PCWorld Forums

PCWorld Forums: Nvidia Driver Update Virus - PCWorld Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Nvidia Driver Update Virus

#1 User is offline   RyanSchauermssn 

  • Newbie
  • Pip
  • Group: New Member
  • Posts: 5
  • Joined: 09-May 11

Posted 09 May 2011 - 09:36 AM

Our antivirus/firewall software (palo alto) triggered a virus trying to download a driver from Nvidia but they refuse to acknowledge it as a possible infection.

The driver is for NVIDIA Quadro NVS 160M Win7 x64: http://us.download.n...tional-whql.exe

I've also scanned the file using urlvoid.com wich triggers similar warnings:

Report: 2011-05-09 18:57:14 (GMT 1)
Website: us.download.nvidia.com
Domain Hash: 4445f4c5d6b81f43034d952e8af83f8b
IP Address: 92.122.49.200 [SCAN]
IP Hostname: a92-122-49-200.deploy.akamaitechnologies.com
IP Country: GB (United Kingdom)
AS Number: 20940
AS Name: AKAMAI-ASN1 Akamai Technologies European AS
Detections: 2 / 23 (9 %)
Status: SUSPICIOUS

I contacted NVidia and they shrugged it off as a false positive. Sanjib concluded "The file is not infected Ryan, we have tested this file in thousands of systems without any issues. I am sorry for any inconvenience this may have caused to you."

Just thought I'd let you all know just in case. Not sure how else to get NVidia to fix it. Either way, I believe NVidia is responsible for working with antivirus vendors to ensure their software is on the up and up. If they are indeed clean, they should work with the antivirus makers to clean up the mixup.

Now I'm in a situation where I can't update drivers for my clients until it's fixed and I've been told it's basically my problem.

Chat Transcript:

[09:23:50 AM] Hi, my name is Sanjib. How may I help you?
[09:24:47 AM] ryan: Our firewall/antivirus software has detected a virus in one of your files.
[09:24:57 AM] ryan: This is the file: http://us.download.n...tional-whql.exe
[09:25:26 AM] ryan: And here's our error from our firewall: Virus Download Blocked
OF-FL4-FW01:Download of the virus has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.
File name: 270.61-notebook-win7-winvista-64bit-international-whql.exe
[09:26:00 AM] ryan: The virus detected is "Trojan/Win32.tdss.pyka" ID 2686737
[09:26:29 AM] Sanjib: What is the model number of your laptop?
[09:26:42 AM] ryan: ###########
[09:26:55 AM] Sanjib: And also let me know the firewall/antivirus software that you are using?
[09:27:16 AM] ryan: https://support.palo...ortal/index.php
[09:27:27 AM] ryan: That is a link to the vendor's website.
[09:27:44 AM] Sanjib: Just give me a moment.
[09:29:01 AM] Sanjib: I am sorry, do you know which graphics card is present in your laptop?
[09:29:16 AM] ryan: NVIDIA Quadro NVS 160M
[09:30:47 AM] Sanjib: And the OS that you are using?
[09:30:58 AM] ryan: Windows 7 Enterprise x64
[09:31:28 AM] Sanjib: http://www.nvidia.co...hql-driver.html
[09:31:39 AM] Sanjib: Have you downloaded the drivers from the above weblink?
[09:32:46 AM] ryan: I get this error from the link you just posted: Virus Download Blocked
OF-FL4-FW01:Download of the virus has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.
File name: 270.61-notebook-win7-winvista-64bit-international-whql.exe
[09:35:30 AM] Sanjib: Okay, I think your Firewall sevice provider has blocked the NVIDIA web site as it contains the .exe files.
[09:36:15 AM] ryan: We've not had any problems downloading your files in the past and we've contacted them to confirm that the files do indeed include infected files.
[09:37:21 AM] ryan: At this point I'm just letting you know so you can have someone resolve the issue with the firewall vendor. It's going to be really bad PR when word gets out that you're sending out infected files if you are indeed sending out infected files.
[09:38:06 AM] ryan: We've got the previous driver update file so we can use that until the issue is resolved.
[09:39:06 AM] Sanjib: I am sorry for the inconvenience Ryan, but we have never came across such issues with the newest driver version.
[09:40:32 AM] ryan: No worries. Like I said...I'm letting you know for your sake, not mine. Our software is blocking the file. The concern is that if your file IS infected and other software doesn't catch it, you could infect many computers.
[09:50:29 AM] Sanjib: I am sorry Ryan, I think it is the issue with the Firewall, I will recommend you to download the driver in some other PC and transfer it using a Flash drive
[09:52:20 AM] ryan: That's fine. I'm not installing this infected file until your company and my antivirus company agree it's clear. And I'm going to let everyone I know that it's infected via facebook and twitter...so it's really on you guys. I don't need the update....this is for your own PR. If it gets out that this was blatantly ignored and that you indeed infected thousands of computers I'm not going to be the one trying to justify it.
[09:55:25 AM] Sanjib: The file is not infected Ryan, we have tested this file in thousands of systems without any issues. I am sorry for any inconvenience this may have caused to you. However, let me tell you, The primary source for graphics drivers is from your notebook OEM. These drivers have been fully qualified by the OEM to work with their specific notebook customizations. NVIDIA does not control the schedule for updates to these OEM drivers.
0

