Polski | Română | Español


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Again Virus / Trojan warnings
Author Message
crowley
Moderator
*****

Posts: 70
Joined: 2007 May
Status: Offline



Post: #1
Again Virus / Trojan warnings
Hi there...

again I got a security warning for a file of the current install. Norman Anti Virus reports, that UniExtract.exe would contain W32/Zlob.gen91.

After that message I run an online Virus Check at http://housecall65.trendmicro.com/ and this reported that the Windows_Commander_FTP_Password_RIPPER.exe would contain a PE_Generic threat.

Probably Ultima should send all the executables to the "main" antivirus companies before including them into his installation.

Greetings,
Crowley
2007-09-02 13:39:08
Find all posts by this user Quote this message in a reply
m^2
Super Moderator
******

Posts: 401
Joined: 2006 Dec
Status: Offline



Post: #2
RE: Again Virus / Trojan warnings
crowley Wrote:Hi there...

again I got a security warning for a file of the current install. Norman Anti Virus reports, that UniExtract.exe would contain W32/Zlob.gen91.

After that message I run an online Virus Check at http://housecall65.trendmicro.com/ and this reported that the Windows_Commander_FTP_Password_RIPPER.exe would contain a PE_Generic threat.

Probably Ultima should send all the executables to the "main" antivirus companies before including them into his installation.

Greetings,
Crowley
Agree.

[Image: pcbsdec7.jpg]
2007-09-02 13:43:33
Visit this user's website Find all posts by this user Quote this message in a reply
ULTIMA PRIME
Administrator
*******

Posts: 640
Joined: 2006 Nov
Status: Offline



Post: #3
RE: Again Virus / Trojan warnings
OK, I will take care of it. But to report false positives, I need to know which antiviruses and which files are problematic.

2 all users:
Please post here all antivirus warnings caused by the parts of TC UP

Robert YouTube
Mario YouTube
2007-09-02 14:15:08
Visit this user's website Find all posts by this user Quote this message in a reply
crowley
Moderator
*****

Posts: 70
Joined: 2007 May
Status: Offline



Post: #4
RE: Again Virus / Trojan warnings
Thanx to virustotal.com:
Scanned File: Windows_Commander_FTP_Password_RIPPER.exe
Result: 9/31 (29.04%)
Code:
Antivirus            Version         Last Update   Result
AhnLab-V3            2007.9.1.0      2007.09.01    -
AntiVir              7.4.1.66        2007.09.01    -
Authentium           4.93.8          2007.09.02    -
Avast                4.7.1029.0      2007.09.01    -
AVG                  7.5.0.484       2007.09.01    -
BitDefender          7.2             2007.09.02    Spyware.Pws.Delf.F
CAT-QuickHeal        9.00            2007.09.01    -
ClamAV               0.91.2          2007.09.02    -
DrWeb                4.33            2007.09.02    -
eSafe                7.0.15.0        2007.09.02    suspicious Trojan/Worm
eTrust-Vet           31.1.5100       2007.08.31    -
Ewido                4.0             2007.09.02    Not-A-Virus.PSWTool.Win32.Delf.f
FileAdvisor          1               2007.09.02    -
Fortinet             3.11.0.0        2007.09.02    HackerTool/Delf
F-Prot               4.3.2.48        2007.09.02    -
F-Secure             6.70.13030.0    2007.09.02    -
Ikarus               T3.1.1.12       2007.09.02    not-a-virus:PSWTool.Win32.Delf.f
Kaspersky            4.0.2.24        2007.09.02    not-a-virus:PSWTool.Win32.Delf.f
McAfee               5110            2007.08.31    -
Microsoft            1.2803          2007.09.02    -
NOD32v2              2497            2007.09.01    -
Norman               5.80.02         2007.09.02    -
Panda                9.0.0.4         2007.09.01    Suspicious file
Rising               19.38.62.00     2007.09.02    -
Sophos               4.21.0          2007.09.02    Total Commander FTP Password Ripper
Sunbelt              2.2.907.0       2007.08.31    -
Symantec             10              2007.09.02    -
TheHacker            6.1.9.175       2007.08.31    -
VBA32                3.12.2.3        2007.09.01    -
VirusBuster          4.3.26:9        2007.09.02    -
Webwasher-Gateway    6.0.1           2007.09.01    Riskware.PSW.Delf.F.1

