http://www.giveawayoftheday.com/forums/ Giveaway of the Day Forums Tag: Root en Mon, 06 Oct 2008 14:02:33 +0000 http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40577 Fri, 22 Aug 2008 06:30:46 +0000 gracie20 40577@http://www.giveawayoftheday.com/forums/ <p>I am getting a Trojan alert in my system. what should i do? Please reply. </p> <p>Gracie Sh<br /> <a href="http://hdtvlcdplasma.com" rel="nofollow">http://hdtvlcdplasma.com</a> </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40347 Mon, 18 Aug 2008 02:53:16 +0000 skeptic 40347@http://www.giveawayoftheday.com/forums/ <p>Still no word from the GOTD team. it is now over 4 hours since I tried to post on the current giveaway comments section. My comment has not been posted.<br /> This will not go away!<br /> If this silence continue, I will notify all tech newsletters and magazines that I subscribed to. They include: PC WORLD, PC Magazine, Windows Secrets and a dozen more. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40346 Mon, 18 Aug 2008 02:44:43 +0000 crysisevolved 40346@http://www.giveawayoftheday.com/forums/ <p>Yea I got spyware on this latest download. This is the first time I have ever used GAOTD....and I am disappointed. Since I really liked this site, I recommended it to some friends once I found out about it. I now told them they packed spyware in their downloads, and not to visit the website. I have AVG and it tells me this, along with adaware2008 </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40345 Mon, 18 Aug 2008 01:39:53 +0000 JDPower 40345@http://www.giveawayoftheday.com/forums/ <p>So no comment from GAOTD on this matter (neither here or on the comments for today's giveaway), very disappointing. Personally I'd have pulled the download straight away which only leaves two explanations for the silence - either GAOTD knew about the spyware in todays download and don't care, or they are getting paid well to add this spyware software in their giveaways. Either way it seems GAOTD are no longer trustworthy (and fully deserve to go back to being a red listed site with McAfee Site Advisor) </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40337 Sun, 17 Aug 2008 21:12:15 +0000 GAOTD lover to hater in 1 day 40337@http://www.giveawayoftheday.com/forums/ <p>As jstone says: "Today's (8/17/08) giveaway, Plato iPod PSP 3GP Converter (http://www.giveawayoftheday.com/plato-ipod-psp-3gp-converter/) contains spyware called "RelevantKnowledge".</p> <p>There's no need for a detection scan as it actually pops up a screen *telling* you this at the beginning of the install (albeit in tiny print)."</p> <p>This has totally destroyed my confidence in GAOTD. Despite their claims, they obviously DO NOT check the software carefully enough. I have recommended this site to several non-technical friends and now I'll have to advise them that it can no longer be trusted.</p> <p>As of now GAOTD is gone from my bookmarks. Some may say that it's only one instance but that is one instance too many. A sad day indeed. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-40321 Sun, 17 Aug 2008 15:41:53 +0000 jstone 40321@http://www.giveawayoftheday.com/forums/ <p>Today's (8/17/08) giveaway, Plato iPod PSP 3GP Converter (http://www.giveawayoftheday.com/plato-ipod-psp-3gp-converter/) contains spyware called "RelevantKnowledge".</p> <p>There's no need for a detection scan as it actually pops up a screen *telling* you this at the beginning of the install (albeit in tiny print).</p> <p>You can find more information about this particular spyware at <a href="http://www.benedelman.org/news/062907-1.html" rel="nofollow">http://www.benedelman.org/news/062907-1.html</a> among other places.</p> <p>According to the message at the beginning of this topic, "The GOTD Team do scan the giveaways prior to making them available, using multiple tools, and take every precaution to ensure that giveaways are virus, spyware or malware free."</p> <p>I really find it hard to believe that they're really checking for malware if they missed something *this* blatant. Simply reading the text on the first install screen would have alerted them.</p> <p>Meanwhile, there's been no response from the GAOTD admins despite the multiple warnings of spyware in the comments.</p> <p>How many people got infected with this garbage because they downloaded and installed it before my warning -- it's the second comment -- got out of the "awaiting moderation" stage and became visible? For that matter, there are probably still people installing it without reading the comments first. </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-39953 Wed, 13 Aug 2008 18:03:40 +0000 Violet4714 39953@http://www.giveawayoftheday.com/forums/ <p>McAfee detected something in Smart Install Maker after installation...scan date was 11/30/2007...