#2 User is offline   crazy4laptops 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 3,169
  • Joined: 20-November 07
  • Location:USA

Posted 09 May 2011 - 10:58 AM

It may be a false positive... I scanned this file with Eset Nod32 Business edition and it came back clean, no infection found.

But test it out on a lab system first if needed, But I don't think this file is much of a threat.
Even the experts started out as beginners
0

#3 User is offline   coastie65 

  • Moderator
  • PipPipPipPipPipPipPipPip
  • Group: Moderators
  • Posts: 20,651
  • Joined: 02-April 07
  • Location:Henrico, Va.

Posted 09 May 2011 - 11:38 AM

Good move crazy. I ws sitting here reading this and wondered if they scanned the stuff they sent out before doing so. Probably not. I don't know of any members using one of those cards as they aren't for gaming.
Coolermaster HAF 912 Case....ASUS Z87Pro MOBO.....Intel Core i7 4770k Haswell ( OC'd to 4.6 Ghz ) .... Gelid Tranquillo cooler.... Samsung 830 256 GB SSD.... Primary HDD- WD 1TB Caviar Black SATA III /6.0 .... SECONDARY HDD - WD 1TB Caviar Black SATA II / 3.0....16Gb GSkill Ripjaws Series X 2133 Mhz Memory....Corsair AX850w PSU....EVGA GTX 680 Super Clocked Signature 2 Gb GDDR5 Video Card....Samsung CD/DVD RW, DL, DVD-Ram, w/ Lightscribe Optical Drive....Samsung SyncMaster 2243BWX 22" Monitor..... Windows 7 Home Premium 64 Bit OS




______________________________________________________________

Gateway FX6800-01e----Intel Core i7 960 ( 3.2 GHz)---- Seagate Barracuda 750 Gb SATA II / 3.0 Hdd---- 6 Gb Crucial 1066 Mhz memory, running in Tri Channel conf-----Corsair TX650w PSU----- EVGA Nvidia GTX 560Ti 1gb GDDR5 Vram ----DVD +/- RW / CD ,RAM/DL Optical drive w/ Label Flash-----Gateway TBGM-01 Motherboard.... Vista Home Premium 64 bit OS w/ SP2; Samsung Synch Master 2243BWX 22" Monitor.
0

#4 User is offline   Flashorn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 4,709
  • Joined: 19-May 07
  • Location:Canada

Posted 12 May 2011 - 08:41 AM

I just scanned that file with MSE (Microsoft Security Essentials) and MalwareBytes' Anti-Malware. Both reported
no infectious material or files. MSE scanned 2609 files in that container and found nothing to report :

Posted Image

I have uploaded this file to VirusTotal and it found no infected files. YTou can email them this file and you will
get a report from VirrusTotal @ :

http://www.virustota....html#publicapi

Have you asked or reported this False Positive to http://www.paloaltonetworks.com/ .??

I have updated my nVidea video card with this same file not too long ago and no Virus or Malware is to be found.


FLASHORN.
Posted Image Posted Image

Posted Image

Eurocom Scorpius: 3840QM-2.8 GHz-Ivy Bridge ; ATI 7970M Crossfire ; Intel SSD 520 series 480GB ; Seagate Momentus XT 750 GB,7200RPM ; 16 GB Corsair Vengeance 9 9 9 24 ; Sound Blaster X-Fi MB2 ; THX True Studio Pro.

Patience is Life.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users