+- Total Commander Ultima Prime Board (https://tcup.pl/board)
+-- Forum: Total Commander Ultima Prime (https://tcup.pl/board/forumdisplay.php?fid=1)
+--- Forum: Problems / Problemy (https://tcup.pl/board/forumdisplay.php?fid=2)
+--- Thread: Again Virus / Trojan warnings (/showthread.php?tid=178)
Again Virus / Trojan warnings - crowley - 09-02-2007
Hi there...
again I got a security warning for a file of the current install. Norman Anti Virus reports, that UniExtract.exe would contain W32/Zlob.gen91.
After that message I run an online Virus Check at http://housecall65.trendmicro.com/ and this reported that the Windows_Commander_FTP_Password_RIPPER.exe would contain a PE_Generic threat.
Probably Ultima should send all the executables to the "main" antivirus companies before including them into his installation.
Greetings,
Crowley
RE: Again Virus / Trojan warnings - m^2 - 09-02-2007
crowley Wrote:Hi there...Agree.
again I got a security warning for a file of the current install. Norman Anti Virus reports, that UniExtract.exe would contain W32/Zlob.gen91.
After that message I run an online Virus Check at http://housecall65.trendmicro.com/ and this reported that the Windows_Commander_FTP_Password_RIPPER.exe would contain a PE_Generic threat.
Probably Ultima should send all the executables to the "main" antivirus companies before including them into his installation.
Greetings,
Crowley
RE: Again Virus / Trojan warnings - ULTIMA PRIME - 09-02-2007
OK, I will take care of it. But to report false positives, I need to know which antiviruses and which files are problematic.
2 all users:
Please post here all antivirus warnings caused by the parts of TC UP
RE: Again Virus / Trojan warnings - crowley - 09-02-2007
Thanx to virustotal.com:
Scanned File: Windows_Commander_FTP_Password_RIPPER.exe
Result: 9/31 (29.04%)
Code:
Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.01 -
AVG 7.5.0.484 2007.09.01 -
BitDefender 7.2 2007.09.02 Spyware.Pws.Delf.F
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 suspicious Trojan/Worm
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.Delf.f
FileAdvisor 1 2007.09.02 -
Fortinet 3.11.0.0 2007.09.02 HackerTool/Delf
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 not-a-virus:PSWTool.Win32.Delf.f
Kaspersky 4.0.2.24 2007.09.02 not-a-virus:PSWTool.Win32.Delf.f
McAfee 5110 2007.08.31 -
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.01 Suspicious file
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 Total Commander FTP Password Ripper
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.08.31 -
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.PSW.Delf.F.1
Additional information
File size: 208896 bytes
MD5: 09101f96864d3086d18303abf339b558
SHA1: 47c736f50b3c31849a3a1afdc5c25d0b7f465043
packers: UPX
packers: UPXRE: Again Virus / Trojan warnings - crowley - 09-02-2007
Thanx to virustotal.com:
Scanned File: UniExtract.exe
Result: 3/32 (9.38%)
Code:
Antivirus Version Last Update Result
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.01 -
AVG 7.5.0.484 2007.09.01 -
BitDefender 7.2 2007.09.02 -
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 suspicious Trojan/Worm
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 -
FileAdvisor 1 2007.09.02 -
Fortinet 3.11.0.0 2007.09.02 -
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 -
Kaspersky 4.0.2.24 2007.09.02 -
McAfee 5110 2007.08.31 -
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 W32/Zlob.gen91
Panda 9.0.0.4 2007.09.01 -
Prevx V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 -
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.08.31 -
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Worm.Win32.ModifiedUPX.gen!90 (suspicious)
Additional information
File size: 284639 bytes
MD5: ae756177c51dae47f525ca134eef6ed4
SHA1: 01bd4d401bebc7d5b60d69fdb602520642bf4092
packers: UPXRE: Again Virus / Trojan warnings - crowley - 09-02-2007
Thanx to jotti.org:
Scanned File: UniExtract.exe
Result: 2/20 (10.0%)
Code:
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Worm.Sohanad.Aw
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Zlob.gen91
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Additional information
File: UniExtract.exe
Status: INFECTED/MALWARE
MD5: ae756177c51dae47f525ca134eef6ed4
Packers detected: PE_PATCH.UPX
Bit9 reports: File not foundRE: Again Virus / Trojan warnings - crowley - 09-02-2007
Thanx to jotti.org:
Scanned File: Windows_Commander_FTP_Password_RIPPER.exe
Result: 7/20 (35.0%)
Code:
A-Squared Found nothing
AntiVir Found SPR/PSW.Delf.F.1
ArcaVir Found Riskware.Pswtool.Delf.F
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Spyware.Pws.Delf.F
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Tool.PassView.21
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:PSWTool.Win32.Delf.f (6, 2, 605)
Fortinet Found HackerTool/Delf
Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.Delf.f
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Additional information
File: Windows_Commander_FTP_Password_RIPPER.exe
Status: INFECTED/MALWARE
MD5: 09101f96864d3086d18303abf339b558
Packers detected: UPX
Bit9 reports: File not foundRE: Again Virus / Trojan warnings - [HUN]Peti - 09-02-2007
Agree, password ripper is not ok, there are alternative programs (though this does the most, the program i found only works if you paste the encrypted password in it), and a guy on the hungarian forum reported that Revelation is infected, Kaspersky and McAfee say so, though NOD32 can't find it...