Additional information
File size: 208896 bytes
MD5: 09101f96864d3086d18303abf339b558
SHA1: 47c736f50b3c31849a3a1afdc5c25d0b7f465043
packers: UPX
packers: UPX
2007-09-02 14:21:35
Find all posts by this user Quote this message in a reply
crowley
Moderator
*****

Posts: 70
Joined: 2007 May
Status: Offline



Post: #5
RE: Again Virus / Trojan warnings
Thanx to virustotal.com:
Scanned File: UniExtract.exe
Result: 3/32 (9.38%)
Code:
Antivirus            Version         Last Update   Result
AhnLab-V3            2007.9.1.0      2007.09.01    -
AntiVir              7.4.1.66        2007.09.01    -
Authentium           4.93.8          2007.09.02    -
Avast                4.7.1029.0      2007.09.01    -
AVG                  7.5.0.484       2007.09.01    -
BitDefender          7.2             2007.09.02    -
CAT-QuickHeal        9.00            2007.09.01    -
ClamAV               0.91.2          2007.09.02    -
DrWeb                4.33            2007.09.02    -
eSafe                7.0.15.0        2007.09.02    suspicious Trojan/Worm
eTrust-Vet           31.1.5100       2007.08.31    -
Ewido                4.0             2007.09.02    -
FileAdvisor          1               2007.09.02    -
Fortinet             3.11.0.0        2007.09.02    -
F-Prot               4.3.2.48        2007.09.02    -
F-Secure             6.70.13030.0    2007.09.02    -
Ikarus               T3.1.1.12       2007.09.02    -
Kaspersky            4.0.2.24        2007.09.02    -
McAfee               5110            2007.08.31    -
Microsoft            1.2803          2007.09.02    -
NOD32v2              2497            2007.09.01    -
Norman               5.80.02         2007.09.02    W32/Zlob.gen91
Panda                9.0.0.4         2007.09.01    -
Prevx                V2              2007.09.02    -
Rising               19.38.62.00     2007.09.02    -
Sophos               4.21.0          2007.09.02    -
Sunbelt              2.2.907.0       2007.08.31    -
Symantec             10              2007.09.02    -
TheHacker            6.1.9.175       2007.08.31    -
VBA32                3.12.2.3        2007.09.01    -
VirusBuster          4.3.26:9        2007.09.02    -
Webwasher-Gateway    6.0.1           2007.09.01    Worm.Win32.ModifiedUPX.gen!90 (suspicious)

Additional information
File size: 284639 bytes
MD5: ae756177c51dae47f525ca134eef6ed4
SHA1: 01bd4d401bebc7d5b60d69fdb602520642bf4092
packers: UPX
2007-09-02 14:26:29
Find all posts by this user Quote this message in a reply
crowley
Moderator
*****

Posts: 70
Joined: 2007 May
Status: Offline



Post: #6
RE: Again Virus / Trojan warnings
Thanx to jotti.org:
Scanned File: UniExtract.exe
Result: 2/20 (10.0%)
Code:
A-Squared               Found nothing
AntiVir                 Found nothing
ArcaVir                 Found Worm.Sohanad.Aw
Avast                   Found nothing
AVG Antivirus           Found nothing
BitDefender             Found nothing
ClamAV                  Found nothing
CPsecure                Found nothing
Dr.Web                  Found nothing
F-Prot Antivirus        Found nothing
F-Secure Anti-Virus     Found nothing
Fortinet                Found nothing
Kaspersky Anti-Virus    Found nothing
NOD32                   Found nothing
Norman Virus Control    Found W32/Zlob.gen91
Panda Antivirus         Found nothing
Rising Antivirus        Found nothing
Sophos Antivirus        Found nothing
VirusBuster             Found nothing
VBA32                   Found nothing

