Jump to content
ShellfishBustard

Supposedly infected LibreOffice files

Recommended Posts

I am using Immunet 7.4.4.20633 on Windows 10 Pro 64-Bit 1904.

I ran a full scan and it detected a lot of files from LibreOffice (Installed using Choco) supposedly being infected so I want to check if they're false positive.

Here is a list of all detected files with their virus signatures.

C:\Program Files\LibreOffice\program\gengal.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\minidump_upload.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\odbcconfig.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\opencltest.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\python.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\quickstart.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\regmerge.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\regview.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\sbase.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\scalc.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\sdraw.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\senddoc.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\simpress.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\smath.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\soffice.bin: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\soffice.com: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\soffice.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\soffice_safe.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\spsupp_helper.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\sweb.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\swriter.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\twain32shim.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\ui-previewer.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\uno.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\unoinfo.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\unopkg.bin: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\unopkg.com: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\unopkg.exe: Win.Malware.Dqan-9897603-0 FOUND

C:\Program Files\LibreOffice\program\xpdfimport.exe: Win.Malware.Dqan-9897603-0 FOUND

The files themselves are in a compressed 7z file attached here in this link.

https://use03.thegood.cloud/s/2T4kyePX2JSQNHZ

You will be prompted for a password to access it, which is in a text file attached to this post.

Password.txt

Edited by ShellfishBustard
I was going to attach my files directly on the post but the upload limit is too unforgiving.

Share this post


Link to post
Share on other sites

Immunet does have it's own False Positive reporting site here. https://www.immunet.com/false_positive

It wouldn't be a bad idea to also submit your FP data at that link. Don't forget to mention that you already created this topic at this section of the forum in your FP report in case a dev would like to view it.

I did some investigating and could find no evidence that LibreOffice is malicious in any way & it is legitimate software that's been around for years so I would concur it is a False Positive.

After submitting your FP report but still wish to use the document program now might I suggest you create a custom Exclusion rule with Immunet for LibreOffice.

Use this file path for the Exclusion. C:\Program Files\LibreOffice\program  That should work but you may have to exclude the entire 7zip folder as well. Let me know if these exclusions don't work.

If you're not sure how to create a custom Exclusion rule with Immunet feel free to add another thread to this topic & I can give you detailed instructions on how accomplish this.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...