Hi, My IT department instructed me to uninstall Windows 64-bit: rtools40-x86_64.exe as it contained a virus which they identified at https://www.virustotal.com/gui/file/5c10d60e73dd0186e8f886ef0b9388bb7dbdfdc17366c14c16183edb08fdb58a/detection Kind Regards, Dr Gavan McGrath, PhD, B.E. Research Scientist Biodiversity and Conservation Science Department of Biodiversity, Conservation and Attractions Street Address: 17 Dick Perry Avenue, Kensington, WA 6151, Australia Postal Address Locked Bag 104, Bentley Delivery Centre, WA 6983, Australia Phone: +618 9219 9447 Mobile: +61 458 559 765 Email: gavan.mcgrath at dbca.wa.gov.au Adjunct Research Fellow School of Agriculture and Environment The University of Western Australia Perth, Western Australia Email: gavan.mcgrath at uwa.edu.au ________________________________ This message is confidential and is intended for the recipient named above. If you are not the intended recipient, you must not disclose, use or copy the message or any part of it. If you received this message in error, please notify the sender immediately by replying to this message, then delete it from your system.
Rtools virus
4 messages · Jeff Newmiller, Gavan McGrath, Ivan Krylov
2 days later
Sorry to hear that. It is most likely a false positive (antivirus software has little incentive to minimise false positives), but no one here can follow up on your report because you did not say precisely which website you downloaded it from.
On May 5, 2020 8:50:12 PM PDT, Gavan McGrath <gavan.mcgrath at dbca.wa.gov.au> wrote:
Hi, My IT department instructed me to uninstall Windows 64-bit: rtools40-x86_64.exe as it contained a virus which they identified at https://www.virustotal.com/gui/file/5c10d60e73dd0186e8f886ef0b9388bb7dbdfdc17366c14c16183edb08fdb58a/detection Kind Regards, Dr Gavan McGrath, PhD, B.E. Research Scientist Biodiversity and Conservation Science Department of Biodiversity, Conservation and Attractions Street Address: 17 Dick Perry Avenue, Kensington, WA 6151, Australia Postal Address Locked Bag 104, Bentley Delivery Centre, WA 6983, Australia Phone: +618 9219 9447 Mobile: +61 458 559 765 Email: gavan.mcgrath at dbca.wa.gov.au Adjunct Research Fellow School of Agriculture and Environment The University of Western Australia Perth, Western Australia Email: gavan.mcgrath at uwa.edu.au
________________________________ This message is confidential and is intended for the recipient named above. If you are not the intended recipient, you must not disclose, use or copy the message or any part of it. If you received this message in error, please notify the sender immediately by replying to this message, then delete it from your system. ______________________________________________ R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
Sent from my phone. Please excuse my brevity.
Thanks Jeff, It was downloaded from https://cran.r-project.org/bin/windows/Rtools/ Kind Regards, Gavan Dr Gavan McGrath, PhD, B.E. Research Scientist Biodiversity and Conservation Science Department of Biodiversity, Conservation and Attractions Street Address: 17 Dick Perry Avenue, Kensington, Postal Address Locked Bag 104, Bentley Delivery Centre, WA 6983 Phone: +618 9219 9447 Mobile: +61 458 559 765 Email: gavan.mcgrath at dbca.wa.gov.au
From: Jeff Newmiller <jdnewmil at dcn.davis.ca.us>
Sent: Friday, May 8, 2020 10:58:34 PM
To: r-help at r-project.org <r-help at r-project.org>; Gavan McGrath <gavan.mcgrath at dbca.wa.gov.au>; r-help at R-project.org <r-help at R-project.org>
Subject: Re: [R] Rtools virus
Sent: Friday, May 8, 2020 10:58:34 PM
To: r-help at r-project.org <r-help at r-project.org>; Gavan McGrath <gavan.mcgrath at dbca.wa.gov.au>; r-help at R-project.org <r-help at R-project.org>
Subject: Re: [R] Rtools virus