Additional information
File:             UniExtract.exe
Status:           INFECTED/MALWARE
MD5:              ae756177c51dae47f525ca134eef6ed4
Packers detected: PE_PATCH.UPX
Bit9 reports:     File not found
2007-09-02 14:33:16
Find all posts by this user Quote this message in a reply
crowley
Moderator
*****

Posts: 70
Joined: 2007 May
Status: Offline



Post: #7
RE: Again Virus / Trojan warnings
Thanx to jotti.org:
Scanned File: Windows_Commander_FTP_Password_RIPPER.exe
Result: 7/20 (35.0%)
Code:
A-Squared               Found nothing
AntiVir                 Found SPR/PSW.Delf.F.1
ArcaVir                 Found Riskware.Pswtool.Delf.F
Avast                   Found nothing
AVG Antivirus           Found nothing
BitDefender             Found Spyware.Pws.Delf.F
ClamAV                  Found nothing
CPsecure                Found nothing
Dr.Web                  Found Tool.PassView.21
F-Prot Antivirus        Found nothing
F-Secure Anti-Virus     Found not-a-virus:PSWTool.Win32.Delf.f (6, 2, 605)
Fortinet                Found HackerTool/Delf
Kaspersky Anti-Virus    Found not-a-virus:PSWTool.Win32.Delf.f
NOD32                   Found nothing
Norman Virus Control    Found nothing
Panda Antivirus         Found nothing
Rising Antivirus        Found nothing
Sophos Antivirus        Found nothing
VirusBuster             Found nothing
VBA32                   Found nothing

Additional information
File:             Windows_Commander_FTP_Password_RIPPER.exe
Status:           INFECTED/MALWARE
MD5:              09101f96864d3086d18303abf339b558
Packers detected: UPX
Bit9 reports:     File not found
2007-09-02 14:39:23
Find all posts by this user Quote this message in a reply
[HUN]Peti
Super Hero + Crew Member
*****

Posts: 201
Joined: 2007 Apr
Status: Offline



Post: #8
RE: Again Virus / Trojan warnings
Agree, password ripper is not ok, there are alternative programs (though this does the most, the program i found only works if you paste the encrypted password in it), and a guy on the hungarian forum reported that Revelation is infected, Kaspersky and McAfee say so, though NOD32 can't find it...Sad

[Image: selifest_admin.png]
[Image: selifest_wiki_auth.png]
2007-09-02 16:09:18
Visit this user's website Find all posts by this user Quote this message in a reply
[HUN]Peti
Super Hero + Crew Member
*****

Posts: 201
Joined: 2007 Apr
Status: Offline



Post: #9
RE: Again Virus / Trojan warnings
About Revelation.exe VirusTotal Wrote:A(z) Revelation.exe állomány feltöltve: 2007.09.02 17:10:58 (CET)
Antivírus Verzió Utolsó frissítés Eredmény
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.01 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.02 Application.Passrevel.A
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.SnadBoy.2011
FileAdvisor 1 2007.09.02 Low threat detected
Fortinet 3.11.0.0 2007.09.02 HackerTool/SnadBoy
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 not-a-virus:PSWTool.Win32.SnadBoy.2011
Kaspersky 4.0.2.24 2007.09.02 not-a-virus:PSWTool.Win32.SnadBoy.2011
McAfee 5110 2007.08.31 potentially unwanted program PWCrack-SnadBoy
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 -
Prevx1 V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 SnadBoy
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.09.02 Trojan/SnadBoy.2011
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.CodeRevel.A.3
További információ
File size: 69632 bytes
MD5: 5fbc923249818c4b0489b85c1abf0357
SHA1: 2be6486f0e355489d9f2e5da9c28875d830b81f0
Bit9 info: http://fileadvisor.bit9.com/services/ext...5c1abf0357
About RevelationHelper.dll VirusTotal Wrote:A(z) RevelationHelper.dll állomány feltöltve: 2007.09.02 17:12:37 (CET)
Pillanatnyi állapot: Feltöltés ... sorbanállás várakozás vizsgálat befejeződött NEM TALÁLHATÓ LEÁLLT
Eredmény: 11/31 (35.49%)
Szerver információk betöltése...
A feltöltött állomány a 2.-ik a várakozási listán.
Becsült induló időpont 43 és 62 másodperc között.
Ne zárja be az ablakot, amíg az állomány feltöltése be nem fejeződik!
A feltöltött állomány vizsgálata közben a víruskereső motor leállt. Néhány másodperc múlva újból megkíséreljük a vizsgálatot.
Ha a várakozási idő esetleg hosszabb lenne öt percnél, kérjük töltse fel a vizsgálandó állományt újra!
A feltöltött állomány vizsgálata folyamatban,
az eredmény hamarosan megjelenik.
Formázott Formázott
Eredmény nyomtatása Eredmény nyomtatása
Az ön által küldött állomány nem létezik, vagy a rendelkezésre álló időkeret lejárt.
A szolgáltatás jelenleg szünetel, az Ön által feltöltött állomány ellenőrzésre vár ( a . helyen), egy későbbi időpontban.

