No, I had that experience not. I installed the programme, the first time it was a GOTD. I had no problems with the tool or ad-ware. I deleted it after a while, because I didn't like it. Later I even installed the rerun, and even then there were no problems. I deleted it again, because I still didn't like it :(
I don't remember if I had to opt out some ad-ware.
graylox
With Virus Total (or any of the multiple av scanner sites) what you are looking for is some sort of consensus. Now if 30% - including some of the better AV engines - agreed on a virus or trojan, there might be some cause to follow it up with the Antivirus companies for some further testing.
If 42/43 (approx 98%) agree the file is clean - that is pretty close to consensus. It is also what is known as a false positive. Some AntiVirus programs are more prone to false positives than others.
That's what it is about. :)
Anonymous
Unregistered
http://www.virustotal.com/about.html
Although the detection rate achieved by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file.
Currently, there is no solution that offers 100% effectiveness in detecting viruses and malware. You may become a victim of deceitful advertising, if you buy such a product under those premises.
have a look some Antivirus got 50% or less and said good was bad & bad is good that why.
Turvy
Member
http://www.wwwadcntr.com/fallback.php
Keeps popping up every time i go to GAOTD..
May not be Malware, but unwanted all the same. It's not blocked by adblock plus, and it appears to be coming from unwanted software according to gewgle.
It first appeared after i downloaded Inpaint from GAOTD..
AP
Member
For the last 2 weeks I have been trying to figure out what virus or Trojan or whatever malevolent being I have "invited" to live in my computer. It's very vicious, in that it will not allow me to DOWNLOAD ANYTHING but pictures. NADA, NICHT, NOTHING. I realize this is not the proper thread to post this request, but I just joined this forum and this is as close as I could find.
Here's the question: Has anyone out there experienced the same problem, or knows of anyone who has? If so, could you tell me how the problem was solved and where it came from? I've spent over 8 hours a day for 16 days reading EVERY ENTRY in Google regarding this problem. There are HUNDREDS of people out there with this problem, but not one of them ever got an answer that managed to get rid of it. So, once again, if you know of anyone who has "cured" this thing (and can DOWNLOAD again), please share your remedy here.
I'm going nuts trying to get rid of whatever this is. And I would REALLY like to know where it came from. The reason I'm posting here is that the frickin' virus/Trojan showed up after I downloaded here, from 3 games portals, updated Windows (11 updates), and tried to update Adobe Flash and Shockwave. With the Adobe, they both ran, but would not install because I'm running 64bit. But they DID uninstall my old version, and now I have NO Flash at all. I'm wondering if this could be the problem.
I have really tried every suggestion you can imagine since I've posted on every forum I could find that specialized in Technicians who should know what to do about this thing. So far, not one of the 26 Techies I've been "helped" by have rid me of this "beast". So, PLEASE, if you have any words of wisdom concerning where this thing came from, I would be forever grateful. And there's a REWARD for anyone who can come up with a cure - other than reformatting my hard drive, that is.
AP
Member
graylox,
Thanks for your reply. I wasn't sure if my question would be seen.
First of all: I had already downloaded the PAID version of AVG 2011 in mid-February. Maybe I'm psychic and knew I would need to have it already on my desktop before the "download disaster". Many of my computer knowledgable friends had recommended it.
I did try that several times - to download the Adobe files directly from their site, I mean. But since the "disaster" hit on the same day I was notified of the updates to Adobe and tried to download them I don't know if my problems are stemming from the fact that I can't download or that I'm running Vista 64bit.
I could NOT download yesterday, but I asked my brother to take a look at the program. I thought he would be interested in it. I know I said I had the problem updating, but I didn't want to bore everyone by explaining that it is my BROTHER who had the problem. I realize now that all I did was CONFUSE everyone.
So, I'm going to be taking my hard drive back to original state and reinstalling the original software and Vista Home Premium 64bit that came with it. The only reason this is making me cry is that all my wonderful GOTD apps are on the C: drive, and I'll lose them all - UNLESS SOMEONE KNOWS A WAY TO COPY OR TRANSFER THEM TO AN EXTERNAL DRIVE. Now THAT would be information I really would cry over.
Thanks again, graylox (BTW, I have gray locks, too. Coming up on being eligible for Medicare in August. And that's OLD!)
AP
AP
Member
Before I start a new topic (remember, I'm new to this type of forum), I want to thank you again. I have tried every suggestion you listed except shutting down the system, including the modem. Nobody suggested that. I'll ask my next-door-neighbor to do that for me tomorrow.
And thank you VERY MUCH for the "Gizmos" website. It's awesome! I'm using their online scan, and it's been running for 3 hours. The site is so easy to understand, even for a rookie like me. Thank you so much for sending me there.
