Trojan Horse in Download from this site


New Member
I downloaded Eraser 5.6 last night from this site from the Phoenix location that popped up when I clicked on download.
When I installed it, Norton Anti Virus told me I had a Trojan Horse and that they were familiar with it and that I should delete the file. I did delete it and promptly removed my newly downloaded eraser and deleted that download as well.
I just wanted to let someone know that there is a corrupt download associated with this site.

Dan in Arizona :^)
Instead of just notifying us here, you should also notify Symantec that their product gives a false positive.

I have previously downloaded and installed the same copy of Eraser 5.6 that you just did (and I just did an MD5 hash check to verify that they were 100% identical). Neither BOClean, nor TDS-3, nor PC-cillin 2003 batted an eye. All three of those utilities are better at trojan detection than Norton is.

What trojan did it say the file was infected with? What was the "infected" file name?
Any setup exe that we distribute has been digitally signed.

Your erasersetup.exe has a filesize (from explorer)of 2682kb

Right clicking on erasersetup.exe and choosing properties will bring up a screen with tabs on the top. one of these will say digital signatures. Click it and you can then validate it has a digital cert from Heidi Computers Ltd date 19 January 2003 17:09:36

If you cannot see a tab for digital signatures Then there is an issue with the install exe. It has been tampered with.

Please verify this and report back.

At I saw a similar warning from a user who posted a negative review about a trojan-infected download or Eraser from "phoenix."

I dont know if you want to correct that or have it removed.

I checked the digital signature tabs of my 5.6a and it seemed okay. I have not gone to the trouble of further pgp efforts regarding the digital signature.
Maybe somebody should contact SourceForges Phoenix host and ask them to replace the copy they have with a new one.
>>Maybe somebody should contact SourceForges Phoenix host and ask >>them to replace the copy they have with a new one.

Are you saying that the Sourceforge version has been altered?
If this is so then the only way to resolve this is to purge the entire SF archive and re-upload.

We have no reports of this been an issue. I get tons of eraser mail every week, if this was an issue I would know about it pretty quick.

PS: I have downloaded from the phoenix mirror here ...

There is no trojan and the digital signature is intact.