</p> <p>New Malware.bl</p> <p><a href="http://us.mcafee.com/virusInfo/default.asp?id=alphar&#38;char=New%20Malware.bl" rel="nofollow">http://us.mcafee.com/virusInfo/default.asp?id=alphar&#38;char=New%20Malware.bl</a></p> <p>in: C:\Program Files\Smart Install Maker\sim.exe</p> <p>it was also found in a System Restore point that was created after install...</p> <p>A0040785.exe was the restore point description...</p> <p>it was detected as Heuristic...</p> <p>McAfee Definition of Heuristic: Heuristic analysis is behavior-based analysis of a computer program by anti-virus software to identify a potential virus. Often heuristic scanning produces false alarms when a clean program behaves as a virus might.</p> <p>no other reports of infection were posted, but i wasn't comfortable with it on my PC, so i quarantined it...i haven't restored it to see if updated definitions have changed the status of SIM (the developers may have asked McAfee to check it &#38; verify it is ok)...</p> <p>this is my main PC, and i've had no problems with online transactions...</p> <p>XPSP2 MCE (up to date) </p> http://www.giveawayoftheday.com/forums/topic/719/page/5#post-39949 Wed, 13 Aug 2008 16:34:59 +0000 gonzo 39949@http://www.giveawayoftheday.com/forums/ <p>Sure. No hits with up-to-date AVG 8.0 Free Edition, but I don't think that it picks up trojans, does it?</p> <p>I'm using DefenseWall as a sandbox isolator. I wish I was confident about exactly how I'd know if DefenseWall was doing any good against a trojan. I regularly get messages from DefenseWall regarding some program I'm using logging keystrokes, but those programs are legit and need keystroke logging to function, or at least their web sites claim so. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39814 Mon, 11 Aug 2008 18:16:28 +0000 Lee 39814@http://www.giveawayoftheday.com/forums/ <p>Did you both scan with any other AV or SW application? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39523 Wed, 06 Aug 2008 22:51:20 +0000 Mercurius 39523@http://www.giveawayoftheday.com/forums/ <p>At least 1 reply. Thanks, Gonzo, for your confirmation. It feels strange to report a trojan banker in a GOTD product and nothing happens almost 1 day.</p> <p>But I do wonder why GOTD remains silent. Bad sign for what's going on behind the stage,<br /> or just due to their vacation? We'll see...</p> <p>Meanwhile I've moved the two suspicious files onto a USB stick, and as a consequence the a² scan of the SIM directory is clean now. Nevertheless, such a state of "security" seems to me nothing but self-deceptive - not at all to my liking. How can we tell whether the two baddies haven't generated "remote server files" (cf. the given link above) hidden deeply inside the registry?</p> <p>So, what has to be done till somebody "official" is going to take over responsibility?!</p> <p>Well, to play safe you've got primarily one solution - all downloaders of Smart Install Maker must QUARANTINE the pc where SIM has been installed on in that they stop doing online banking on that same pc! If you are lucky having a notebook at your disposal, use IT for online banking as long as the coast isn't clear yet.</p> <p>Other than that I don't see an alternative to a reformat of your internet pc ...<br /> Do you, GOTD team??? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39505 Wed, 06 Aug 2008 16:39:53 +0000 gonzo 39505@http://www.giveawayoftheday.com/forums/ <p>Ditto here. Identical experience on my Vista Home Premium Presario laptop while recently trying out Emsi Anti-Malware 3.5.</p> <p>The files are identified further by Emsi as coming from Smart Install Maker -</p> <p>C:\Program Files\Smart Install Maker\Data\Install.exe</p> <p>I downloaded and installed Smart Install Maker from GAOTD on November 15, 2007.</p> <p>Question: If you delete the Smart Install Maker setup.exe file as well as the Install.exe file as I have done, are you then completely free of the Banker Trojan/Spy problem? In other words, can you safely use the Smart Install Maker program? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-39449 Tue, 05 Aug 2008 19:22:00 +0000 Mercurius 39449@http://www.giveawayoftheday.com/forums/ <p>Smart Install Maker (GOTD from 11/27/2007) malware ALERT</p> <p>Emsi a² Anti-Malware 3.5 (very recent giveaway) has found a TROJAN-SPY.Win32.Banker.khi which is “capable of stealing private information such as account numbers, passwords and banking credentials” (cf. <a href="http://www.avast.com/eng/win32-banker.html" rel="nofollow">http://www.avast.com/eng/win32-banker.html</a>).