August 15th, 2008

Setup.bin is probably not a Trojan horse

Heath Stewart
Principal Software Engineer

Some virus scanning application have been reporting that setup.bin is a Trojan horse containing one of the following viruses:

  • Win32:Trojan-gen
  • Win32:Trojan-gen {Other}
  • Backdoor.Win32.VB.ffx

This file is typically installed to C:Program FilesMicrosoft SDKsWindowsv6.0ABootstrapperEnginesetup.bin by the Windows SDK and is actually setup.exe that has been renamed to setup.bin. This file is used when you build your own installation package that can chain install packages like .NET, Report Viewer, SQL, the VC runtime, Visual Tools for Office runtime, and Windows Installer.

Jeremy Kelley, a program manager in our Community Connections team, posted the following to an MSDN forums thread where this was reported.

Hi everyone, I know you’ve all been waiting anxiously for a response from us on this issue, and we appreciate your patience. Since the issue was first reported, we’ve been working with the AV companies to confirm the virus alert on setup.bin as a false positive.

The AV companies have all been great helping us get this resolved; with them, we are ensuring that this is properly addressed in updated virus definition files from each of the companies. While there are some scanners that are still flagging this as a virus, the majority of our partners have already updated their signatures.

For more information on which scanners have updated signatures for this, please see this site: http://www.virustotal.com/analisis/a3afa20071b67a8fa794173be1ec60d5 If you are running a scanner that is still detecting a virus in setup.bin, please watch for updated signatures from your AV vendor to resolve the issue.

Thanks to everyone who reported the issue, we appreciate the early heads up each of you have given us. I’ll be around here on the thread if anyone has any other questions with this issue.

-Jeremy Kelley
Program Manager
Developer Division Community Connection Team
Microsoft

If this file was already quarantined I recommend you update your virus definitions and re-scan it. If no problems are found please restore it to its original location.

Author

Heath Stewart
Principal Software Engineer

Heath is an application architect and developer, looking to help educate others to learn professional development. Besides designing and developing applications he enjoys writing about intermediate and advanced topics. Heath also consults for deployment packages and scenarios within Microsoft and for external customers.

0 comments

Discussion are closed.