Hi, anyone downloaded VMWare Workstation 6.5.3 recently? I wrote in to security@vmware.com several days ago and has so far not received a reply, nor saw any changes to the download file made available.Since my 30-day complimentary support has expired I can't create a support request. Was wondering if anyone downloaded the file and encountered the same issue. This is the email I sent:
-
Hi,
I just re-downloaded VMWare Workstation 6.5.3 for Windows 32-bit and
64-bit via the Download link in my account. From the download link at
I received a 507MB file which I tried to run. My Comodo Internet Security notified me that it detected a worm
"VBS.LoveLetter.Y@5512" in the "Codec.cab" file that was generated by
the installer.
Could you check?
Thanks.
hiii
but i think there would this worm in ur systemfrom sources other than vmware download source,cause i downlaoded the trail and installed on my xp pro x64 with sp2,running commodo int sec version 3.5
i didn't get such an error,it could be that when u ran the installer for wks somehow this worm was detected by commodo nad it would have got attached to .cab file,maybe
anyways try again
regards
Joe
Hmm... I'll try to run a system-wide scan and see how it goes. I'm using Comodo IS 3.12 with the latest definitions. After I quarantined the infected files, the installation ran for a while before failing when it couldn't find the required file. I ran the installer again,and again the same codec.cab file was reported to be infected.
Nope, I found where the installer unpacks its files, deleted everything in the directory and did a scan. No other worms found. Ran the installer, it created a directory C:\Documents and Settings\MyUserName\Local Settings\Temp\{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}~setup and Comodo pops up the Worm detection warning again. I checked the directory and the codec.cab file was just created. I click on Quarantine inside Comodo, and the file disappears from the directory. I really do suspect the worm (if there is one) is inside the packed codec.cab file. The other possibility is that it is a false positive. Is there anyway to get VMWare to check? 'Cause it's not too viable to try to upload the 507MB file to Comodo to verify on my upstream.
For those of you who downloaded the trial, is it the same 507MB file? The filename is VMware-workstation-6.5.3-185404.exe.
EDIT: I just downloaded the previous version, 6.5.2 and gave it a go. While this also unpacks a codec.cab file, Comodo did not detect any anomaly. I believe the infected file lies in the 6.5.3 download which was released on 31st Aug 2009.
Hm... both sites appears to indicate that it is a false positive. Strangely, if I un-quarantine the file and do a manual scan on it, it's flagged as 'clean' by Comodo as well. Odd indeed.
Thanks for the help!