Giveaway of the Day Forums » Tag: malware

Giveaway of the Day Forums » Tag: malware - Recent Posts http://www.giveawayoftheday.com/forums/tags/malware Giveaway of the Day Forums » Tag: malware - Recent Posts en-US Wed, 25 Nov 2009 17:48:28 +0000 http://bbpress.org/?v=1.0.2 <![CDATA[Search]]> q http://www.giveawayoftheday.com/forums/search.php nrshapiro on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-68097 Mon, 23 Nov 2009 18:04:02 +0000 nrshapiro 68097@http://www.giveawayoftheday.com/forums/ Norton Internet Security 2010 will not allow activate.exe to run. It won't allow it to stay either--deleting it. I could disable NAV of course, but then if activate.exe did contain a virus I'd be screwed, especially since it needs to be run with admin privileges. So I think GOTD needs to work this out with Norton. Steve on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-68005 Sat, 21 Nov 2009 02:56:51 +0000 Steve 68005@http://www.giveawayoftheday.com/forums/ <a href="http://www.giveawayoftheday.com/photo-stamp-remover/" rel="nofollow">http://www.giveawayoftheday.com/photo-stamp-remover/</a> OS = Windows XP Pro, sp3, IE8, all patches. Stamp Remover has been on this machine since the giveaway, although I don't think I ever used it after the giveaway. SAV 9.0.7.1000, scan engine 91.2.1.10, virus definitions version 11/18/2009 rev. 3. auto-protect scan detected c:\program files\photo stamp remover\StampRemover.exe as a threat called "downloader". default action = clean (failed). backup action = quarantine (failed). final action taken by SAV = delete. The file was deleted successfully. Very suspsicious if you ask me, especially since I wasn't even using the software. I was starting another software (radioget) at the time. pavid on "Windows7's,UAC bypassed by 8 out of 10 malware samples microsoft-fires-back" http://www.giveawayoftheday.com/forums/topic/6523#post-67621 Thu, 12 Nov 2009 19:40:51 +0000 pavid 67621@http://www.giveawayoftheday.com/forums/ Interesting reads!! Thanks for the links doggy. :) hotdoge3 on "Windows7's,UAC bypassed by 8 out of 10 malware samples microsoft-fires-back" http://www.giveawayoftheday.com/forums/topic/6523#post-67599 Thu, 12 Nov 2009 04:50:43 +0000 hotdoge3 67599@http://www.giveawayoftheday.com/forums/ <a href="http://blogs.zdnet.com/security/?p=4825&tag=nl.e539" rel="nofollow">http://blogs.zdnet.com/security/?p=4825&tag=nl.e539</a> Windows 7's default UAC bypassed by 8 out of 10 malware samples <a href="http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable-8-10-viruses/" rel="nofollow">http://www.sophos.com/blogs/chetw/g/2009/11/03/windows-7-vulnerable-8-10-viruses/</a> <a href="http://blog.threatfire.com/2009/10/malware-attacks-on-windows-7.html" rel="nofollow">http://blog.threatfire.com/2009/10/malware-attacks-on-windows-7.html</a> <a href="http://blogs.zdnet.com/security/?p=2517" rel="nofollow">http://blogs.zdnet.com/security/?p=2517</a> <a href="http://www.sophos.com/blogs/chetw/g/2009/08/25/windows-7-security-myths-wiredcom/" rel="nofollow">http://www.sophos.com/blogs/chetw/g/2009/08/25/windows-7-security-myths-wiredcom/</a> <a href="http://windowsitpro.com/windowspaulthurrott/article/articleid/103117/microsoft-fires-back-at-deceptive-windows-7-claims-by-sophos.html" rel="nofollow">http://windowsitpro.com/windowspaulthurrott/article/articleid/103117/microsoft-fires-back-at-deceptive-windows-7-claims-by-sophos.html</a> rezidue on "IObit Advanced SystemCare malware trojan Conduit toolbar is classed as malware" http://www.giveawayoftheday.com/forums/topic/6507#post-67489 Tue, 10 Nov 2009 02:34:23 +0000 rezidue 67489@http://www.giveawayoftheday.com/forums/ thanks for the update HD3! something was very fishy about this and I still think they took the code in question... BTW - I like your updates on tech issues (even if I have to "decode" some of your posts - :-) ) regards - Damian hotdoge3 on "IObit Advanced SystemCare malware trojan Conduit toolbar is classed as malware" http://www.giveawayoftheday.com/forums/topic/6507#post-67486 