Instead of wasting our time (I did a very thorough research, on a saturday night!) you should simply clean the virus from your system. You yourself (more correctly: your infected PC) put the virus into the executable. Unfortunately I didn't do the obvious first: Using http://virusscan.jotti.org/ tells me that the executable is totally clean. The file size is perfectly fine: You should have noticed that Roby0.3.exe also contains DOSBox itself. In totel that's around 1.5MB zipped. Roby0.3.exe is 2.1MB in size (not 3.1MB as you say - notice anything?), and 600k for the installer executable is totally credible.

Thanks, really. Oh, and thanks for giving us a sermon, too.

P.S.: No need to apologize. Just find someone near you and ask him/her to give you a slap over the back of your head.

It'd be a good idea to change the topic of this thread to reflect the fact that there's no virus. No need to create untrue associations between Roby and viruses.

Done!

Haha, well I bet he's extremely embarassed now - dishing out to people providing him with wonderfully free software, and then discovering it was he that had a virus.

This goes up to Moe and the rest of the DosBox Crew:
a)If am WRONG,i got no problem at all admiting it.This time I WAS.
And I write it with capital letters,so that every people in here notice it.
I test a fairly big amount of various exploits in virtual machines,
so that i can know what kind of measurements/precautions i should take against them.
Meaning,either i like it or not,I also scan/test my systems several times per day.
Eventually,there's always a slight possibility that something went unnoticed,
even though i thoroughly examine every piece a code that gets into my machine.
b)Despite what some people would say,I do not feel embarrassed at all.
I feel SORRY,and I apologize to all of the community in here,
either you consider there is a need for that or not.The whole story:
As my usual procedure is,i downloaded the Roby installer in a virtual machine and then didn't run it,
just unpacked it with extra tools.
Submitted it to both Jotti and VirusTotal,with Dr.Web saying it is infected.
Thought 99% might be a false positive,but just in case,i put it in quarantine.
Some days after,while cleaning the virtual machine,i decided to re-test it,
this time with McAfee and Fortinet also reporting it.
(Because of this time i didn't remember the exact filesize of the installer).
c)The whole world fell apart in front of my eyes:Viruses linked to SourceForge project?
Where the *** are we heading to?I started thinking like a maniac:
why not,DosBox is a product used by millions of casual people,
most of them are not security researchers or anything like that:
why wouldn't some exploit a situation like this?
In no case I want to attack/accuse people with no reason,
even more if i know that they,after a hard days'work,
spent their precious free time developing something that other people can enjoy their free time.
I can understand your re-action towards me,
guess it's equally "harsh" as my false "judgement" was,and i can accept it,but until a certain point:
I REALLY care about the community:to my point of view,
it's far better to have false positives that "waste our time",
than easily replying (after the rain has passed,of course) with "haha" like some people already did.
And I really thank God(or whatever) that this time I was WRONG...
------------------------------------------------------------------------------
P.S:Hope the whole matter has ended now,with no harm feelings kept what-so-ever...
Two more things i believe I should note,as I'm currently invastigating what specifically happened:
When,at the very first time,I uploaded the infected Roby executable in Jotti,
report said that this specific file had been already been examined by someone else,
and eventually was already recorded in their database.
Secondly,I remembered i had searched for the existance of an official RobyDosBox,
which i had found in:www.bluesailor.net/software.php?act=robydosbox
There are various ActiveX nasties,dialers and pop-ups lying around in this page,
should I assume the hosting provider plays some dirty tricks on visitors and that this was the culprit?

As long as you followed the advice in my last sentence, no harsh feelings left 😀

You should be embarassed. You know, the boy who cried "wolves!"...

Do not bother checking for security holes in DOSBox. You will find plenty, I am sure. DOSBox is for running old games, it is NOT a security sandbox. It is intended to be crashproof (so if you find a real segfault, feel free to report), and it is intended to be errorproof, i.e. it should not touch any data that hasn't been mounted, to protect you from yourself and from game bugs.

It was NOT written to hold off a malicious intruder. A simple 5-line batch file can infect your system, even when run in DOSBox, and that doesn't even need exploiting any buffer overflows or other program bugs.

Hmmm. I just clicked the link on the front page of dosbox.sourceforge.net, ran the RobyDoxBox installer, scanned the resulting unpacked files with McAfee, and it flagged the same virus as the orginal poster. Trend Micro's online scanner said the directory was clean.

I'm leaning towards false positive, but I am starting to doubt it was a pre-existing condition on the original poster's part. There is probably something heuristically similar to how etap works going on there and roby is being flagged for no reason.