AP
Fredward
Member
DANGER: GDI+/JPEG Vulnerability - Yes, Again in 2011
(Here's the utter joke)
Microsoft Security Bulletin MS04-028
Issued: September 14, 2004
Updated: December 14, 2004
Version: 3.0
(/end joke)
Today is Saturday, April 16th, 2011 and yes I am referencing a document from BACK IN 2004 !
I'm going to bet everyone reading this on the forum (bar the few who still have gdiscan.exe from SANS), has this Vulnerability again, Yes I said Again. Even though you patched up on patch Tuesday several years ago, the chances are pretty high you have this same vulnerability again, and it's again a ticking time bomb. And the sad part is there's no simple patch then, today, nor into the future.
Just a scan from my own system, and I came up with these.
C:\Program Files\Alchemy Mindworks\Pagan Daybook 3\GDIPLUS.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\CS Odessa\ConceptDraw 7 Professional\gdiplus.dll
Version: 5.1.3079.3 <-- Vulnerable version
C:\Program Files\Daniusoft\Video Converter\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\iSkysoft\FLV Converter\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Maizesoft\Maize Studio\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Pinnacle\VideoSpin\Programs\gdiplus.dll
Version: 5.1.3097.0 <-- Vulnerable version
C:\Program Files\Power CD DVD Recovery\GdiPlus.dll
Version: 5.1.3101.0 <-- Vulnerable version
C:\Program Files\TVUPlayer\GDIPLUS.DLL
Version: 6.0.3260.0 <-- Vulnerable version
As you can see some of these came from right here on GOTD / GGOTD
While, nothing sinister there, what is sinister is some of these are media related, and could have zapped me.
I have some opinion, then I will give the fix -- for now, I say for now, because who knows what happens EVERY TIME YOU INSTALL SOMETHING I GUESS WE NEED TO RESCAN?!
I post here in hopes that the software developers can be forced to get the message. And at the same time it's not an excuse to upgrade to a new version. Each of these developers ought to provide a fix, without an upgrade! This is important, as it should not be allowed to punish the users (with an upgraded, and now non-functional de-registered vaporware trial) because of their own sloppy mistakes and work!
The second thing here is the Microsoft end of the deal beginning with their lame excuse for a fix. http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Frankly at this point I would not even go to Microsoft for the fix, because god only knows what you might do to your system. Yet, We need to go there for the fix. Yeah psyop mind game I hear ya, that's what I call it too..
What We need from Microsoft is the file gdiplus.dll that's it. Go Get it. Extract it, get that file gdiplus.dll your going to copy it to each place the scanner found.
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en&pf=true
Then there's the SANS Scanner. Wonderful they pumped the tool out during all the confusion back in the day. But then for some unknown reason for a few years, it was unavailable. I mean literally a 404 error. Then suddenly today in 2011 I noticed it's back again from the twilight zone. http://isc.sans.edu/tools/gdiscan.html You want to download the GUI cause it will just make things simpler.
Okay, you have your scanner, you have the file to fix the files scanned.
You run your scanner, you rename the existing files to something else gdiplus.dll to gdiplus.dll.JUNK Pick your own named system, I don't care, delete them if you want. If you backup, then you can rollback if need be, but I don't have a need personally, so I would just delete for security sake. Then copy the new gdiplus.dll to the same directory. Rescan, Rinse, Repeat until the errors are gone.
I'm sure I'm missing something, and so you are welcome to fill in the blanks. It really is lame that I have to even take the time to bring this to people's attention, but what can I say, I just found it, what am I to do, be quiet about it, watch as my friends get zapped by it? If this thing doesn't work in your Windows 7, I don't know what to tell you to do, try setting the compatibility mode to XP, or else upgrade to WIN XP SP3 (Yeah, I am being very sarcastic.)
URL / TOOLS / RECAP
-------------------
Well laid out fix Info. Helps to understand what's happening.
http://www.lafn.org/webconnect/mentor/GdiJpegVulnerability/index.html
GDI Scan (tool) from SANS
http://isc.sans.edu/tools/gdiscan.html
Microsoft Security Bulletin MS04-028 Horribly laid out info, adds confusion.
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Platform SDK Redistributable: GDI+
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en&pf=true
In any effect, Go patch up, your welcome, enjoy! , or not. ;o)
Anonymous
Unregistered
not fix only update & update next windows 8 come & it not be fix as well
http://www.microsoft.com/technet/security/bulletin/MS11-029.mspx?pubDate=2011-04-12
Microsoft Security Bulletin MS11-029 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
Published: April 12, 2011
and good luck with finding the file to download all you get it will up date with luck on my PC Agent Ransack find PS NEW Setup 12 February 2011 and all auto updates XPsp3 fist .NET Framework 1.1 & 2 a no to 3 , 3.5 & 4 not like.
C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\gdiplus.dll 1,606.00 KB 20/03/2009 10:10:46 a.m.(ver 5.1.3102.1360)
5.1.3102.1360 (xpsp2.040109-1800) gdiplus (Free ashampoo WinOptimizer 6 Timestamp Friday, 20 March 2009 ashampoo GmbH & Co. KG)
C:\WINDOWS\system32\gdiplus.dll 1,667.00 KB 25/07/2010 9:23:22 p.m.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1,661.00 KB 28/08/2010 8:35:48 p.m.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll 1,684.00 KB 28/08/2010 8:35:54 p.m.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll 1,708.00 KB 14/08/2009 1:55:04 a.m.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll 1,708.00 KB 23/10/2010 12:51:27 p.m.
kenojunk
Member
Has anyone experienced any virus/trojan issues with an GOTD programs lately? Last thing I downloaded was the PhotoStitcher on 5/2/11, and after that I got hit something that invaded my entire OS. It looked like a virus alert & kept me from even using any browsers. Had to reimage my hard drive even after trying to clean it up. I don't download much & am very careful about what I do download or click on. I realize it could have been attached to something else for a period of time before activating. Just investigating to figure out where it came from...
Anonymous
Unregistered
That Found Malware ? Looks like Adware to me not that bad PC do you get Adware pop-ups ?
try as scan with,
http://www.virustotal.com/
or
samizdat
Member
hotdoge3, VirusTotal doesn't find anything but those programs are looking for viruses. Yes, some find adware but Malwarebytes' Anti-Malware, Ad-Aware, SuperAntiSpyware, etc. are different from anti-viruses in their approach to finding malware and adware. This may be a false positive but I thought I would bring it to the attention of giveawayoftheday.com since they distributed the software and Malwarebytes' Anti-Malware is one of the top three 2nd line of defense in malware and adware.
As for symptoms on my computer? I just use Firefox with several ad-ons to block ads and pop-ups. I haven't seen an internet ad or pop-up in a long time, so, even if I was infected, I wouldn't see any symptoms.
The best thing to do would be for GOTD to contact the software company, notify them of the detection and if it's a false positive, Malwarebytes' Anti-Malware will correct this. Adware doesn't scare me so I left it on my system but hopefully, in a week, my scan results will be different.
@ samizdat
We didn't get any other report about this issue. GOTD scans all their zip files before they release them.
I too have installed this programme and scanned with several AV & AntiMalware tools and didn't find anything.
It is most likely a false positive, you should report it to Malwarebytes' Anti-Malware as it is related to your system and you have the log file.
graylox
Hotdoge I don't know what scan you have posted - the link is broken, therefore I deleted it.
This is the scan of fireheart.exe by VirusTotal: fireheart.exe
File name:
fireheart.exe
Submission date:
2011-05-11 04:22:01 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)
And this is the scan on the NoVirusThanks site UrlVoid: fireheart-exe
File InfoReport date: 2011-05-15 04:41:56 (GMT 1)
File name: fireheart-exe
File size: 2316800 bytes
MD5 Hash: d2c8013aef802756c6d01291de827868
SHA1 Hash: 2bf8050d10a0d6178dd54d3d5edfef31c767071d
Detection rate: 0 on 6 (0%)
Status: CLEANDetections
AVG - [/color]
Avira AntiVir - [color=red]
ClamAV - [/color]
Emsisoft - [color=red]
TrendMicro - [/color]
Zoner - [color=red]Scan report generated by
NoVirusThanks.org
graylox
samizdat
Member
Like I said, I hope GOTD would contact fireheart and maybe even scan it with Malwarebytes' Anti-Malware first.
It's Fireheart that ultimately should contact Malwarebytes who pride themselves in finding malware that other programs don't find.
I have the #1 AV as rated by AV-Comparatives.org (F-Secure) and it didn't find anything.
It's funny how people give positive reviews of anti-malware products as 'It found malware that other programs didn't!' yet when one of the top #2 'second line of defense' anti-malware products finds something, it's discarded because other programs didn't find anything.
Like I stated earlier, adware doesn't scare me and I left it on my computer. My wife loves it and uses it at start-up on hers, but I think GOTD should notify Fireheart that a leading anti-malware program is reporting a product they distributed as malicious. That's not asking too much. I could understand blowing this off if some unknown program found it but this is a respected product. It's in both companies best interest that they communicate about this.
A lot of people would have just let malwarebytes remove the program and left a nasty revie of GOTD at WOT. This was just a friendly FYI that I thought would be appreciated and handled swiftly. I guess I will email Fireheart. Sigh :-)
PS - I noticed the 01-11-2011 giveaway, Inpaint's registration has already expired. I wonder where I post that info. It will clean up pics but when you try to save it it tell you to purchase it now. Shame...I liked that program.
mark94
Member
Hi,
sorry for my bad english (I'm german^^).