Tue, 10 Nov 2009 02:22:28 +0000 hotdoge3 67486@http://www.giveawayoftheday.com/forums/ <a href="http://forums.iobit.com/showthread.php?t=4801&page=2" rel="nofollow">http://forums.iobit.com/showthread.php?t=4801&page=2</a> A legal letter will be released later, which will prove that there is no problem with Intellectual Property Rights. For the sake of avoiding dispute and possible problems, we have deleted all disputed items in way? our database temporarily, and have updated IObit Security 360’s database. ABOUT THE ACCUSATION –DISPUTE THREAD " Closed Thread " ? IObit not like some posts? <a href="http://forums.iobit.com/showthread.php?t=4868" rel="nofollow">http://forums.iobit.com/showthread.php?t=4868</a> Uninstalling iobit 360 (mostly toolbar related) Conduit toolbar is classed as malware by most. (This is in IObit forums well said, <a href="http://www.siteadvisor.com/sites/iobit.com" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com</a> <a href="http://www.siteadvisor.com/sites/iobit.com/downloads21853516/" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com/downloads21853516/</a> (9/10)Nuisance Score Red bad Exploit-ObscuredHtml trojan "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup <a href="http://www.siteadvisor.com/sites/iobit.com/downloads/21889236/" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com/downloads/21889236/</a> (9/10)Nuisance Score Red bad URL of the download: htxxtp://download.iobit.com/asc-setup.exe awcsetup.exe installed the following programs on our PC:Exploit-ObscuredHtml trojan <a href="http://www.siteadvisor.com/sites/iobit.com/downloads/" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com/downloads/</a> Changes your default search page, Buttons, toolbars or add ons. You may also like to see Post IObit 360 HappyPerson on "ZD-NET Article - Which Programs Are Most Effective At Removing Malware" http://www.giveawayoftheday.com/forums/topic/6482#post-67313 Sat, 07 Nov 2009 10:48:40 +0000 HappyPerson 67313@http://www.giveawayoftheday.com/forums/ <a href="http://blogs.zdnet.com/security/?p=4818&tag=nl.e589">ZD-NET Comparative Article About Most Effective Programs To Remove Malware</a> TeXaCo on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-67025 Sun, 01 Nov 2009 16:55:24 +0000 TeXaCo 67025@http://www.giveawayoftheday.com/forums/ After installing IOBIT 360 reported it the dll file as a trojan. Then after scanning my whole system, it came up with 15 other files from regtidy as a virus. As the program was taking me to (I'm assuming the software website). Avira blocked the website from being displayed saying it was known to be a malicious website and WOT also blocked it. Now I know there have been false positives in the past but this seems to be too much to be false. perz on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-66963 Sat, 31 Oct 2009 21:46:02 +0000 perz 66963@http://www.giveawayoftheday.com/forums/ RegTidy trojan detected and identified by Avira AntiVir Premium: Virus or unwanted program 'TR/Drop.arte.410624 [trojan]' detected in file 'C:\Program Files\RegTidy 2009\RegTidy.dll. Action performed: Deny access leofelix on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-66949 Sat, 31 Oct 2009 19:27:32 +0000 leofelix 66949@http://www.giveawayoftheday.com/forums/ RegTidy is a misleading application, it will brings to false positive detection, more it can mess up you system. <a href="http://www.emsisoft.com/en/malware/?Adware.Win32.RegTidy" rel="nofollow">http://www.emsisoft.com/en/malware/?Adware.Win32.RegTidy</a> <a href="http://www.mywot.com/en/scorecard/regtidy.com" rel="nofollow">http://www.mywot.com/en/scorecard/regtidy.com</a> I wonder GOTD team didn't check it hotdoge3 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66440 Fri, 23 Oct 2009 09:16:10 +0000 hotdoge3 66440@http://www.giveawayoftheday.com/forums/ <a href="http://clubhouse.microsoft.com/public/post/97bd9ec6-702c-4998-a34f-c22954c91ad0" rel="nofollow">http://clubhouse.microsoft.com/public/post/97bd9ec6-702c-4998-a34f-c22954c91ad0</a> MS09-054: IE and Firefox Attack Surface (Info & settings) IE & Firefox <a href="http://support.microsoft.com/kb/963707" rel="nofollow">http://support.microsoft.com/kb/963707</a> <a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab" rel="nofollow">http://www.microsoft.com/downloads/details.aspx?FamilyID=cecc62dc-96a7-4657-af91-6383ba034eab</a> IMPORTANT: After installing the .NET Framework 3.5 SP1 package (either the bootstrapper or the full package) you should immediately install the update KB959209 to address a set of known application compatibility issues. hotdoge3 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66362 Wed, 21 Oct 2009 23:10:39 +0000 hotdoge3 66362@http://www.giveawayoftheday.com/forums/ Terri218 you not safe with IE 7 or IE as the same up date for All,There’s a fair bit of confusion circulating about what happened, <a href="http://www.annoyances.org/exec/show/article08-600" rel="nofollow">http://www.annoyances.org/exec/show/article08-600</a> <a href="http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx" rel="nofollow">http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx</a> Remote Code Execution Critical Microsoft Security Bulletin MS09-054 - Critical Cumulative Security Update for Internet Explorer (974455) & Firefox <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=522777" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=522777</a> <a href="http://www.computerworld.com/s/article/9139459/Sneaky_Microsoft_plug_in_puts_Firefox_users_at_ris" rel="nofollow">http://www.computerworld.com/s/article/9139459/Sneaky_Microsoft_plug_in_puts_Firefox_users_at_ris</a> k Removal instructions for the first part are here: <a href="http://support.microsoft.com/kb/963707" rel="nofollow">http://support.microsoft.com/kb/963707</a> This article describes how to remove the .NET Framework Assistant for Firefox from your computer. This article also describes how to update the .NET Framework 3.5 SP1 for the .NET Framework Assistant 1.0 so that the component can be disabled. <a href="http://support.microsoft.com/kb/963707" rel="nofollow">http://support.microsoft.com/kb/963707</a> The second part can be removed by deleting the folder: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation <a href="http://support.microsoft.com/kb/963707" rel="nofollow">http://support.microsoft.com/kb/963707</a> How to remove the .NET Framework Assistant for Firefox <a href="https://www.mozilla.com/en-US/blocklist/" rel="nofollow">https://www.mozilla.com/en-US/blocklist/</a> Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: remote code execution vulnerability (see bug 522777).(or similar) If you got Net Framework 1.1 or 2 you are ok but if you got 3 & 3.5 and firefox no good to check go to Tools options Applications & allso add-ons & look for (Windows Markup File) (XAML Browser Application) (Windows Presentation Foundation) if the up date fix you not see it's Critical so do check may come back so keep checking. watcher13 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66330 Wed, 21 Oct 2009 16:10:43 +0000 watcher13 66330@http://www.giveawayoftheday.com/forums/ Just occurred to me, too, that you could used that suggestion that I posted in the other thread. Use something like Returnil or Windows Steady State when you apply the updates. Then, if there's damage, you can easily wipe it away. If they're good, you can make the changes permanent. watcher13 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66329 Wed, 21 Oct 2009 15:54:00 +0000 watcher13 66329@http://www.giveawayoftheday.com/forums/ Terri, have you seen this thread: <a href="http://www.giveawayoftheday.com/forums/topic/6361#post-65993" rel="nofollow">http://www.giveawayoftheday.com/forums/topic/6361#post-65993</a> The new update badly messed up Copmom's system and others, too. I'd do the updates in manual, so I could pick and choose if I were you. She found on the web that this update