gonzo
Member
Sure. No hits with up-to-date AVG 8.0 Free Edition, but I don't think that it picks up trojans, does it?
I'm using DefenseWall as a sandbox isolator. I wish I was confident about exactly how I'd know if DefenseWall was doing any good against a trojan. I regularly get messages from DefenseWall regarding some program I'm using logging keystrokes, but those programs are legit and need keystroke logging to function, or at least their web sites claim so.
McAfee detected something in Smart Install Maker after installation...scan date was 11/30/2007...
New Malware.bl
http://us.mcafee.com/virusInfo/default.asp?id=alphar&char=New%20Malware.bl
in: C:\Program Files\Smart Install Maker\sim.exe
it was also found in a System Restore point that was created after install...
A0040785.exe was the restore point description...
it was detected as Heuristic...
McAfee Definition of Heuristic: Heuristic analysis is behavior-based analysis of a computer program by anti-virus software to identify a potential virus. Often heuristic scanning produces false alarms when a clean program behaves as a virus might.
no other reports of infection were posted, but i wasn't comfortable with it on my PC, so i quarantined it...i haven't restored it to see if updated definitions have changed the status of SIM (the developers may have asked McAfee to check it & verify it is ok)...
this is my main PC, and i've had no problems with online transactions...
XPSP2 MCE (up to date)
jstone
Member
Today's (8/17/08) giveaway, Plato iPod PSP 3GP Converter (http://www.giveawayoftheday.com/plato-ipod-psp-3gp-converter/) contains spyware called "RelevantKnowledge".
There's no need for a detection scan as it actually pops up a screen *telling* you this at the beginning of the install (albeit in tiny print).
You can find more information about this particular spyware at http://www.benedelman.org/news/062907-1.html among other places.
According to the message at the beginning of this topic, "The GOTD Team do scan the giveaways prior to making them available, using multiple tools, and take every precaution to ensure that giveaways are virus, spyware or malware free."
I really find it hard to believe that they're really checking for malware if they missed something *this* blatant. Simply reading the text on the first install screen would have alerted them.
Meanwhile, there's been no response from the GAOTD admins despite the multiple warnings of spyware in the comments.
How many people got infected with this garbage because they downloaded and installed it before my warning -- it's the second comment -- got out of the "awaiting moderation" stage and became visible? For that matter, there are probably still people installing it without reading the comments first.
the GAOTD antivirus "a2" just blocked the other GAOTD antivirus "Anvir"'s web site http://www.anvir.com with this message:
Hosts engaged in the selling or distribution of bogus or fraudulent applications. This
classification is assigned to sites being used for the distribution of rogue security or
other such applications, for example: SpyHunter, SpyFalcon, SpywareQuake,
Either one GAOTD product is rogue, or the other one is for falsely reporting them!
G
Anonymous
Unregistered
GAOTD antivirus "a2" just blocked the other GAOTD antivirus "Anvir"'s all I can say is on my PC is ok,can you list you spyware AV so,you may like to read, http://www.realtechnews.com/posts/2675
http://news.zdnet.com/2100-1009_22-147187.html
For a brief period on Friday, McAfee's security tools killed more than viruses.
http://www.theregister.co.uk/2007/07/09/kaspersky_rising_tech_av_bunfight/
Anonymous
Unregistered
RelevantKnowledge".I said no to it but scan come up with RelevantKnowledge so not to good, ccleaner come with a toolbar but they tell you don't need all so filehippo.com say you don't need it,I think we should be told,not like relevant information, search results, and coupons pop-up ads contextual information and services as you surf the Web.
but you need to read it & say yes or no to the EULA I all so check with EULAlyzer it helps with bad words that seem like good like save! information and offers.For your benefit,if it sound good it be bad.
Anonymous
Unregistered
to Hurt Me No more trojans and keyloggers don't go to search&destroy(dot.)combadware this may help, http://www.mywot.com/en/scorecard/search-and-destroy.com/comment
Fake Clone of Spybot - Search & Destroy!Rogue antispyware. Fake alert + trojan.Fraud, scam, phishing
http://www.siteadvisor.com/sites/search-and-destroy.com?ref=safe&client_ver=FF_26.6_6275&locale=en-US&premium=false&client_type=FF&aff_id=0
In our tests, we found downloads on this site that some people consider adware, spyware.
This is the good one
http://www.spybot.info/en/home/index.html
Welcome...
