Group: Administrator
Location: Sweden
Started playing Quake TDM in 1997.

Creator of eQuake, fQuake and nQuake.
Misc  /  29 May 2009, 17:45
Malware in nQuake
I have found some sort of unclassified malware in nQuake. More specifically in ezquake/sb/wget.exe. This is a file I have added to nQuake myself, and I don't think that many of you have actually used that file. I don't even know if it's necessary anymore. Anyway, to be safe you should do a complete virus check on your computer.

The antivirus program that found this malware was Comodo Antivirus.
Comments
2009-05-29, 17:57
Do not jump into conclusions. Probably just heuristics whining or tagging it as "unwanted" program since it can download from the internet. Wget is *nix based (can be downloaded for Windows too) commandline file fetcher/downloader. More information.

Use http://www.virustotal.com/ and paste the analysis url here (from the addressbar) once the scan is finished.

Edited by Renzo on 29 May 09 @ 18:58CET
2009-05-29, 18:52
it is probably used to update server browser
2009-05-29, 20:33
Im with Renzo, "tagging it as "unwanted" program since it can download from the internet".
2009-05-29, 21:24
I bet wget is used to contact a spynetwork and download more suspicious files!
-I hear that the whole GNU organization is run from a bunker, and that they try to takeover all computers of the world! Don't trust the FSF!
2009-05-29, 23:43
Well obviously the official wget version doesn't have malware, but I am assuming this version was downloaded somewhere off the internet, not directly compiled from the GNU sources by empezar. It's perfectly possible that there could be malware in it in this case. But as Renzo says, it's probably not the case. Anti-virus software routinely has false-positives like this, especially with packed and/or compressed executables. Use virtustotal.com and see if a significant percentage of anti-malware and/or anti-virus software indeed classify it as malware. If they do, then there's real reason for concern.

Edited by raz0 on 30 May 09 @ 00:44CET
2009-05-30, 08:31
Better safe than sorry. I thought I'd inform you all of my findings so I don't get blamed (again) for throwing viruses into my packs
2009-05-30, 08:54
I scanned wget.exe we have in SVN at the moment, gave 0/40 on virustotal.
2009-05-30, 08:59
Absolutely better safe than sorry empezar. No worries
You have to be logged in to be able to post a comment.
Username:
Password: