Context Navigation

← Previous Ticket
Next Ticket →

#15306 closed defect (nonchimerax)

Potential trojan in looking_glass bundle

Reported by:	mdmxd4@…	Owned by:	Tom Goddard
Priority:	normal	Milestone:
Component:	UI	Version:
Keywords:		Cc:	Greg Couch
Blocked By:		Blocking:
Notify when closed:		Platform:	all
Project:	ChimeraX

Description

Hello,

This may be an issue for myself or someone else, but I wanted to inform you that a Trojan appears to have tagged along with my download of ChimeraX.  The info is below:

Event: Object deleted
User type: Active user
Application name: explorer.exe
Application path: C:\Windows
Component: File Anti-Virus
Result description: Deleted
Type: Trojan
Name: VHO:Trojan.Win32.Yephiler.gen
Precision: Heuristic Analysis
Threat level: High
Object type: File
Object name: HoloPlayCore.dll
Object path: C:\Program Files\ChimeraX 1.8rc202405220104\bin\Lib\site-packages\chimerax\looking_glass\lib
MD5: 135B1B5AACB8DD1EB34E7DE3036FB0A1



  *   Miles

Change History (2)

comment:1 by Eric Pettersen, 17 months ago

Cc:	Greg Couch added
Component:	Unassigned → UI
Owner:	set to Tom Goddard
Platform:	→ all
Project:	→ ChimeraX
Status:	new → assigned
Summary:	Potential issue with ChimeraX download → Potential trojan in looking_glass bundle

Reported by Miles Mayer

comment:2 by Tom Goddard, 17 months ago

Resolution:	→ nonchimerax
Status:	assigned → closed

Thanks for the info.

This library HoloPlayCore.dll is from the company LookingGlass part of their HoloPlayCore 0.1.0 distributiohn and has been shipped with ChimeraX versions since 2020. I think it is highly likely this Trojan detection is a false positive. You are the first in 4 years to report this even though almost everyone runs antivirus scans. If convincing evidence is given that this library from LookingGlass is malicious then I can remove it.

Note: See TracTickets for help on using tickets.

Download in other formats: