I got the "update addon" window for the diigo toolbar when starting firefox just now, but the download was detected as a virus named "W32/HLLP.Philis.ini"
I guess McAfee software. And It found "_desktop.ini" in the Diigo Toolbar folder (I find that file in the folder, too). I feel that is false-positive virus detection. But if you don't need that file, it is better remove from distribution file.
--- http://vil.nai.com/vil/content/v_140656.htm Overview - W32/HLLP.Philis.ini is the detection for the "_desktop.ini" files created by variants of W32/HLLP.Philis virus. These are created as a hidden system files and contain the date on which virus was executed to visit the folder in which the file resides.
I can confirm that I'm seeing the same thing with McAfee VirusScan Enterprise 8.0.0.
mahsaito wrote: > Hi, Manny and joel. > > I guess McAfee software. And It found "_desktop.ini" in the Diigo Toolbar folder (I find that file in the folder, too). I feel that is false-positive virus detection. But if you don't need that file, it is better remove from distribution file. > > --- > http://vil.nai.com/vil/content/v_140656.htm > Overview - > W32/HLLP.Philis.ini is the detection for the "_desktop.ini" files created by variants of W32/HLLP.Philis virus. These are created as a hidden system files and contain the date on which virus was executed to visit the folder in which the file resides.
mattyrobuk wrote: > I can confirm that I'm seeing the same thing with McAfee VirusScan Enterprise 8.0.0.
As a further update:
There are 3 files _desktop.ini files in the archive:
1 is in the top level XPI file 2 are in the JAR archive
All 3 are infected with the virus named above according to VirusScan. Manually deleting these files from the archives allows for a successful install without any virus being detected during or after the install.
Thanks for all your help. A new toolbar has been updated with these 3 files removed.
Please note: these files are not virus and will not affect your system in any way. These were extra files caused by W32/HLLP.Philis.ini that we detected internally and removed earlier. While we successfully removed the virus, some residual files weren't properly picked up during the cleanup. However, these 3 files do nothing and will not affect your system in any way. And again, please rest assured that the toolbar itself doesn't contain any virus.
We apologize for any inconvenience. We'd like to re-iterate that we do take our toolbar security (ie. no virus / spyware / spamware policy) seriously. Should you notice anything that we haven't, we'd really appreciate our community users' prompt reporting & assistance. Once again, thanks!
Manny
It's strange. What's anti-virus software you used? We will try to reproduce it and see what happened.
I guess McAfee software. And It found "_desktop.ini" in the Diigo Toolbar folder (I find that file in the folder, too). I feel that is false-positive virus detection. But if you don't need that file, it is better remove from distribution file.
---
http://vil.nai.com/vil/content/v_140656.htm
Overview -
W32/HLLP.Philis.ini is the detection for the "_desktop.ini" files created by variants of W32/HLLP.Philis virus. These are created as a hidden system files and contain the date on which virus was executed to visit the folder in which the file resides.
mahsaito wrote:
> Hi, Manny and joel.
>
> I guess McAfee software. And It found "_desktop.ini" in the Diigo Toolbar folder (I find that file in the folder, too). I feel that is false-positive virus detection. But if you don't need that file, it is better remove from distribution file.
>
> ---
> http://vil.nai.com/vil/content/v_140656.htm
> Overview -
> W32/HLLP.Philis.ini is the detection for the "_desktop.ini" files created by variants of W32/HLLP.Philis virus. These are created as a hidden system files and contain the date on which virus was executed to visit the folder in which the file resides.
> I can confirm that I'm seeing the same thing with McAfee VirusScan Enterprise 8.0.0.
As a further update:
There are 3 files _desktop.ini files in the archive:
1 is in the top level XPI file
2 are in the JAR archive
All 3 are infected with the virus named above according to VirusScan. Manually deleting these files from the archives allows for a successful install without any virus being detected during or after the install.
Matt
Please note: these files are not virus and will not affect your system in any way. These were extra files caused by W32/HLLP.Philis.ini that we detected internally and removed earlier. While we successfully removed the virus, some residual files weren't properly picked up during the cleanup. However, these 3 files do nothing and will not affect your system in any way. And again, please rest assured that the toolbar itself doesn't contain any virus.
We apologize for any inconvenience. We'd like to re-iterate that we do take our toolbar security (ie. no virus / spyware / spamware policy) seriously. Should you notice anything that we haven't, we'd really appreciate our community users' prompt reporting & assistance. Once again, thanks!
Sincerely,
The Diigo Team
To Top