Python 3.10.1 32 Windows setup Virus behavior

[SapG20211215]

Just installed

Python 3.10.1 (32-bit)
by
Python Software Foundation
v. 3.10.1150.0

and

Python Launcher
by
Python Software Foundation
v. 3.10.7644.0

from installer python-3.10.1.exe, signed, downloaded from
this page
Python>>> Downloads>>> Windows
directly from here
https://www.python.org/ftp/python/3.10.1...3.10.1.exe
Key id
fc 2a bf 7e d4 be ac f3 82 9c a4 cf 7b 22 01 3b b8 8f 07 f2
fingerprint
‎c9 1d ce cb 3a 92 a1 7b 06 30 59 20 0b 20 f5 ce 25 1b 5a 95

and got this in win registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Philips"="explorer.exe http://sd-steam.info"

Which causes unwanted page to open at startup.

Tested two times.

Details attached, can't attach installer due to ‎4.88 MB limit.

[SapG20211215]

I can attach installer in zip parts if anyone asks.

[SapG20211215]

No one asked, so here it is.
Oh, well, no attachments to replies... I like your forum, great one.

Here's file.

Here's MD5:
0b8c2ba677af4f47e534c7eee1c3cb03 *python-3.10.1.exe
Here's CRC32
python-3.10.1.exe BD9225E1

buran write Dec-15-2021, 10:11 AM:
URL removed. If you believe it to contain malware there is no need to spread it.

[buran]

Who are we?

python-forum.io is not connected to the Python Software Foundation. We are the not the ones to contact regarding changing the python language or python.org site.

If you believe there is problem/malware with the installer you downloaded from python.org - feel free to post an issue here https://bugs.python.org/
However I will make sure this registry entry didn't come from elsewhere (other software) - A search does not return other complains.

[DeaD_EyE]

This does not come from Python.

and got this in win registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Philips"="explorer.exe http://sd-steam.info"

The addition http://sd-steam.info is a hacked Webserver which redirect to other hacked Webservers.
Maybe also code execution through explorer.exe. Your PC was already infected before the Python installation.

If the Python 3.10.1 32/64 Bit installer has a Virus inside, we would know it already because Python has also many Windows users.

A clean Windows installation should solve all your problems.
Removing Spyware/Worms/Trojans/Virus is not always an easy task.
Even after a restore of a backup, the old Virus could be executed and infect your system again.

A better protection against the most common Spyware is the use of Linux.

On Windows, they try to replicate the package managers known from Linux distributions.
Look here: https://docs.microsoft.com/en-us/windows...er/winget/
Another way to install software on Windows is from the MS Windows Store.

Installing applications downloaded from the internet, do have a higher risk to be compromised.
Installing applications via WinGet will reduce the risk of getting an Installer + Spyware.

[SapG20211215]

This does not come from Python.
...
Your PC was already infected before the Python installation.
...
Installing applications downloaded from the internet, do have a higher risk to be compromised.

Thanks for your answer, sir.
I'm okay with 'computer experience', 25+ years software dev.

Code in Software\Microsoft\Windows\CurrentVersion\Run was method to safely(in terms of avoidind antivirus reaction) inject unwanted execution.
I.e. just insert record to Win registry by application expected to, installer package.
'Philips' is user name, for entry to avoid attention.
explorer.exe is safe application.
Updated MS Edge INSIDE installation is also a question. Pay attention, Python and Launcher(both installed by single package one after another) have Edge record between two.
Pictures I posted are from Second try, of course. That is insteller REUPDATED MS Edge.

Hope you reviewed them before replying like 'this cannot be because this cannot be' :)

[SapG20211215]

If you believe it to contain malware there is no need to spread it.

Oh, sorry, hoped people here will not run any executables unless they definitely know what they are doing. I.e. running it on safe test machine to veryfy behavior.

[buran]

Oh, sorry, hoped people here will not run any executables unless they definitely know what they are doing. I.e. running it on safe test machine to veryfy behavior.

Better safe than sorry. This site is aimed at education, so we have many inexperienced newbies/students.

[snippsat]

We have nothing to with distributions of Python.
As this is from python.org make a report at Python Bugs.