<br /> Infected appear to be two files named “install.exe” (in “Data” folder) and "setup.exe” (if you haven’t deleted this file immediately after installation).</p> <p>GOTD team, you definitively ought to investigate that issue! It surely isn’t a minor one!<br /> To be honest, although there have been a few false positives in the a² results, this time I don’t believe in a f.p. for multiple reasons.<br /> Something which is considerably questioning the credibility of the author, I.B.C., as well as in every case alike we had on GOTD, is that on their website they give no hint whatsoever as to their location, not even the country they come from.<br /> The point is, would a serious, customer-related company not be trying to build trust by letting the customer know where, at least in which country, the company’s working that he’s gonna pay and rely his pc on? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-38454 Sat, 19 Jul 2008 06:45:18 +0000 gtoal 38454@http://www.giveawayoftheday.com/forums/ <p>I tried to watch a video this evening with VLC and got an error "<code>C:\Windows\system32\OPENGL32.DLL is either<br /> not designed to run on Windows or it contains an error.<br /> Try installing the program again using the original installation<br /> media or contact your system administrator or the software vendor for support</code>"</p> <p>Remembering what someone posted yesterday about wondershare having updated some DLLs, I pulled out my last complete backup - fortunately from last weekend - and compared the size and date stamps of all the files in system32, thinking it was just<br /> an older version of something that had been badly updated'. Apart from 5 files which<br /> appeared to be related to microsoft update, there was nothing visibly different.</p> <p>However obviously something *had* changed, so I did a hex dump of opengl32.dll from before and after the last backup.</p> <p>It turns out that the most recent one has had its code compressed and some new code added to it, and written back on top of the file so that the length is preserved. Some of the original contents are still present at the end of the file since the compressed code + virus are shorter than the original.</p> <p>The insertion of the virus was also careful to update the date stamps so that they don't appear to have been changed.</p> <p>The only software that I've installed since the last backup (with the exception of one program which I installed under returnil and then removed) is from GAOTD - the Gridinsoft editor, and Wondershare.</p> <p>Here is the start of opengl32.dll from the old safe version:</p> <blockquote><p> 00000000: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 : MZ..............<br /> 00000010: b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 : <a href="mailto:........@.......">........@.......</a><br /> 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ................<br /> 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 : ................<br /> 00000040: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 : ........!..L.!Th<br /> 00000050: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f : is program canno<br /> 00000060: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 : t be run in DOS<br /> 00000070: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 : mode....$.......<br /> 00000080: a8 e1 0e 74 ec 80 60 27 ec 80 60 27 ec 80 60 27 : ...t..<code>&#39;..</code>'..`'<br /> 00000090: ec 80 61 27 41 80 60 27 cb 46 1b 27 fd 80 60 27 : ..a'A.<code>&#39;.F.&#39;..</code>' </p></blockquote> <p>and here is the start of the code from the infected version:</p> <blockquote><p> 00000000: 3d 22 97 cb 91 cb e6 f1 7d 9f 8c 9f 92 81 9f f1 : ="......}.......<br /> 00000010: c9 7a 39 06 06 47 d8 b0 71 5b 6f 14 d6 c7 1a 8d : .z9..G..q[o.....<br /> 00000020: 5a bd d9 6c 9d e3 42 2a ee d2 88 3b 43 db 0e 41 : Z..l..B*...;C..A<br /> 00000030: 08 49 22 05 5a 08 91 58 48 aa 81 6e 9e 2e 47 d3 : .I".Z..XH..n..G.<br /> 00000040: f5 40 4f b6 9a ba 3e 51 0c e2 81 6e df f1 5d a5 : <a href="mailto:.@O...&gt;Q...n..].">.@O...&gt;Q...n..].</a><br /> 00000050: 5c 47 2a e5 48 a5 1c 21 85 e7 08 db 9a 26 29 1e : \G*.H..!.....&#38;).<br /> 00000060: c4 db 74 1b 4e ff 16 a2 c9 c7 52 67 80 a0 13 eb : ..t.N.....Rg....<br /> 00000070: b5 a9 5b d5 1a 24 16 db d6 8c f4 7b b9 28 32 eb : ..[..$.....{.(2.<br /> 00000080: bb b2 4e ed c0 f9 c6 0c 17 88 69 29 4b 70 95 04 : ..N.......i)Kp..<br /> 00000090: 5e 40 5c 0c 02 58 0a df b9 d9 7c d7 29 2f 53 f8 : ^@\..X....|.)/S. </p></blockquote> <p>Maybe that'll be enough for other users here to check their own systems and<br /> see if anyone else has picked up this same virus.