edit retag close merge delete

2

( 2020-03-08 13:20:58 +0100 )edit
2

To add to what @Lupp said (and please answer his questions) SAntivirus Realtime is known malware. See link text for example.

LibreOffice does not offer to install any additional software ("apps/features/extensions") and never has.

( 2020-03-08 18:21:21 +0100 )edit

( 2020-03-09 10:05:38 +0100 )edit

Your link is http://libreoffice.org/ which is an unsecure HTTP-link. My browsers do all switch automatically to https://libreoffice.org/ which is a secure encrypted HTTPS-link, where people can see which certificate is affiliated with the connection. Which browser are you using?

( 2020-03-09 12:48:09 +0100 )edit
2

@sveinki: OP has just typed libreoffice.org without any protocol (and it was automatically linkified by the AskBot). In fact, that was not a proper answer from OP at all, given the detailed instructions from @keme.

E.g., OP could mis-type a character back then when downloading LibreOffice, and be using some malicious site with a similar name; now typing it here, the same typo could not happen. Or some specific mirror hosting packages could get compromised. That's why copy-pasting of the download URL is needed, not some addresses typed anew from memory.

( 2020-03-09 13:08:14 +0100 )edit

same me got the unwanted program, just follow free instruction how to get rid of SAntivirus also called segurazo

( 2021-02-15 13:33:58 +0100 )edit

Sort by » oldest newest most voted

more

( 2020-03-09 10:05:15 +0100 )edit

@Vesta C.R.: please read @keme's description of what is needed to identify the problem. LibreOffice site allows you to choose what to download; but the download itself happens from one of multiple mirrors throughout the world (provided by third parties who donate their servers and bandwidths to host the packages: otherwise, The Document Foundation would possibly be unable to serve millions of downloads). All mirrors must give you the same packages. If some mirror became corrupted/compromised, we need the specific URL of the download, not of the page that you used to choose.

( 2020-03-09 10:48:14 +0100 )edit
1

I would suggest to post any probably unclean link here always as preformatted text to avoids its calling a site on inadvertent clicks. E.g. http://libreoffice.org/

( 2020-03-09 13:25:28 +0100 )edit

I find a very troubling behavior on community boards (besides the fact that rich companies are getting away with free customer service for their products) When someone says they have an issue, then they have an issue. What they say they did, then thats what the did. Some will say "you must have meant this.. or that... then the answer given is based on that assumption.

the reality is, I myself have downloaded libre and when sending the saved document to my wife at work, it attached malware. She opened it up, and could read the letter. then she went to print. and it said "disable protection?" She clicked "yes" and it printed, but then she ended up with ads due to malware.

I am not computer illiterate. Lets say I myself have adware lurking and it attached to the outgoing email. if that's the case, it would also be present in something other than the one program...Libre

But if there is a breech making libre vulnerable, or the site itself is doing it and making profit by doing it to people that actually dont have libre in the first place, who try to use files made in libre, the OP issue remains...it happens. And NO, it wasnt downloaded from some misleading website. I am fully aware of how to download things.

so here is your out, if you already don't see it. You can say, "well you likely have malware" and ignore that its libre which facilitated it. Or you can start to wonder is libre doing it as of recent, to non libre users, or for a time they may have had an issue that was corrected.

We would never know, because like most giant companies, the actual employees never or rarely ever speak on anything to provide actual customer care.

Lets be clear. there is no such thing as a free program anymore at levels like libre. they want to make money. how are they doing that?

the question was, "how do I get rid of it"

An easy answer would be getting CCleaner from this link. After running the program, you can have it show what programs are on your computer, based of date of install. Find the date you got Libre or came in contact with libre, and see if there is another program installed on that same date and time.

Delete that program.

this fix assumes that the program attached wasnt trying to be evil, and deliberately made to hide on the computer. to fix one that ISNT being shown that easily, you need a program called Malwarebytes (NEVER NORTON! they are worse than the pop ups are as far as I am concerned, demanding I renew, or upgrade, bla bla bla)

Learn about Malwarebytes somewhere else though thats more involved. My answer is based on the facts presented to me. that the person downloaded properly. Likely when asked, the person just typed libreoffice.org as an answer, and the ...

more

2

Nevertheless TDF infrastructure guys must investigate the case. As explained by @keme, telling the malware was downloaded from libreoffice is insufficient evidence. The URL could have been libre.office.org, libre-office.org or even libreoffice.net, all similar enough to the real URL that memory will swear it was the real URL.