Várjon a weboldal válaszára (automatikusan frissülni fog) vagy gépelje be az e-mail címét a lenti űrlapba és kattintson a "Jóváhagy" gombra, ekkor a rendszer a vizsgálat végeztével elküldi majd az eredményt.
E-mail:

Antivírus Verzió Utolsó frissítés Eredmény
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.01 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.02 Application.CodeRevel.A
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.SnadBoy.2011
FileAdvisor 1 2007.09.02 High threat detected
Fortinet 3.11.0.0 2007.09.02 HackerTool/SnadBoy
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 not-a-virus:PSWTool.Win32.SnadBoy.2011
Kaspersky 4.0.2.24 2007.09.02 not-a-virus:PSWTool.Win32.SnadBoy.2011
McAfee 5110 2007.08.31 potentially unwanted program PWCrack-SnadBoy
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 Generic Malware
Prevx1 V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 SnadBoy
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.09.02 Trojan/SnadBoy.2011
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.CodeRevel.A.1
További információ
File size: 49152 bytes
MD5: 600bf03b2cd872d5d90ef39ccae53ff6
SHA1: f937d3b2409f2d8c32c12e2f3f3cf8996b1dfcd3
Bit9 info: http://fileadvisor.bit9.com/services/ext...9ccae53ff6

Maybe it really is a virus (?). But it's function is to find passwords, so I'm not sure...

[Image: selifest_admin.png]
[Image: selifest_wiki_auth.png]
2007-09-02 16:21:15
Visit this user's website Find all posts by this user Quote this message in a reply
m^2
Super Moderator
******

Posts: 401
Joined: 2006 Dec
Status: Offline



Post: #10
RE: Again Virus / Trojan warnings
[HUN Wrote:Peti]
About Revelation.exe VirusTotal Wrote:BitDefender 7.2 2007.09.02 Application.Passrevel.A
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.SnadBoy.2011
FileAdvisor 1 2007.09.02 Low threat detected
Fortinet 3.11.0.0 2007.09.02 HackerTool/SnadBoynot-a-virus:PSWTool.Win32.SnadBoy.2011not-a-virus:PSWTool.Win32.SnadBoy.2011
McAfee 5110 2007.08.31 potentially unwanted program PWCrack-SnadBoy
Sophos 4.21.0 2007.09.02 SnadBoy
TheHacker 6.1.9.175 2007.09.02 Trojan/SnadBoy.2011
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.CodeRevel.A.3
(-Cleaned-)

Maybe it really is a virus (?). But it's function is to find passwords, so I'm not sure...

Most of this reports say it's malicious just because it's a password revealer(PSWTool). Only TheHacker claims it's a trojan. 1/32.

[Image: pcbsdec7.jpg]
2007-09-02 19:07:40
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 




Contact Us | TC UP - Total Commander Ultima Prime | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication