Thinkpads Forum

*** IT SEEMS MY CONCERNS WERE MISPLACED - LENOVO EOL DOWNLOADS ARE VIRUS & MALWARE FREE ***

I've recently found that when downloading drivers from the Lenovo site, both Microsoft Security Essentials and ESET NOD32 v7.0.325.1 (I was on v4.2 before) anti-virus products report dangerous malware / viruses and proceed to destroy and quarantine the files. So every time I go into a Thinkpad related folder on my NAS hard drive, my anti-virus programs start going crazy and removing files that have not caused concern or problems before with older AV versions of say ESET. Since the recent security scandal around Lenovo, are AV software makers treating all Lenovo data as suspicious?

I have been downloading from this particular site, Lenovo EOL (End Of Life Portal):

http://download.lenovo.com/eol/index.html

Try submitting the file / link to VirusTotal:
https://www.virustotal.com/en/

It's doing it with most of the drivers and utilities and maybe just false detection. At first I thought in light of recent issues (see below) I had accidentally spread infection to the Lenovo files on my NAS, but after re-downloading the same files again from the Lenovo site on an uninfected laptop, the files were zapped by my anti-virus software.


I just did a quick submission to the VirusTotal site with 7ora09ww_LAN_Ethernet_Win_XP.exe, which reported 52 of 56 virus scanners saying it was infected. I then tried a few more including the fingerprint software p961b_fprx32_562ww.exe and that reported 49 / 56 with only seven giving the all clear.


I have recently had a virus on my computers for the first time in fifteen years but no idea how I got it, the !My Picutre.scr which creates a folder with the same name and an orange icon. I hopefully have got rid of it now but it was causing real havoc on my G41 last week; clicking on exe files caused them to error and not install; blue screens and reboots etc; internet connection and LAN stopped working, plus I had a DOS box pop up with a dl.exe name, which I think infected most of the files on my G41 Windows installation. I have not noticed any sign of it on my NAS drive shares yet and nothing on the X61s I am typing on now.


I think I need to burn a disc of all my drivers before I lose them all!

Out of curiosity, I downloaded:
- http://download.lenovo.com/ibmdl/pub/pc ... ra09ww.exe
-- arrived at by navigating the EOL driver site (machine=Z61p)
-- Broadcom NetXtreme/NetLink Fast/Gigabit Ethernet Software
-- v10.35.0.0 (Release 10.4.4)
-- October 24, 2008

ESET NOD32 AV v8.0.304.0, signature db 11414
- reports the file as clean

VirusTotal, analysis date: 2015-04-02 05:00:58 UTC
- 0/57 scanners report any detections

Interesting that your file is named differently and that my scan at VirusTotal challenged the file with 57 (vs your run with 56) scanners.

Edit to add: Just DL'ed and tested the other file:
- http://download.lenovo.com/ibmdl/pub/pc ... _562ww.exe
-- obtained as above
-- same clean bill of health locally and at VirusTotal

Someone/something playing an April Fool's prank?

No definitely not a prank I promise! I should have delayed posting I suppose to avoid people thinking that. After closer inspection and further scanning of other files, it is a mixed bag of results. I'm finding clean files and infected ones of the same name on my drive. I got most of them via the Lenovo sites, but cannot be 100% sure if I have somehow cross contaminated them with files from other sources. I have downloaded those two files again with no problems this time, and I saved to the laptop rather than the NAS.

I have also scanned my x60s folder of drivers downloaded in 2012 from the Lenovo site before they changed to the EOL version. The ESET scan revealed around 62 infected files out of approx 250 scanned and all with the same Win32/Tenga.gen virus.


So I guess I will have to delete nearly everything and start again, and then make a backup of non-infected drivers etc to a blank DVD disc.

Well it appears that I have had the Win32/Tenga.gen virus trashing the data on my 6TB NAS drive. It seems to attack .exe files and potentially very dangerous, so I am busy seeing what I have left of any use on my drive. It seems like the zipped files have escaped infection, although I will need to double check.

Best of luck backing up.
I haven't had a virus for about 6 years, been setting back updating java/flash and BAM got infected while websurfing.
Didn't feel like pinpointing the svchost.exe process it took a hold of, linux on my X61T now.