</p> <p>After getting two viruses in two weeks, with a high likelihood of them coming from here, this is just getting way too risky. As much<br /> as I've enjoyed the petty bickering, I am sad to say I'm outta here. So long guys, it's been nice knowing you.</p> <p>(Although I may drop in to this forum again after I've uploaded the virus to some of the AV sites to see if they can identify it)</p> <p>Graham </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-38043 Sun, 13 Jul 2008 22:57:47 +0000 gtoal 38043@http://www.giveawayoftheday.com/forums/ <p>I replaced the hard drive in my portable today with a larger one, and copied over the partitions intact from the old drive. On reboot windows did a repair (probably noticed the changed drive size) and at the end of that, rebooted. When I logged on after the reboot, Anvir immediately detected a trojan in the Solveig WMP Trimmer's *Uninstaller* program. Not sure why it didn't find it earlier, but this isn't something I picked up today - this machine hasn't been online for two or three days. It's very likely that the trojan has been there from the outset and it was only due to the repair that anvir had a chance to look at all the files on the machine. It may have been there since it was first installed.</p> <p>There's nothing on the original download web page ( <a href="http://www.giveawayoftheday.com/plugin-solveigmm-wmp-trimmer/" rel="nofollow">http://www.giveawayoftheday.com/plugin-solveigmm-wmp-trimmer/</a> ) about having seen trojans or viruses at the time of release (not even of false positives) so my guess is that this was caught by an antivirus update that came out after the software was installed.</p> <p>There are only three possibilities. I picked up a virus and this file is the only one on my system that's been infected; or the uninstaller had a trojan from the start; or this is a false positive. My money is on #2. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-35844 Sat, 21 Jun 2008 07:41:35 +0000 my_name_is_brad 35844@http://www.giveawayoftheday.com/forums/ <p>nah i never got the activation for that I believe. I may be thinking of the initial download for that, so I could be mistaken. I was thinking there was another one that was that way. Could just be the old memory crapping out again. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-35724 Fri, 20 Jun 2008 15:36:26 +0000 mikerb 35724@http://www.giveawayoftheday.com/forums/ <p>ah, that would be the infamous <a href="http://www.giveawayoftheday.com/flex-gif-animator/">Flex GIF Animator</a> that only about 2 people managed to get. were you one of them brad? </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-35527 Thu, 19 Jun 2008 06:44:14 +0000 my_name_is_brad 35527@http://www.giveawayoftheday.com/forums/ <p>i have seen a couple of offers lately that have required a validation from the developer site, and that is not such a bad thing really as it helps the developers keep up with stats on how well this site works for them.</p> <p>there was one that troubled me though, and I can't recall the name off hand. It required a second download from their site. To me this poses a huge security risk, and I hope you guys avoid this in the future because you have no way to validate what they decide to change it to.</p> <p>Even if I could remember the developer/software I wouldn't name them since their offer did pass the spyware/virus scanners on my computer even at the late time that I typically download. it's just a thought </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-34951 Mon, 16 Jun 2008 02:09:16 +0000 You Wont See Me 34951@http://www.giveawayoftheday.com/forums/ <p>PC Tools' "Threatfire reports that SAGA.exe is logging keystrokes". I'm not sure if this is something normal for games that the game is supposed to do but having a keylogger built into the game surely made me uninstall it. I posted this in the comments but it was Modded out so I figure I'll throw it up here. </p> <p>False Positive? Threatfire uses behavioral based detection so I was just wondering if this is something that is common for games to function and should be allowed to continue or not. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-34020 Mon, 09 Jun 2008 14:33:24 +0000 chuck11 34020@http://www.giveawayoftheday.com/forums/ <p>Following-up on the BurnAware issue, AVG also quarantined most of the files as being infected with Klone P. I contacted the software supplier and got a few cryptic notes back that they no longer support the Home Edition and that I should upgrade to their v.2. However, contrary to what is shown in my / GAOTD registration summary - 'eligible for upgrades for 1 year' - I was informed that only paying customers are eligible for this free upgrade. Not liking this 'bait &#38; switch' approach - when a promised is made...it should be kept. If someone from GAOTD could check into this, I sure everyone who d/l'd this software would appreciate it. Also, if you want, I can forward their e-mail responses.