RE: Again Virus / Trojan warnings - [HUN]Peti - 09-02-2007
About Revelation.exe VirusTotal Wrote:A(z) Revelation.exe állomány feltöltve: 2007.09.02 17:10:58 (CET)
Antivírus Verzió Utolsó frissítés Eredmény
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.01 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.02 Application.Passrevel.A
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.SnadBoy.2011
FileAdvisor 1 2007.09.02 Low threat detected
Fortinet 3.11.0.0 2007.09.02 HackerTool/SnadBoy
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 not-a-virusSWTool.Win32.SnadBoy.2011
Kaspersky 4.0.2.24 2007.09.02 not-a-virus
McAfee 5110 2007.08.31 potentially unwanted program PWCrack-SnadBoy
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 -
Prevx1 V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 SnadBoy
Sunbelt 2.2.907.0 2007.08.31 -
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.09.02 Trojan/SnadBoy.2011
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.CodeRevel.A.3
További információ
File size: 69632 bytes
MD5: 5fbc923249818c4b0489b85c1abf0357
SHA1: 2be6486f0e355489d9f2e5da9c28875d830b81f0
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=5fbc923249818c4b0489b85c1abf0357
About RevelationHelper.dll VirusTotal Wrote:A(z) RevelationHelper.dll állomány feltöltve: 2007.09.02 17:12:37 (CET)
Pillanatnyi állapot: Feltöltés ... sorbanállás várakozás vizsgálat befejeződött NEM TALÁLHATÓ LEÁLLT
Eredmény: 11/31 (35.49%)
Szerver információk betöltése...
A feltöltött állomány a 2.-ik a várakozási listán.
Becsült induló időpont 43 és 62 másodperc között.
Ne zárja be az ablakot, amíg az állomány feltöltése be nem fejeződik!
A feltöltött állomány vizsgálata közben a víruskereső motor leállt. Néhány másodperc múlva újból megkíséreljük a vizsgálatot.
Ha a várakozási idő esetleg hosszabb lenne öt percnél, kérjük töltse fel a vizsgálandó állományt újra!
A feltöltött állomány vizsgálata folyamatban,
az eredmény hamarosan megjelenik.
Formázott Formázott
Eredmény nyomtatása Eredmény nyomtatása
Az ön által küldött állomány nem létezik, vagy a rendelkezésre álló időkeret lejárt.
A szolgáltatás jelenleg szünetel, az Ön által feltöltött állomány ellenőrzésre vár ( a . helyen), egy későbbi időpontban.
Várjon a weboldal válaszára (automatikusan frissülni fog) vagy gépelje be az e-mail címét a lenti űrlapba és kattintson a "Jóváhagy" gombra, ekkor a rendszer a vizsgálat végeztével elküldi majd az eredményt.
E-mail:
Antivírus Verzió Utolsó frissítés Eredmény
AhnLab-V3 2007.9.1.0 2007.09.01 -
AntiVir 7.4.1.66 2007.09.01 -
Authentium 4.93.8 2007.09.02 -
Avast 4.7.1029.0 2007.09.01 -
AVG 7.5.0.484 2007.09.02 -
BitDefender 7.2 2007.09.02 Application.CodeRevel.A
CAT-QuickHeal 9.00 2007.09.01 -
ClamAV 0.91.2 2007.09.02 -
DrWeb 4.33 2007.09.02 -
eSafe 7.0.15.0 2007.09.02 -
eTrust-Vet 31.1.5100 2007.08.31 -
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.SnadBoy.2011
FileAdvisor 1 2007.09.02 High threat detected
Fortinet 3.11.0.0 2007.09.02 HackerTool/SnadBoy
F-Prot 4.3.2.48 2007.09.02 -
F-Secure 6.70.13030.0 2007.09.02 -
Ikarus T3.1.1.12 2007.09.02 not-a-virus
Kaspersky 4.0.2.24 2007.09.02 not-a-virus
McAfee 5110 2007.08.31 potentially unwanted program PWCrack-SnadBoy
Microsoft 1.2803 2007.09.02 -
NOD32v2 2497 2007.09.01 -
Norman 5.80.02 2007.09.02 -
Panda 9.0.0.4 2007.09.02 Generic Malware
Prevx1 V2 2007.09.02 -
Rising 19.38.62.00 2007.09.02 -
Sophos 4.21.0 2007.09.02 SnadBoy
Symantec 10 2007.09.02 -
TheHacker 6.1.9.175 2007.09.02 Trojan/SnadBoy.2011
VBA32 3.12.2.3 2007.09.01 -
VirusBuster 4.3.26:9 2007.09.02 -
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.CodeRevel.A.1
További információ
File size: 49152 bytes
MD5: 600bf03b2cd872d5d90ef39ccae53ff6
SHA1: f937d3b2409f2d8c32c12e2f3f3cf8996b1dfcd3
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=600bf03b2cd872d5d90ef39ccae53ff6
Maybe it really is a virus (?). But it's function is to find passwords, so I'm not sure...
RE: Again Virus / Trojan warnings - m^2 - 09-02-2007
[HUN Wrote:Peti]
About Revelation.exe VirusTotal Wrote:BitDefender 7.2 2007.09.02 Application.Passrevel.A
Ewido 4.0 2007.09.02 Not-A-Virus.PSWTool.Win32.SnadBoy.2011
FileAdvisor 1 2007.09.02 Low threat detected
Fortinet 3.11.0.0 2007.09.02 HackerTool/SnadBoynot-a-virus
McAfee 5110 2007.08.31 potentially unwanted program PWCrack-SnadBoy
Sophos 4.21.0 2007.09.02 SnadBoy
TheHacker 6.1.9.175 2007.09.02 Trojan/SnadBoy.2011
Webwasher-Gateway 6.0.1 2007.09.01 Riskware.CodeRevel.A.3
(-Cleaned-)
Maybe it really is a virus (?). But it's function is to find passwords, so I'm not sure...
Most of this reports say it's malicious just because it's a password revealer(PSWTool). Only TheHacker claims it's a trojan. 1/32.