Lenovo Driver Downloads Infected With Malware / Viruses?

Performance, hardware, software, general buying and gaming discussion..
Post Reply
Message
Author
Shredder11
Junior Member
Junior Member
Posts: 259
Joined: Sat Jun 30, 2012 6:25 pm
Location: Bradford, West Yorkshire, England

Lenovo Driver Downloads Infected With Malware / Viruses?

#1 Post by Shredder11 » Wed Apr 01, 2015 1:14 pm

*** IT SEEMS MY CONCERNS WERE MISPLACED - LENOVO EOL DOWNLOADS ARE VIRUS & MALWARE FREE ***

I've recently found that when downloading drivers from the Lenovo site, both Microsoft Security Essentials and ESET NOD32 v7.0.325.1 (I was on v4.2 before) anti-virus products report dangerous malware / viruses and proceed to destroy and quarantine the files. So every time I go into a Thinkpad related folder on my NAS hard drive, my anti-virus programs start going crazy and removing files that have not caused concern or problems before with older AV versions of say ESET. Since the recent security scandal around Lenovo, are AV software makers treating all Lenovo data as suspicious?

I have been downloading from this particular site, Lenovo EOL (End Of Life Portal):

http://download.lenovo.com/eol/index.html
Last edited by Shredder11 on Wed Apr 08, 2015 7:06 am, edited 3 times in total.
Z61p x3 (C2D T7600, 3GB, 500GB SSD, BCM70015, Advanced Dock x1, Mini Dock x2)
X61 (C2D T7500, 3GB, 250GB SSD, BCM70015)
X61s (2GB, 120GB SSD)
X60s (CD L2400, 3GB, 160GB)
T43p (P M 760, 2GB, IBM Port Replicator II)
G40 x2 (P4 2.8GHz, 2GB, 60GB)
G41 (P4 3.46GHz, 2GB, 40GB)

twistero
Senior Member
Senior Member
Posts: 851
Joined: Sun Feb 26, 2012 2:25 am
Location: Princeton, New Jersey
Contact:

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#2 Post by twistero » Wed Apr 01, 2015 4:05 pm

Try submitting the file / link to VirusTotal:
https://www.virustotal.com/en/
X60 tablet 6363-P3U, 3GB ram, 128GB SanDisk Extreme SSD, SXGA+ screen, Intel 6300
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card

Shredder11
Junior Member
Junior Member
Posts: 259
Joined: Sat Jun 30, 2012 6:25 pm
Location: Bradford, West Yorkshire, England

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#3 Post by Shredder11 » Wed Apr 01, 2015 7:30 pm

It's doing it with most of the drivers and utilities and maybe just false detection. At first I thought in light of recent issues (see below) I had accidentally spread infection to the Lenovo files on my NAS, but after re-downloading the same files again from the Lenovo site on an uninfected laptop, the files were zapped by my anti-virus software.


I just did a quick submission to the VirusTotal site with 7ora09ww_LAN_Ethernet_Win_XP.exe, which reported 52 of 56 virus scanners saying it was infected. I then tried a few more including the fingerprint software p961b_fprx32_562ww.exe and that reported 49 / 56 with only seven giving the all clear.


I have recently had a virus on my computers for the first time in fifteen years but no idea how I got it, the !My Picutre.scr which creates a folder with the same name and an orange icon. I hopefully have got rid of it now but it was causing real havoc on my G41 last week; clicking on exe files caused them to error and not install; blue screens and reboots etc; internet connection and LAN stopped working, plus I had a DOS box pop up with a dl.exe name, which I think infected most of the files on my G41 Windows installation. I have not noticed any sign of it on my NAS drive shares yet and nothing on the X61s I am typing on now.


I think I need to burn a disc of all my drivers before I lose them all! :(
Z61p x3 (C2D T7600, 3GB, 500GB SSD, BCM70015, Advanced Dock x1, Mini Dock x2)
X61 (C2D T7500, 3GB, 250GB SSD, BCM70015)
X61s (2GB, 120GB SSD)
X60s (CD L2400, 3GB, 160GB)
T43p (P M 760, 2GB, IBM Port Replicator II)
G40 x2 (P4 2.8GHz, 2GB, 60GB)
G41 (P4 3.46GHz, 2GB, 40GB)

sarbin
ThinkPadder
ThinkPadder
Posts: 1146
Joined: Sat Apr 17, 2004 11:56 pm
Location: Central VA

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#4 Post by sarbin » Thu Apr 02, 2015 12:19 am

Out of curiosity, I downloaded:
- http://download.lenovo.com/ibmdl/pub/pc ... ra09ww.exe
-- arrived at by navigating the EOL driver site (machine=Z61p)
-- Broadcom NetXtreme/NetLink Fast/Gigabit Ethernet Software
-- v10.35.0.0 (Release 10.4.4)
-- October 24, 2008

ESET NOD32 AV v8.0.304.0, signature db 11414
- reports the file as clean

VirusTotal, analysis date: 2015-04-02 05:00:58 UTC
- 0/57 scanners report any detections

Interesting that your file is named differently and that my scan at VirusTotal challenged the file with 57 (vs your run with 56) scanners.

