ThreatFire reports trojan immediately after SDK installation

I just downloaded and installed the jMonkeyEngine SDK. After the installation I got this message from ThreatFire:

Don’t know if its really a threat, but I wanted to inform you guys!

Nah its not a virus, I guess some other java-based virus (or virus based on a similar library) is false-postived here.

Can they be notified somehow?

Threadfire is sometimes a bit to light set of.

Just a simple question, why do the intaller need to use such a supicious named exe file? I mean renaming it would probably help a lot already to make sure users understand it’s part of the installation process.

Its an installer system, idk what kinds of executables it creates on the different platforms… I am thnking about moving to another installer but the pack2000 algo helps a lot to downsize the installer package, it would be 220MB instead of 136MB with the current distro for example.

imo better bigger weight of file, than people talking about trojan. don’t you think?

Better yet same weight of file and no trojan :slight_smile:

I take it the package has been scanned using various programs to make sure it’s a false positive? We’d be a bit embarrassed if someone did manage to sneak a virus into it…and it wouldn’t be the first time its happened to reputable software.

It might be worth contacting threatfire and informing them of the false positive. It’s as much in their interest as ours to get it fixed as false positives undermine confidence in their product…

wouldn’t surprise me that normen would put windows based viruses in, take the OS down from the inside! Well played my good sir

How about compressing just a tar file with lzma? there are is a implementation for it in pure java.

@EmpirePhoenix said:
How about compressing just a tar file with lzma? there are is a implementation for it in pure java.

Its packed already, lzma just can't reach pack2000s level of compression when it comes to jar files. ..and if I had any way to make it globally unnecessary to install virus detection software on windows I would instantly make it happen but people like to have unprotected dirty sex with their PCs.. I normally go without a rubber and just select partners when on windows, feels much better :P
We had one confirmation of a user who reported back that he found that in the web he found this is a typical false positive for that installer.. If it really was a virus it would have been in the release version of NetBeans 7.0.1 which we'd know by now I guess.

I know thats a flase positive, but when it uses a file named like that, who wonders?

(Also if you use uncompressed jar’s lzma is quite usefull)

Writing at threadfire support might also help maybee (as this if i understand right happens to the complete netbeans installer not just our sdk?).