... to the home of Spybot-S&D©®, the best (according to PC World, PCMag.com, ...) privacy software available! all so have a look hear,
http://www.spywarewarrior.com/rogue_anti-spyware.htm
I tried posting this in the comments section...but apparently the moderator did not let it go through:
My Kaspersky picked up a trojan in mgLaunch.zip (today's giveaway).
http://www.politicallymotivated.net/images/trojanmouseprogram.png
This maybe a false positive, but it may not be. I am not taking the risk.
Someone reported that Avira also picked it up as a trojan. I put this file thru jotti and virustotal. Virustotal keeps getting stuck for me, but here are the results from jotti:
Scanner results
Scan taken on 17 Nov 2008 17:42:52 (GMT)
A-Squared Found nothing
AntiVir Found TR/Zlob.CA.24
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found BackDoor.W32.SdBot.czl
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Bifrose.aesv
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found Trojan.DR.Zlob.CJS
VBA32 Found Backdoor.Win32.Bifrose.aesv
I think Bubby's comment is very appropriate on this program explaining about why this program might be picked up as a trojan. And I downloaded the version from download.com and kaspersky also picked it up as a trojan. So chances are, this is a false positive.
But I am not going to take the risk - especially considering that cannot even find an official website (I tried googling it) or contact info (besides email) for this software developer. Just their mouse gesture website.
When I went to install today's Giveaway, mgWindow, My antivirus software alerted me that it though that the setup file had a Trojan. I am using Avast 4 Home addition and this is alert I got:
File name: http: //files.giveawayoftheday.com/mgWindow.zip\Setup.exe\$_OUTDIR\mgWindow\mgWindow.exe
Malware name: Win32:Trojan-gen {Other}
Malwae type: Virus/Worm
Anyone else having this problem. I expect that this is just Avast being over sensitive but better safe then sorry...
I just checked out the homepage http://www.mouse-gesture.com/products/mouse_gesture_window_controller_mgwindow.html and tried downloading the trial version to see what Avast would do with it. I got the same message as before. So we may have a false positive or their software just has a Trojan.
EDIT:
I just found this report at: http://www.download3000.com/mouse-gesture-application-launcher-mglaunch-virus-report-51717.html
It definitely confirms that this software is infected with a Trojan
Phlan-Michell
Member
I see BuBBy on th main page every day BAGGING EVERYTHING with Virustotal of course you are going to get what you get with using the site as you are using a Trojan to chase Trojans (Bubbys’ surely has shares in it ) I run my net with some serious Military graded anti virus software(Aust.) & for a check I ran your site on it & 2 of six firewalls stopped it & warned that this was a very dangerous site so if you want Trojans use Virustotal for all your Trojan downloads.
To GOTD
thanks for all the hard work you peps do & PLEASE make Game Giveaway Of The Day DAILY Again PLEASE
Thanks for all the work!!!
Your Loyal User Phlan-Michelle
grumpy44134
Member
AVG anti-virus found Trojan horse back door virus in mgWindow.exe (12/6/08) after I installed it!
playboy85
Member
There is a trojan in todays giveaway (1/17/09) of uMark Professional. A-Square found Trojan-Dropper.Win32 when I opened the setup file.
I tried to post this to the comments section to warn people but apparently GAOTD has certain words flagged so the comments dont appear if comments contain virus or trojan???? None of my posts would take. Pretty sad, allowing people to get infected and not allow them to be warned.
Papakid
Member
Pretty sad that people can't grasp the concept of a false positive and that their scanners could be wrong. I'm sure the Admins here are sick and tired of explaining it to people that don't read or follow instructions to comply to the purpose of this thread. Why should they allow warnings to be posted when it is in all likelihood a false positive--making your warning a cry of wolf?
My suggestion to everybody is to send samples of files that are being flagged as bad to the software companies that are flagging them. Tho they don't all make it as easy as it should be, they all have a way for you to send them files so that they can update their definitions. If you do that, what they are calling some kind of virus or malware today will be an OK file tomorrow once the corrected definitions have been updated. Or if it is a real threat it will be confirmed and get flagged again.
A squared and Antivir give out the most False Positives, so you should question their results--especially if no other scanners are reporting the file as bad. I know because(and for other reasons) I run Antivir myself. I don't like the FP's but I can live with them because I know what they are and how to deal with them.