[External Email] This email was sent from outside the department ? be cautious, particularly with links and attachments. Sorry to hear that. It is most likely a false positive (antivirus software has little incentive to minimise false positives), but no one here can follow up on your report because you did not say precisely which website you downloaded it from. On May 5, 2020 8:50:12 PM PDT, Gavan McGrath <gavan.mcgrath at dbca.wa.gov.au> wrote: >Hi, >My IT department instructed me to uninstall Windows 64-bit: >rtools40-x86_64.exe as it contained a virus which they identified at > >https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.virustotal.com%2Fgui%2Ffile%2F5c10d60e73dd0186e8f886ef0b9388bb7dbdfdc17366c14c16183edb08fdb58a%2Fdetection&data=02%7C01%7Cgavan.mcgrath%40dbca.wa.gov.au%7Cd11b1d11755f4072370108d7f3604a58%7C7b934664cdcf4e28a3ee1a5bcca0a1b6%7C1%7C0%7C637245467257277714&sdata=KQOX0z8gqcwhZaR9CUNpDMN1WCMTOFeqzafAoiQEYIw%3D&reserved=0 > >Kind Regards, > >Dr Gavan McGrath, PhD, B.E. > >Research Scientist >Biodiversity and Conservation Science >Department of Biodiversity, Conservation and Attractions >Street Address: 17 Dick Perry Avenue, Kensington, WA 6151, Australia >Postal Address Locked Bag 104, Bentley Delivery Centre, WA 6983, >Australia >Phone: +618 9219 9447 Mobile: +61 458 559 765 >Email: gavan.mcgrath at dbca.wa.gov.au > >Adjunct Research Fellow >School of Agriculture and Environment >The University of Western Australia >Perth, Western Australia >Email: gavan.mcgrath at uwa.edu.au > >________________________________ >This message is confidential and is intended for the recipient named >above. If you are not the intended recipient, you must not disclose, >use or copy the message or any part of it. If you received this message >in error, please notify the sender immediately by replying to this >message, then delete it from your system. > >______________________________________________ >R-help at r-project.org mailing list -- To UNSUBSCRIBE and more, see >https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstat.ethz.ch%2Fmailman%2Flistinfo%2Fr-help&data=02%7C01%7Cgavan.mcgrath%40dbca.wa.gov.au%7Cd11b1d11755f4072370108d7f3604a58%7C7b934664cdcf4e28a3ee1a5bcca0a1b6%7C1%7C0%7C637245467257287711&sdata=GDLcw1UMHpiVcfAWoqdNaloY1phY%2FI0mMPaiX8TaJr8%3D&reserved=0 >PLEASE do read the posting guide >https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.r-project.org%2Fposting-guide.html&data=02%7C01%7Cgavan.mcgrath%40dbca.wa.gov.au%7Cd11b1d11755f4072370108d7f3604a58%7C7b934664cdcf4e28a3ee1a5bcca0a1b6%7C1%7C0%7C637245467257287711&sdata=isvQYq8ImiPnxS0OoMae5eGCzx6M9EXs85iVpEQ52uk%3D&reserved=0 >and provide commented, minimal, self-contained, reproducible code. -- Sent from my phone. Please excuse my brevity. ________________________________ This message is confidential and is intended for the recipient named above. If you are not the intended recipient, you must not disclose, use or copy the message or any part of it. If you received this message in error, please notify the sender immediately by replying to this message, then delete it from your system.
On Fri, 08 May 2020 07:58:34 -0700
Jeff Newmiller <jdnewmil at dcn.davis.ca.us> wrote:
no one here can follow up on your report because you did not say precisely which website you downloaded it from
To be fair, the SHA-256 sum in the VirusTotal report matches the one of rtools40-x86_64.exe: wget -qO- \ https://cran.r-project.org/bin/windows/Rtools/rtools40-x86_64.exe | \ sha256sum - # 5c10d60e73dd0186e8f886ef0b9388bb7dbdfdc17366c14c16183edb08fdb58a - But I do agree that this is most likely a false positive: the AV engine that detected it seems to be one of the less widely used and the virus description [*] is as generic as it gets (if one is to believe Google Translate).
Best regards, Ivan [*] http://virusinfo.jiangmin.com/queryInfo.asp?virword=Trojan.Pincav.aml