has been crashing some XP systems and a system restore is blocked: KB971486 I'd be cautious before installing that one! Of course, you could avoid the Firefox killer that way, too. But you'd have to not get the .net fixes. Good ol' MS! Terri218 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66320 Wed, 21 Oct 2009 13:28:44 +0000 Terri218 66320@http://www.giveawayoftheday.com/forums/ So is this thing safe if you have IE7? People are still urging me to do the recent big Windows Security update. Opinions? Terri218 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66319 Wed, 21 Oct 2009 13:26:34 +0000 Terri218 66319@http://www.giveawayoftheday.com/forums/ Lucy you got some splaining to do. hotdoge3 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66312 Wed, 21 Oct 2009 09:52:26 +0000 hotdoge3 66312@http://www.giveawayoftheday.com/forums/ <a href="http://www.h-online.com/security/news/item/Firefox-blocks-then-unblocks-Microsoft-add-on-832309.html" rel="nofollow">http://www.h-online.com/security/news/item/Firefox-blocks-then-unblocks-Microsoft-add-on-832309.html</a> Firefox blocks, then unblocks, Microsoft add-on On Friday, Mozilla announced it had placed the "Microsoft .NET Framework Assistant" add-on for Firefox on its list of blocked modules (blocklist). copmom on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66090 Sun, 18 Oct 2009 15:15:04 +0000 copmom 66090@http://www.giveawayoftheday.com/forums/ Same here.. Firefox blocked 2 add ons! Even if Microsoft tries to sabotage us, Firefox is looking out for us! *-) Merri on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66052 Sat, 17 Oct 2009 23:12:31 +0000 Merri 66052@http://www.giveawayoftheday.com/forums/ FUNNY as I JUST opened my browser now and read this , suddenly firefox popped up a little window saying that addon was blocked too! LOVE firefox... WOW indeed! :) HappyPerson on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66043 Sat, 17 Oct 2009 21:52:23 +0000 HappyPerson 66043@http://www.giveawayoftheday.com/forums/ Speaking of this security issue - today my firefox 3.5 spontaneously and unexpectedly displayed an alert for the "net-framework assistant and Presentation Foundation" add-ons. In fact, Firefox blocked them, and I was very pleased with this action. Wow! Robert on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-66039 Sat, 17 Oct 2009 21:37:45 +0000 Robert 66039@http://www.giveawayoftheday.com/forums/ Thanks hotdoge. Funny enough minutes after reading your post I got a message in Firefox that some addons were blocked automatically,because they interfered with FF. (Dotnet framework assistant,Windows Presentation Foundation and Google advanced toolbar) Here's an interesting link to the <a href="https://www.mozilla.com/en-US/blocklist/">Mozilla blocklist </a> hotdoge3 on "how-to-remove-microsoft-net-spyware-extension" http://www.giveawayoftheday.com/forums/topic/4783#post-65980 Sat, 17 Oct 2009 10:08:42 +0000 hotdoge3 65980@http://www.giveawayoftheday.com/forums/ <a href="http://www.calendarofupdates.com/updates/index.php?showtopic=24100" rel="nofollow">http://www.calendarofupdates.com/updates/index.php?showtopic=24100</a> Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users? Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the "browse and you're owned" attacks that are typically used in drive-by malware downloads. The flaw was addressed in the MS09-054 bulletin that covered "critical" holes in Microsoft's Internet Explorer but, as Redmond's Security Research & Defense team explains, the drive-by download risk extends beyond Microsoft's browser. While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a "Windows Presentation Foundation" plug-in in Firefox. Now, Microsoft's security folks are actually recommending that Firefox users uninstall the buggy add-on: <a href="http://blogs.zdnet.com/security/?p=4614%22%20target=%22_blank" rel="nofollow">http://blogs.zdnet.com/security/?p=4614%22%20target=%22_blank</a> For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”. as