Dear Sirs, This morning (about 6:30 AM) I was using Cyberlink's PowerDirector 14 (64bit) to encode a video I was working on. Right before I started to encode the video, a warning message came up from Windows Defender warning me that it had detected a Trojan (Ransomware) program and had quarantined it. At the time I was NOT on-line. Nor was any other program running. I am running Windows 10 (64bit) on a Laptop. I went into Windows Defender to see what it had found and saw that it had detected the Trojan in the following Directory: C:\Program Files(x86)\LibreOffice 5\program\soffice.bin I have not deleted it as of yet as I wasn't sure IF you guys wanted to examine it or not. Now to let you know, I updated my copy of LibreOffice about 4-5 days ago (right from YOUR website). I usually go right to the source to do ANY updates and I am religious about them. Now whether or not this came in your update or not I do not know. Nor do I have any idea HOW it got into my system or from where. Windows Defender tells me it has the following name: Ransom:Win32/Cerber Anyway, please let me know if and when you want to examine this or not. Also how I go about sending it to you IF you want it... Thanks... Joe
If you downloaded it from the LO site it shouldn't be a virus and win defender is wrong. Maybe you can check out another virus scanner to check out your complete system. And go to: https://www.virustotal.com/ and upload the file.
(In reply to MM from comment #1) > If you downloaded it from the LO site it shouldn't be a virus and win > defender is wrong. No that is not correct. If it was downloaded directly from a TDF server it would be unlikely. But if it was downloaded from one of our network of participating mirror sites it is possible--but still unlikely. For OP we would *NEED* to know the participating mirror it was downloaded from so we can alert the maintainer that they may have an issue. Otherwise, the downloaded install packages should alwasy be verified--either the package signature, or at the least the HASH value should be calculated and compared to the LibreOffice HASH values provided in the MirrorBrain "Details" tab for each binary. Suggest if you kept the installer, that you do so now--just for peace of mind. You can obtain the MirrorBrain details directly from TDF archive here: http://downloadarchive.documentfoundation.org/libreoffice/old/
I have the same issue with windows 10 64 bit version 5.1.5 x86 Windows says the installers digital certificate is okay. I got it from LO website as well. I will treat as a false positive for now but I believe it will prevent many other windows users from using LO.
(In reply to V Stuart Foote from comment #2) > (In reply to MM from comment #1) > > If you downloaded it from the LO site it shouldn't be a virus and win > > defender is wrong. > > No that is not correct. If it was downloaded directly from a TDF server it > would be unlikely. But if it was downloaded from one of our network of > participating mirror sites it is possible--but still unlikely. > Well I did say 'shouldn't', not 'couldn't'....
*** This bug has been marked as a duplicate of bug 103356 ***