Today I've downloaded "Astro Avenger" and my virus scanner told me that "AstroAvenger.exe" is spyware. I'm using "Ashampoo Anti-Malware".
Further informations:
System: Win7 64bit
File Info
Report date: 2011-05-21 17:44:41 (GMT 1)
File name: astroavenger-exe
File size: 1785856 bytes
MD5 Hash: 590dbdb889fb347a71372f70f75e570f
SHA1 Hash: 4e69d6b78858a3e81a3db4d56722b1e75e215713
Detection rate: 2 on 6 (33%)
Status: INFECTED
Detections
AVG - [/color]
Avira AntiVir - [color=red]
ClamAV - [/color]
Emsisoft - [color=red]Trojan.Win32.Buzus!IK
TrendMicro - [/color]
Zoner - [color=red]Trojan.Ardamax.JLF
Scan report generated by
NoVirusThanks.org
Yours Sincerely
Mark
Well NoVirus has only 6 test tools yet.
I have tested with VirusTotal and got 3 red out of 43.
And this is the report of Jotti's Malwarescan.
http://virusscan.jotti.org/en/scanresult/b14b37d74fdfbc33344223923f9616cf3cad081e
You can be sure, that these three are false positives.
GOTD always scans the packages their give away - otherwise it would be a bad reputation.
Please read the FAQ: Viruses detection
graylox
Vany@
Member
hi AP.
maybe i'm of some help. excuse me if i post something that has already been posted by someone.
first of all. check if you has a multiple AV/antispyware with resident shield enabled.
if you have it disable ALL (SO WE CAN VIEW if it's their fault)
i've read you has AVG 2011. it has done the same thing to me. check the quarantine and disable the check of the web temporarily. the try again. if it's fault of avg who checks and quarantine the files probably you pc has been infected by some malware who infect all the files you download (and so you avg quarantine it)
check even your zero day protection sw (generally it acts in background) particularly if you use threathfire (very good but invasive)
however i don't think is this the reason. yeah. all this was a preliminary check to exlude the most common reason and establish you pc is sane (check also with malwarebytes, spyware doctor and super antispyware in a row).
i think indeed you use firefox with a lot of security extension malconfigured.
for example noscript, adkiller, flashblock, flasblock, betterprivacy and ghostery
all this very useful extension are designed to "monitor and eventually block java content in some way. you see ... the download is performed by a script and so if you has malconfigured your extension these can conflict each other.
try disabling ALL reboot your firefox (or chrome) and try to download again.
it can be also a fault in the updating of your firefox. i love firefox is my favourite browser but he can be erratic in his update process. ultimately if all fails try to uninstall firefox with revo uninstaller (which removes all trace of the sw with the last option) and reinstall firefox. then try to download if all is fine was a updating error. now reinstall your extension and configure them one by one trying if there is a download issue.
hoping to help.
Anonymous
Unregistered
noscript, you don't need flashblock as noscript will stop flash as for uninstall firefox with revo uninstaller, I don't like as no need and you can refit firefox and it will pick up all the old ad-ons if you think ad-ons are bad you can click Help Restart with Add-ons Disabled test and add one at a time to find the bad one
Luckyman
Member
Hi,
I just installed "Picture Downloader" and was advised by my AVG Anti-Virus Free software that it contained a trojan horse.
1) I use AVG Anti-Virus Free 9.0.901 with virus database 271.1.1/3737
2) PD.exe contained a Trojan horse called SHeur3.CHKN
3) I'm running Windows Vista SP2
My scanner signature/database is up to date and current.
Please see the new project intended to fix and PREVENT false positive and mis-rated sites through TRANSPARENCY and ACCOUNTABILITY. By submitting reports to a CENTRAL location, security vendors can find them easily, communicate with affected parties, and USERS can see which security vendors are trying to AVOID COLLATERAL DAMAGE.
Remember, once a false positive or mis-rating happens, the damage is already done. So, in addition to fixing them rapidly, security vendors must be interested in working to AVOID them. Some are, some aren't. This non-profit, all volunteer site will help show which security vendors care the most.
Please see: http://falsepositivereport.com
...EDITED... by graylox 31-07-2014
It seems the link Jeremy Collake posted is no longer valid.
In case you have problems with False Positives you may find following article from gizmo's Techsupportalert helpful:
wendypeterson
Member
This site is no longer operational.
Whiterabbit-uk
Games Guru
The links posted by anonymous three years ago are still valid, only false positive report.com has gone. I will delete the comment to save confusion. :)
You must log in to post.
