VMware Cloud Community
Marco_1
Contributor
Contributor
‎05-28-2008 11:35 PM
Jump to solution

Win32.Womble virus in VMware Converter 3.0.3 (Standalone Enterprise Edition) boot CD version?

Hi,

Can't believe I'm the first but when I search I can't find any threads on this subject, so here we go.

When I try to download the Converter boot cd (needed to convert a Linux server) our gateway virusscanner blocks the .zip file because it finds the Win32.Womble virus in coldclone.iso\EEM_0x0deda000.exe. I did some research on the virus and it is a Windows PE virus, so could be possible.

I've notified VMWare last week twice by filling out a contact form on their website (http://www.vmware.com/company/contact.html) one time addressed to Support and once to the Webmaster.

Haven't heard anything yet.

Since I think this is important to notify them about I called Support yesterday but they couldn't make a support call because our support contract (not software license) expired!

Of course the block could be a false positive but at least a conformation would have been nice.

So my question is if nobody else has found this problem or could scan their burned bootable CD?

Thanks for your input.

Greetinx,

Marco

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
theanykey
Virtuoso
Virtuoso
‎06-11-2008 07:24 AM
Jump to solution

Glad you were able to determine the true cause of the error.

View solution in original post

0 Kudos
5 Replies
IamTHEvilONE
Immortal
Immortal
‎05-29-2008 06:50 AM
Jump to solution

I've been using the 3.0.3 Cold Clone ISO since release with no issues.

My older download doesn't show any signs of a virus, in the ISO format or in a post write scan. I also tried a fresh download from VMware.com, and don't show anything with our scanning software.

I do know that any of our posts go through a ton of testing before post.

The file mentioned I have never seen before, and looks more like a memory location then an executable.

Cheers.

theanykey
Virtuoso
Virtuoso
‎05-29-2008 07:26 AM
Jump to solution

Can you private message me your contact information. I would be willing to give you a call or an email (depending on your timezone and hours) to document how you were able to identify this issue. If the issue is valid, I will move forward with this to see if we can get it corrected.

Marco_1
Contributor
Contributor
‎06-10-2008 01:26 AM
Jump to solution

Hi all,

Just received notice from our AV vendor: after thurrough inspection it turned out to be a false positive.

Thanks for the help.

Greetings,

Marco

0 Kudos
theanykey
Virtuoso
Virtuoso
‎06-11-2008 07:24 AM
Jump to solution

Glad you were able to determine the true cause of the error.

0 Kudos
Badsah
Expert
Expert
‎07-03-2008 03:58 PM
Jump to solution

Hello, Marco, thanks for alerting VMware to this kind of issue. This was taken very seriously from the moment you reported it, and was initially escalated and tested. Just as a courtesy to you, wanted to let you know that md5sum did check out, and we have not heard any other reports of issues. Therefore, the severity of the ticket was lowered. Nonetheless, IT & Engineering is still doing due diligence to make sure the person responsible for the upload of the bits did not have an infection - to be absolutely sure. As of today, the ticket remains open for this investigation to be completed.

Thanks again, Badsah

---

Badsah Mukherji

VMware Web Communities Team

--- Badsah Mukherji VMware Web Communities Team
0 Kudos