For AntiVir, go to this page:
http://analysis.avira.com/samples/index.php
Their help file mentions submitting by email and from Quarantine, but this webpage is the most efficient and easy. I get immediate confirmation by email that the file is submitted and a confirmation that it is a false positive or not in 24 hours.
For A Squared you can find how to submit files here:
http://www.emsisoft.com/en/support/faq/?id=62
I've never run this program as I never much cared for it--things like them saying be 100% sure it's a false positive before you submit. The reason you're submitting is because you aren't sure but suspect a FP. It's their job to be sure. But glancing at their forums they do ask people to submit FP's via the Contacts page. There also is a new feature where quarantine can be configured to rescan flagged files after updating to correct FP's. But some one needs to report FP's for the defs to be corrected so this method is too passive for my tastes.
I can kind of understand the discouragement of reporting FP's. Most people don't know what a FP is, so if everyone reported everything that got flagged it would bog down the system. So use some common sense to justify your suspicions before sending. If only one file has been found, it could be a FP. It is more common for malware to come in groups and they are very complex which mean several files are needed. And if you get one file but no symptoms, such as a sudden slow down and a rash of popups, among others, then it's likely a FP.
As the Admins here suggest, scanning at Jotti or VirusTotal will give more immediate results, since you want to know what you're dealing with here in order to install the giveaway software in the timeframe required. If only your scanner is flagging the file, then it is 90% probably a FP. There may be more scanners to flag it and still it could be a FP--some use the same scanner engine and share definitions--I think you'll find when AntiVir flags a file the same two other scanners do as well--can't quite remember but I Think Gateway is one.
hi, rizla01...
no problems with "2 Flyer ScreenSaver Pro" here...
some problems were reported in another Giveaway thread:
http://www.giveawayoftheday.com/forums/topic/4756
WobblyWombat
Member
I keep getting detections for 2flyer (3 or 4 .scr files) Virustotal has 11/39 reporting positive, I've reported a suspected false positive to Avira Virus Lab... we shall see, but 11/39 is just a touch too high to ignore IMHO.
rags
Member
Hi rizla01, I had the same problem ... computer started running at geriatric speed and avast found trojans linked to this program. Clean up has put the oomph back in the cpu, so something was most definitely there. Whether it came with the program, I'm not computer savvy enough to know.
WobblyWombat
Member
OK, I submitted three 2flyer files that were being flagged (see my last post, two above) and got a response that they are confirmed as false positives, and are safe.
Avira will rectify this detection in Antivir.
Rizla01 and Rags - I suspect either you've been infected elsewhere, or are also getting false positives...
lefty78312
Member
According to TrojanHunter, the PDF Converter contains a trojan, and it wouldn't let me run the program. I should have written down the name of the trojan.
gonwk
Member
After my Comodo Defense + blocked a COM operation that I had not initiated when I simply wanted to do a Test WMV to MP3 conversion ... I decided to check Reezaa MP3 Converter, dated 04/09/09 a little closer ... so I ran "MP3 Converter.exe" and "MSCOMCTL.OCX" through VIRUSTOTAL and it gave me "Suspicious Files" ... so!
G!:)
MSCOMCTL - has nothing to do with Network Communications - it is "Microsoft Common Controls" - chopped up and jammed into a single abbreviation.
If you get a suspected 'hit' on Virus Total - please mention what it found and with which antivirus engines. Naturally some engines are much more prone to false positives.
If you are getting detections from some of the better AV engines - such as NOD32 or Kaspersky, Nortons or McAfee - and the same detection from multiple engines - then there might be something worth following up.
If you are using Norman antivirus, I'd suggest you make yourself familiar with the latest AV Comparatives report, which will give you some indication of which AntiVirus products are stronger and more accurate when it comes to scanning files and identifying threats (unfortunately Norman isn't one of them).
2 online sites that do scanning with multiple scanners are
http://www.virustotal.com/
&
http://virusscan.jotti.org/en
all you so is browse your computer for the file and submit. they will scan with at least 20 different scanners.
This may be old news but AoA Audio Extractor (from a few months ago) is showing a Backdoor.Trojan with Symantec Endpoint Protection Vers. 11.04 Not sure why its just hitting now. The program has been working fine otherwise. I'm not saying it came from the software but a full scan placed it in one location only: C:\Program Files\AoA Audio Extractor. Whatever it was it was powerful enough to shutdown my AVG free and to prevent a re-install of it.It also irked me enough that I created an account to post my findings here.
You must log in to post.