</p> <p>chuck11 </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-30099 Wed, 21 May 2008 00:04:30 +0000 Paulga 30099@http://www.giveawayoftheday.com/forums/ <p>iBizCard-Stud.......i just clicked to your link <a href="http://www.download3k.com/Antivirus-Report-iBizCard.html" rel="nofollow">http://www.download3k.com/Antivirus-Report-iBizCard.html</a></p> <p>and it sure started alarms going on my computer, dangerous....and so forth, where as the second link had no problem and gave a 100% free of virus ++, did you download from the first link??</p> <p>Paulga </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-30049 Tue, 20 May 2008 18:03:14 +0000 TK_M 30049@http://www.giveawayoftheday.com/forums/ <p>I updated my AVG Free to version 8.0 from the 7.5 last week and as soon as I did, BurnAware has been thowing up virus reports. This explains why it is suddenly giving reports, it seems to be due to the update.</p> <p>If you go to History/Virus Vault in AVG, you can highlight the quarrentined items and send them to Grisoft to be re-analysed if you feel they are false positives. I have just done that, only to find BurnAware have notified them as well.</p> <p>While in the virus vault, you can restorew the quarrentined files and BurnAware should then work normally.</p> <p>You can also click on "ignore" these files during a scan leave them in place until Grisoft gets them sorted out.</p> <p>I tried Avira as it has better detection rates than AVG, but had to go back to AVG as I got far too many false positives from Avira. Not only that, but it was hard to submit reports of false positives to Avira and even when I persevered, they said one false positive was real. Now it looks like AVG have increased their detection rate, but at the cost of more false positives. I will stick with them (at least temporarily) as at least they have made it easy to report suspected false positives. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-29999 Tue, 20 May 2008 09:14:09 +0000 hotdoge3 29999@http://www.giveawayoftheday.com/forums/ <p>BurnAware Home Edition is suddenly getting virus alerts from Antivirus. The developers are aware of the problem and have reported it to AVG. They say it is a false positie.<br /> It be fix with a update I had this with Nero 7 wen it fist come out update fix it be a false positie as it new,so keep it be fix be for long. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-29911 Mon, 19 May 2008 12:29:42 +0000 Dragonlair 29911@http://www.giveawayoftheday.com/forums/ <p>BurnAware Home Edition is suddenly getting virus alerts from AVG. The developers are aware of the problem and have reported it to AVG. They say it is a false positie. Their site shows it is both the home and free edition affected. The odd part is I have a friend who started getting the messages Saturday night. I didn't start getting it until this morning's boot. It showed up during the boot, not by trying to use the product.</p> <p>We have the same version of BurnAware (we both got it here) and we have the same version and level of AVG Free (8.0) having downloaded/installed it the same day. We also have almost the same OS (She has Vista Home Premium SP1 and I have Vista Ultimate SP1). Why did she start getting the messages about 36 hours before I did?</p> <p>As the product was not essential to me (I have Roxio Creation 9 from my original PC purchase), I have uninstalled it to be safe. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-29369 Tue, 13 May 2008 21:13:54 +0000 zubterfuge 29369@http://www.giveawayoftheday.com/forums/ <p>The Myspace Editor had a "trojen.adclick" and I was using NAV. The virus isn't found until after the product is installed. How disappointing. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-27781 Tue, 29 Apr 2008 14:48:50 +0000 OiMack 27781@http://www.giveawayoftheday.com/forums/ <p>Same problem here. After installing iBizCard Bitdefender found two infected files in the E_4 directory. Both infected with Trojan.Peed.Gen.