[Fpga-synth] AVG Finds Trojan Horse in ISE 9.2i

Eric Brombaugh ebrombaugh at earthlink.net
Fri Dec 7 00:58:00 CET 2007 

Well that's amusing. The mingw32 stuff is a set of WinXP-compatible *nix 
commands that Xilinx distributes with its WinXP native tools to support 
all their scripting. Evidently they needed make in there somewhere...

It boils down to one of several possibilities:

1) AVG is full of it and has mis-identified a trojan.
2) The MingW team accidentally distributed a version of make with a 
trojan in it.
3) A trojan infected mingw make during the ISE 9.2 design/test phase at 
Xilinx and they distributed it.
4) Both your copies of ISE 9.2 got infected somehow.

I'd vote for #1, but if someone has access to a different virus checker 
and ISE 9.2 it would be interesting to get a second opinion. I don't...

Interesting to note that the specific trojan called out isn't mentioned 
anywhere that Google can find it. There are a number of similarly named 
virii, mostly called out on various asian-language websites (korean, 
japanese, chinese). The nomenclature used in this case seems to suggest 
a trojan designed to grab passwords that masquerades as a Quake file.

Eric

Scott Gravenhorst wrote:
> I just downloaded and updated Free AVG and scanned.  It says it found a
> trojan horse file:
> 
> Trojan horse PSW.Agent.QVM
> 
> C:\Xilinx92i\gnu\MinGW\2.0.0-3\nt\bin\mingw32-make.exe
> 
> and it moves the file to the virus vault.
> 
> I find nothing about a trojan horse when I google mingw32-make.exe.
> 
> I have WinXP Pro installed on 2 different disks.  They both have 9.2i and
> AVG found the T.H. on both installations.
> 
> -- ScottG
> 
> -------------------------------------------------------------
> 
> -- Scott Gravenhorst
> -- GateMan-III - FPGA Based MIDI Monophonic Synthesizer with SVF
> -- PolyDaWG/8 - 8 Voice FPGA Polyphonic MIDI Synthesizer
> -- FatMan: home1.gte.net/res0658s/fatman/
> -- NonFatMan: home1.gte.net/res0658s/electronics/
> -- When the going gets tough, the tough use the command line.
> 
> _______________________________________________
> Fpga-synth mailing list
> Fpga-synth at rubidium.dyndns.org
> http://rubidium.dyndns.org/cgi-bin/mailman/listinfo/fpga-synth
>

More information about the Fpga-synth mailing list