On August 25, 2012 I did a scan with Spybot – Search & Destroy version 1.6.2 and detected a trojan. The Code::Blocks version is 10.05 from
March 17, 2011 June 2, 2010 (sorry for the error). The operating system platform is Windows (more specifically, it was Windows XP and then I copied Code::Blocks over to Windows 7).
Here are the scan results:
FraudAV.SJhorwPa - TrojansC-05
(SBI $9495743C) Downloaded program file
C:\Users\.........\CodeBlocks\MinGW\bin\zip.exe
The View Report section shows the above (except for TrojansC-05) and the following:
Properties.size=135168
Properties.md5=83AF340778E7C353B9A2D2A788C3A13A
Properties.filedate=1151801600
Properties.filedatetext=2006-07-01 17:53:20
For those interested in running a scan, please do the following:
1. Go to
http://www.safer-networking.org/dl/ to download Spybot – Search & Destroy 1.6.2, it is free of charge.
2. Once installed, check for updates.
3. At the top left of the Spybot – Search & Destroy screen click on
Mode, select
Advanced mode and click
Yes in the box that appears.
4. Click
Settings on the bottom left.
5. Click
Directories, which is the fourth option down.
6. At the bottom, check the box called
Check sub-directories of the above.
7. Right click in the white box area and select
Add a directory to this list.
8. Locate where the CodeBlocks folder is kept on your computer and select it.
9. Run a scan. It should take about 15 minutes since the whole computer is scanned.
10. Right before the scan is complete FraudAV.SJhorwPa appears.
11. Click the
Fix selected problems button.
12. Click the + sign to the left of the FraudAV.SJhorwPa to get a more detailed description. If you need the details, make sure to write down
TrojansC-05. When you leave the current screen, TrojansC-05 can never be viewed again.
13. To view the other information later, click on
Tools (below
Settings) and then click
View Report.
14. Next, click
View previous report. Note there may be multiple reports relating to a single scan.
After running the scan I found the CodeBlocks\MinGW\bin location on the computer. However, the \zip.exe part of the file path is nowhere to be found. I did not check prior to the scan to see if the \zip.exe file path existed.
It may be worth the effort if a person or group can track down the location of the \zip.exe file path and/or look through the source code of the \MinGW\bin location. Such an effort may verify if the code for the trojan exists.
If there is a trojan, here are a couple ideas that may serve as a starting point for creating a long-term solution.
1. Create a forum called Code::Blocks Security Problems so people can create posts about malicious software they find in Code::Blocks. Then a Volunteer Security Team can investigate, fix and submit the reported incidents back to the Code::Blocks team.
2. Have a Volunteer Security Audit Team look through all the files of Code::Blocks. Then make and submit any corrections made along the way.
I am an average computer user and not in any way a software programmer.
Lastly, is this the right forum to post such a concern?
In advance, thank you everyone for helping, creating a great piece of software and being a great community!
-John44