for NET.Framework auto up date you will get 3.5, I set up date on manual & say no to net Framework 3 & 3.5 watcher13 on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65804 Wed, 14 Oct 2009 19:03:20 +0000 watcher13 65804@http://www.giveawayoftheday.com/forums/ Not sure. It has a small AV module. Maybe it was checking for updates. As you probably saw, it also had links to other bundled software and "recommended" softwares. If you didn't deselect all that stuff, it might have been trying to contact one of them. Also, I haven't got around to installing yet, but I read over in the comments section that it still has nag screens to get you to upgrade. It may have been trying to download one of them. I'm thinking it's one or two of these annoying, but semi-harmless functions. prs on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65801 Wed, 14 Oct 2009 17:56:29 +0000 prs 65801@http://www.giveawayoftheday.com/forums/ Today,s offer has rave reviews from the regulars. Would hate to let this go. I posted this in the comments section today and I find that my comment is "moderated" So here goes. Had this evaluated at virustotal and jotti.org. The result is 1/41 and 1/21 detecting Trojan. Kaspersky in those two lists is happy. Zone Alarm on my computer informs me that AnVir is trying to contact two particular destination IP. What does that mean ? notblocklox on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65795 Wed, 14 Oct 2009 16:28:03 +0000 notblocklox 65795@http://www.giveawayoftheday.com/forums/ No, my Kasper is quite happy with AnVir. prs on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65789 Wed, 14 Oct 2009 14:16:04 +0000 prs 65789@http://www.giveawayoftheday.com/forums/ Todays offering by AnVir had my Kaspersky Internet Security crying foul. It is detected as a Trojan. I added AnVir to exclusions. Anyone else have this trouble ? gtoal on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65788 Wed, 14 Oct 2009 13:57:56 +0000 gtoal 65788@http://www.giveawayoftheday.com/forums/ Today's signature update to McAfee just flagged the 22 Jan PDFZilla executable as "Generic.dx!fua" (and deleted it). rezidue on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-63537 Sun, 06 Sep 2009 22:48:10 +0000 rezidue 63537@http://www.giveawayoftheday.com/forums/ VirusTotal scan of webgalery.exe from <a href="http://www.giveawayoftheday.com/softorbits-html-web-gallery-creator/">SoftOrbits HTML Web Gallery Creator given away on September 4, 2009</a> Trojan-Downloader.Win32.Adload.jot <a href="http://www.virustotal.com/analisis/1d243e423585d8295a62d5d465644c66767c0a7b5454a12ea5cce3cc0e3691cf-1252275170" rel="nofollow">http://www.virustotal.com/analisis/1d243e423585d8295a62d5d465644c66767c0a7b5454a12ea5cce3cc0e3691cf-1252275170</a> rezidue on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-63142 Sun, 30 Aug 2009 00:04:15 +0000 rezidue 63142@http://www.giveawayoftheday.com/forums/ <a href="http://www.giveawayoftheday.com/2009/08/14/">Batch Image Resizer given away on August 14, 2009</a> Backdoor.Win32.Hupigon.htas Please note the wrapper was removed for this scan to verify that it had nothing to do with the bundled Software Informer application. <a href="http://www.virustotal.com/analisis/f2fb709f74ecf276846fffb5e0da1edc784bcf124b48b124958bda6892cbbe7d-1251589760" rel="nofollow">http://www.virustotal.com/analisis/f2fb709f74ecf276846fffb5e0da1edc784bcf124b48b124958bda6892cbbe7d-1251589760</a> In fact out of the 9 offerings from SoftOrbits.com only 4 applications scanned 100% clean at VirusTotal, the rest scan as containing a trojan or adware. Sorry I didn't see this sooner, Regards, Damian ants on "Review Trojan/Virus Reports" http://www.giveawayoftheday.com/forums/topic/719/page/6#post-62712 Sat, 22 Aug 2009 06:43:16 +0000 ants 62712@http://www.giveawayoftheday.com/forums/ Update! After the Gold Audio Suite build has been updated no infection is detected. The demo version at vendors site is not changed.