TeX Live and MacTeX

burke · Post by **burke** » Sat Aug 27, 2011 9:59 pm

Has anyone run across this spyware or whatever it is in TeXLive 2011? BAT.CMDFlood

It was found (on two different machines) using ClamXav:

/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties: BAT.CMDFlood FOUND
ERROR: Can't unlink '/usr/local/texlive/2011/texmf-dist/context/data/scite/cont-pe-scite.properties': Permission denied

To elaborate: It is also in the 2010 distribution but not 2009.

$LaTeX Beginner's Guide$ $LaTeX Cookbook$ $LaTeX TikZ graphics$ $TikZによるLaTeXグラフィックス$

gefion777 · Post by **gefion777** » Thu Sep 15, 2011 6:43 am

Found BAT.CMDFlood today on my Mac using ClamXav. Viewed the file in a terminal window using the "More" command. At the beginning the file looks similar to the english version (cont-en-scite.properties). Later strange non-latin characters and several Unicode U+200C characters (zero-width non-joiner) show up.

Seems to be either a corrupted or a hijacked language file.

Decided to delete it using a sudo rm cont-pe-scite.properties command.

justdeath · Post by **justdeath** » Mon Sep 19, 2011 7:09 pm

This is written in Persian language.
The filename is: cont-pe-scite.properties
Obviously pe is short from Persian.

http://translate.google.com/#fa|en|
The language is also known as Farsi, that is why google says fa.

You can translate some strings to see for yourself.

Nikolay

LaTeX.org

TeX Live and MacTeX ⇒ BAT.CMDFlood - Possible Spyware

BAT.CMDFlood - Possible Spyware

BAT.CMDFlood - Possible Spyware

Re: BAT.CMDFlood - Possible Spyware