<br /> The files are<br /> - EXMLParser.fne<br /> - shell.fne </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-27759 Tue, 29 Apr 2008 10:19:52 +0000 iBizCard_Studio 27759@http://www.giveawayoftheday.com/forums/ <p>Thebeo:Thank you for your report. we will contact Avira and deal with this problem as soon as possible.Please set assured,our produc is 100% Clean</p> <p>download3k.com Antivirus Report: <a href="http://www.download3k.com/Antivirus-Report-iBizCard.html" rel="nofollow">http://www.download3k.com/Antivirus-Report-iBizCard.html</a><br /> softpedia.com Antivirus Report: <a href="http://www.softpedia.com/progClean/iBizCard-Clean-98324.html" rel="nofollow">http://www.softpedia.com/progClean/iBizCard-Clean-98324.html</a> </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-27754 Tue, 29 Apr 2008 10:03:39 +0000 Thebeo 27754@http://www.giveawayoftheday.com/forums/ <p>to iBizCard_Studio, for your information.<br /> The program Bizcard.exe creates a Temp directory "E_4". In this directory it creates al kind of files. One of them is identified as the Trojan. Maybe this narrows the search to the problem. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-27750 Tue, 29 Apr 2008 08:50:42 +0000 iBizCard_Studio 27750@http://www.giveawayoftheday.com/forums/ <p>our product "ibizcard" have not any virus, it's 100% Clean<br /> download3k.com Antivirus Report: <a href="http://www.download3k.com/Antivirus-Report-iBizCard.html" rel="nofollow">http://www.download3k.com/Antivirus-Report-iBizCard.html</a><br /> softpedia.com Antivirus Report: <a href="http://www.softpedia.com/progClean/iBizCard-Clean-98324.html" rel="nofollow">http://www.softpedia.com/progClean/iBizCard-Clean-98324.html</a><br /> to Thebeo:I will contact Avira to Correct this wrong virus report. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-27745 Tue, 29 Apr 2008 08:26:49 +0000 Thebeo 27745@http://www.giveawayoftheday.com/forums/ <p>After installing iBizCard, Avira Antivir detects trojan "TR/Crypt.XPACK.Gen".<br /> Please look in to this. </p> http://www.giveawayoftheday.com/forums/topic/719/page/4#post-23513 Mon, 24 Mar 2008 16:02:33 +0000 turkishvan007 23513@http://www.giveawayoftheday.com/forums/ <p>I use Norton online protection and antivirus tool, I have AnVir Task Manager and Mamutu. My Norton is updated daily and is current. I'm running Windows XP SP2.</p> <p>My system found the trojan Hacktool.Rootkit in Robotask idlehook.dll yesterday/today and in my easttec backup files under the Robotask product backup. I downloaded Robotask and haven't used it since I downloaded it on September 28, 2007 and east tec backup was used October 12, 2007. Norton Antivirus did not find this trojan until this mornings scan so the trojan ended up in this file somehow but I don't know how.</p> <p>I'm not saying this virus was downloaded in Robotask or EastTec Backup's original download from GAOTD because I routinely do full system Virus Scans (once a week) and quick scans whenever I restart my computer and they haven't been found until now. What I'm saying is to please do a full system scan on your computer to make sure you catch this trojan if your computer has somehow received it. The trojan has been removed from my computer as of this morning. </p> <p>Symatec provided this information on the Trojan.</p> <p>Hacktool.RootkitRisk Level 1: Very LowPrinter Friendly Page<br /> SUMMARY TECHNICAL DETAILS REMOVAL Discovered: September 27, 2001<br /> Updated: February 13, 2007 11:38:00 AM<br /> Type: Trojan Horse<br /> Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP</p> <p>Hacktool.Rootkit comprises a set of programs and scripts that work together to allow attackers to break into a system. If Hacktool.Rootkit is detected on a system, it is very likely that an attacker has gained complete control of that system. All files that are detected as Hacktool.Rootkit should be deleted. Infected systems may need to be restored from backups or patched to restore security.</p> <p>Rootkits first appeared on the UNIX operating system. Administrator/Superuser accounts on UNIX systems are called root. Rootkits are kits of programs that are designed to gain root access on a system. The term rootkit now refers to any set of tools that can be used to gain unauthorized access to a system.<br /> ProtectionInitial Rapid Release version September 27, 2001<br /> Latest Rapid Release version March 24, 2008 revision 004<br /> Initial Daily Certified version September 27, 2001 revision 007<br /> Latest Daily Certified version March 24, 2008 revision 005<br /> Initial Weekly Certified release date September 27, 2001<br /> Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.</p> <p>Threat AssessmentWildWild Level: Medium<br /> Number of Infections: More than 1000<br /> Number of Sites: More than 10<br /> Geographical Distribution: Low<br /> Threat Containment: Easy<br /> Removal: Moderate<br /> DamageDamage Level: Medium<br /> DistributionDistribution Level: Low </p> <p>Writeup By: Jimmy Shah</p> <p>Hope this helps someone else out. </p>