.

 

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up

Hi!

Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says?  It also gives you a link to the finished analysis, so please post the link to that one as well.

//Magnus

Attachment

Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected

From
Sandeep Thakkar
Date:
Hi,

It certainly looks like a false positive. Can you please try installing on some other Windows server?

On Mon, Dec 23, 2019 at 6:15 PM Magnus Hagander <magnus@hagander.net> wrote:
Hello!

The fact that only a single scanning engine considers that being a problem, means it's almost certainly an issue with the virus scanner, and not an actual trojan. Especially given that as Andres pointed out, Mirosoft's scanner has had problems with false positives about this trojan before.

//Magnus


On Sun, Dec 22, 2019 at 5:03 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Hi Magnus,

I apologies for troubling you at this time. But your questions are important I will try to answer all.

  1. URL from where I downloaded the installer
    https://www.enterprisedb.com/thank-you-downloading-postgresql?anid=1257093

    image as below:
    I have not taken checksum of the file.


  2. I did scanned the file with the url you below. Attaching the screen shot for your ref.


    Here are some of the details from the details tab. Attaching .pdf also for your reference.


Sir, please do let me know if any more information i can share with you. I will be more than happy to share with you.


Thanks and Regards
 
Manoj Agrawal
manoj.agrawal@hotmail.com

From: Magnus Hagander <magnus@hagander.net>
Sent: 22 December 2019 09:08 PM
To: Manoj Agrawal <manoj.agrawal@hotmail.com>
Cc: security@postgresql.org <security@postgresql.org>; pgsql-bugs@lists.postgresql.org <pgsql-bugs@lists.postgresql.org>
Subject: Re: PostgreSQL\12\bin\pg_ctl.exe - Trojan detected
 


On Sun, Dec 22, 2019 at 4:26 PM Manoj Agrawal <manoj.agrawal@hotmail.com> wrote:
Dear PostgreSQL Team,

I am a regular ordinary user of your application.
I apologies for not following your bug and security template. I suppose this will be OK with you.

Kindly look at this screen from Windows 10 machine.

I have downloaded "postgresql-12.1-3-windows-x64.exe" from your website and during installation it is reporting Malware in one of your executable.


Exactly which URL did you download it from? And please provide a checksum (md5, sha1 or similar) of the file downloaded to your system.

 

PostgreSQL\12\bin\pg_ctl.exe
Threat detected: Trojan:Win32/Detplock
Alert level: Severe
Date: 22-12-2019 07:32 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I need you to look into this on priority basis. As I am stuck-up

Hi!

Can you please take the file from your system and upload it to https://www.virustotal.com/gui/home/upload, and let us know what the detection there says?  It also gives you a link to the finished analysis, so please post the link to that one as well.

//Magnus



--
Sandeep Thakkar