Edit to add: Just DL'ed and tested the other file:
- http://download.lenovo.com/ibmdl/pub/pc ... _562ww.exe
-- obtained as above
-- same clean bill of health locally and at VirusTotal
Current: X1CT-G3 / Helix-G1 / X220 / T61p / T60p / X301 / X200T / Yoga 3 Pro
Support: T520 / T510 / T420 / T400 / R400 / T61 / Yoga 2 Pro / Yoga 13
Hall of Fame: A31p --- Retired: T43 / T30 / T22 / 600X / 380XD

RealBlackStuff
Admin
Admin
Posts: 17485
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA USA
Contact:

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#5 Post by RealBlackStuff » Thu Apr 02, 2015 3:08 am

Someone/something playing an April Fool's prank?
Lovely day for a Guinness! (The Real Black Stuff)

Check out The Boardroom for Parts, Mods and Other Services.

Shredder11
Junior Member
Junior Member
Posts: 259
Joined: Sat Jun 30, 2012 6:25 pm
Location: Bradford, West Yorkshire, England

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#6 Post by Shredder11 » Thu Apr 02, 2015 8:45 am

No definitely not a prank I promise! I should have delayed posting I suppose to avoid people thinking that. After closer inspection and further scanning of other files, it is a mixed bag of results. I'm finding clean files and infected ones of the same name on my drive. I got most of them via the Lenovo sites, but cannot be 100% sure if I have somehow cross contaminated them with files from other sources. I have downloaded those two files again with no problems this time, and I saved to the laptop rather than the NAS.

I have also scanned my x60s folder of drivers downloaded in 2012 from the Lenovo site before they changed to the EOL version. The ESET scan revealed around 62 infected files out of approx 250 scanned and all with the same Win32/Tenga.gen virus.


So I guess I will have to delete nearly everything and start again, and then make a backup of non-infected drivers etc to a blank DVD disc.
Z61p x3 (C2D T7600, 3GB, 500GB SSD, BCM70015, Advanced Dock x1, Mini Dock x2)
X61 (C2D T7500, 3GB, 250GB SSD, BCM70015)
X61s (2GB, 120GB SSD)
X60s (CD L2400, 3GB, 160GB)
T43p (P M 760, 2GB, IBM Port Replicator II)
G40 x2 (P4 2.8GHz, 2GB, 60GB)
G41 (P4 3.46GHz, 2GB, 40GB)

Shredder11
Junior Member
Junior Member
Posts: 259
Joined: Sat Jun 30, 2012 6:25 pm
Location: Bradford, West Yorkshire, England

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#7 Post by Shredder11 » Thu Apr 02, 2015 5:37 pm

Well it appears that I have had the Win32/Tenga.gen virus trashing the data on my 6TB NAS drive. It seems to attack .exe files and potentially very dangerous, so I am busy seeing what I have left of any use on my drive. It seems like the zipped files have escaped infection, although I will need to double check.
Z61p x3 (C2D T7600, 3GB, 500GB SSD, BCM70015, Advanced Dock x1, Mini Dock x2)
X61 (C2D T7500, 3GB, 250GB SSD, BCM70015)
X61s (2GB, 120GB SSD)
X60s (CD L2400, 3GB, 160GB)
T43p (P M 760, 2GB, IBM Port Replicator II)
G40 x2 (P4 2.8GHz, 2GB, 60GB)
G41 (P4 3.46GHz, 2GB, 40GB)

Saucey
Senior Member
Senior Member
Posts: 836
Joined: Tue Nov 06, 2012 9:22 pm
Location: San Diego, California
Contact:

Re: Lenovo Driver Downloads Infected With Malware / Viruses?

#8 Post by Saucey » Thu Apr 02, 2015 7:01 pm

Best of luck backing up.
I haven't had a virus for about 6 years, been setting back updating java/flash and BAM got infected while websurfing.
Didn't feel like pinpointing the svchost.exe process it took a hold of, linux on my X61T now.
Incompitent(sp?) Electronic Recycler: caffeine addicted, techno blasting, ThinkPad hoarder.

Current: T430s, T431s, Pixel, MC207LL/A
Still around: X61T, A31p, T43p
Past: W700ds, X1C3, 701C, T60p

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Thinkpad - General HARDWARE/SOFTWARE questions”

Who is online

Users browsing this forum: No registered users and 1 guest