I tried libre.office.org and you reach a site proposing download. The page has the official LO logo but is not TDF controlled. And the supposed version is not up-to-date (claiming 6.4.2).

And I don't speak of a possible replacement of letter o by digit 0 which a favourite if ill-intended people to catch involuntary typos through their site.

Everybody is taking the issue seriously but there is an utter need for technically accurate information. So, if you also experienced malware downloading, report the URL according to @keme's procedure.

( 2020-11-21 18:26:44 +0100 )edit

Hey, everyone, the question is 8 months old and the OP never did properly answer the question about where exactly (full URL) the download came from. Let us not agonize over someone's evident computer illiteracy.

( 2020-11-21 21:23:48 +0100 )edit
1

the question is 8 months old [,,,] Let us not agonize over someone's evident computer illiteracy.

Whereas this particular question is getting old, the issue is recurring. The download indirection is a lasting solution. When the answer is not straightforward, conveyng the complexity itself is useful. The download redirection is automated most of the time, and currently there is no clue, not even a new mirror site page turning up.

We, the users, have varying levels of computer literacy. Working in 1st/2nd tier support in a secondary school, serving students, teachers and guests, I see all levels and I recognize that not everyone possess the resources (be it time, motivation, info source, or intellect) to bring them up to the desired literacy level.

Not agonizing, but let's work together, helping each other out. We are good at different things.

Help may be in the form of "what happened ...(more)

( 2020-11-22 15:16:17 +0100 )edit

Good points, @keme. And I agree with you.

( 2020-11-22 21:29:28 +0100 )edit

I also have a bunch of malware immediately since updating Writer directly through the client-side update process. Now I have a masquerading version of TMeter hogging up resources I have to deal with. Aside from the suspicious NXr gang you have managing your english dictionary gits, now this. LibreOffice is dead to me.

more

This is not a solution to the initial problem. Copy your "non answer" as a comment under the question.

While you're at it, provide useful information. As is, it is only a "me too" and is worth nothing to identify the cause. Copy the URL you downloaded from so that we can make sure it comes from the official site. Hackers are very good at masquerading real URLs in very subtle ways.

What is your OS? Sometimes, vulnerable OSes (like Windows) can be altered so that the legitimate URLs are redirected to infected sites.

Tell us which procedure you followed. Describe it thoroughly, step by step.

( 2020-11-28 20:51:12 +0100 )edit

Ah yes, the classical defensive pedantry from the LibreOffice gang.

Okay, here are the steps:

1. Use your janky writer app that's been knownto be vulnerable to malware exploits.

2. Get an annoying popup in the top right-hand corner for a month urging me to update. Click it with the hopes that feedback issued last month about racist spellcheck suggestions lead to some fixes.

3. Download the installer, install and grow suspicious of the lengthy installation and deployment and registry-related processes.

4. Immediately notice performance drops associated with weird pseudo-windows processes in task manager, NOD32 dings.

5. Uninstall this mess

( 2020-11-28 22:12:51 +0100 )edit

Ah yes, the classical rant of frustrated egotist ones who don't realize we aren't official TDF representatives but simple users trying to help other users and sharing whatever knowledge we gained about the suite.

You don't even provide basic information allowing to understand the issue: what is your OS? Some OSes are well known for their vulnerability.

You didn't tell where you got the app from start. Is it from a trusted site? The only way to tell is to quote exactly the URL. There are too many download sites luring you into thinking they are endorsed.

You didn't mention the suite version.

You didn't even read the How to use the Ask site page nor the Guidelines.

Apart from sympathizing for the mishap, what do you expect from us without minimal information?

( 2020-11-29 08:06:47 +0100 )edit

Heh, the first "link" was in fact two separate links - one and two - the second one was also posted separately...

and the user was so clueless that didn't realize how those two links were contradicting the premise: the first one told about TDF trying hard to follow all Apple's published procedures, and still Apple issuing wrong warnings, undermining the value of its own "protection" (if its protection does not pass applications notarized as it requires, making it necessary for users to override the protection, then the protection would do no good in a real treat case); the other was about a vulnerability that was instantly fixed in LibreOffice - that is known for its reactivity to such problems - but not in AOO, which is mentioned in the article...

( 2020-12-16 07:29:59 +0100 )edit

Till now no solution. Why are the affected links not removed till now. How many systems are successfully infected.

more

This is not a solution to the problem.