http://www.giveawayoftheday.com/forums/tags/trojan Giveaway of the Day Forums » Tag: trojan - Recent Posts en-US Thu, 26 Nov 2009 13:43:37 +0000 http://bbpress.org/?v=1.0.2 q http://www.giveawayoftheday.com/forums/search.php http://www.giveawayoftheday.com/forums/topic/719/page/6#post-68097 Mon, 23 Nov 2009 18:04:02 +0000 nrshapiro 68097@http://www.giveawayoftheday.com/forums/ <p>Norton Internet Security 2010 will not allow activate.exe to run. It won&#39;t allow it to stay either--deleting it. I could disable NAV of course, but then if activate.exe did contain a virus I&#39;d be screwed, especially since it needs to be run with admin privileges. So I think GOTD needs to work this out with Norton. </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-68005 Sat, 21 Nov 2009 02:56:51 +0000 Steve 68005@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.giveawayoftheday.com/photo-stamp-remover/" rel="nofollow">http://www.giveawayoftheday.com/photo-stamp-remover/</a></p> <p>OS = Windows XP Pro, sp3, IE8, all patches. Stamp Remover has been on this machine since the giveaway, although I don&#39;t think I ever used it after the giveaway.</p> <p>SAV 9.0.7.1000, scan engine 91.2.1.10, virus definitions version 11/18/2009 rev. 3. auto-protect scan detected c:\program files\photo stamp remover\StampRemover.exe as a threat called &quot;downloader&quot;. default action = clean (failed). backup action = quarantine (failed). final action taken by SAV = delete. The file was deleted successfully.</p> <p>Very suspsicious if you ask me, especially since I wasn&#39;t even using the software. I was starting another software (radioget) at the time. </p> http://www.giveawayoftheday.com/forums/topic/6507#post-67489 Tue, 10 Nov 2009 02:34:23 +0000 rezidue 67489@http://www.giveawayoftheday.com/forums/ <p>thanks for the update HD3!</p> <p>something was very fishy about this and I still think they took the code in question...</p> <p>BTW - I like your updates on tech issues (even if I have to &quot;decode&quot; some of your posts - :-) )</p> <p>regards - Damian </p> http://www.giveawayoftheday.com/forums/topic/6507#post-67486 Tue, 10 Nov 2009 02:22:28 +0000 hotdoge3 67486@http://www.giveawayoftheday.com/forums/ <p><a href="http://forums.iobit.com/showthread.php?t=4801&amp;page=2" rel="nofollow">http://forums.iobit.com/showthread.php?t=4801&amp;page=2</a></p> <p>A legal letter will be released later, which will prove that there is no problem with<br /> Intellectual Property Rights.</p> <p>For the sake of avoiding dispute and possible problems, we have deleted all disputed items in way?<br /> our database temporarily, and have updated IObit Security 360’s database.</p> <p>ABOUT THE ACCUSATION –DISPUTE THREAD &quot; Closed Thread &quot; ? IObit not like some posts?</p> <p><a href="http://forums.iobit.com/showthread.php?t=4868" rel="nofollow">http://forums.iobit.com/showthread.php?t=4868</a> Uninstalling iobit 360 (mostly toolbar related)<br /> Conduit toolbar is classed as malware by most. (This is in IObit forums well said,</p> <p><a href="http://www.siteadvisor.com/sites/iobit.com" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com</a></p> <p><a href="http://www.siteadvisor.com/sites/iobit.com/downloads21853516/" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com/downloads21853516/</a> (9/10)Nuisance Score Red bad<br /> Exploit-ObscuredHtml trojan </p> <p>&quot;C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe&quot; /startup</p> <p><a href="http://www.siteadvisor.com/sites/iobit.com/downloads/21889236/" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com/downloads/21889236/</a> (9/10)Nuisance Score Red bad<br /> URL of the download: htxxtp://download.iobit.com/asc-setup.exe</p> <p>awcsetup.exe installed the following programs on our PC:Exploit-ObscuredHtml trojan</p> <p><a href="http://www.siteadvisor.com/sites/iobit.com/downloads/" rel="nofollow">http://www.siteadvisor.com/sites/iobit.com/downloads/</a></p> <p>Changes your default search page, Buttons, toolbars or add ons.<br /> You may also like to see Post IObit 360 </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-67025 Sun, 01 Nov 2009 16:55:24 +0000 TeXaCo 67025@http://www.giveawayoftheday.com/forums/ <p>After installing IOBIT 360 reported it the dll file as a trojan. Then after scanning my whole system, it came up with 15 other files from regtidy as a virus. As the program was taking me to (I&#39;m assuming the software website). Avira blocked the website from being displayed saying it was known to be a malicious website and WOT also blocked it.</p> <p>Now I know there have been false positives in the past but this seems to be too much to be false. </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-66963 Sat, 31 Oct 2009 21:46:02 +0000 perz 66963@http://www.giveawayoftheday.com/forums/ <p>RegTidy trojan detected and identified by Avira AntiVir Premium:<br /> Virus or unwanted program &#39;TR/Drop.arte.410624 [trojan]&#39;<br /> detected in file &#39;C:\Program Files\RegTidy 2009\RegTidy.dll.<br /> Action performed: Deny access </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-66949 Sat, 31 Oct 2009 19:27:32 +0000 leofelix 66949@http://www.giveawayoftheday.com/forums/ <p>RegTidy is a misleading application, it will brings to false positive detection, more it can mess up you system.</p> <p><a href="http://www.emsisoft.com/en/malware/?Adware.Win32.RegTidy" rel="nofollow">http://www.emsisoft.com/en/malware/?Adware.Win32.RegTidy</a></p> <p><a href="http://www.mywot.com/en/scorecard/regtidy.com" rel="nofollow">http://www.mywot.com/en/scorecard/regtidy.com</a></p> <p>I wonder GOTD team didn&#39;t check it </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65804 Wed, 14 Oct 2009 19:03:20 +0000 watcher13 65804@http://www.giveawayoftheday.com/forums/ <p>Not sure. It has a small AV module. Maybe it was checking for updates. As you probably saw, it also had links to other bundled software and &quot;recommended&quot; softwares. If you didn&#39;t deselect all that stuff, it might have been trying to contact one of them. Also, I haven&#39;t got around to installing yet, but I read over in the comments section that it still has nag screens to get you to upgrade. It may have been trying to download one of them. I&#39;m thinking it&#39;s one or two of these annoying, but semi-harmless functions. </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65801 Wed, 14 Oct 2009 17:56:29 +0000 prs 65801@http://www.giveawayoftheday.com/forums/ <p>Today,s offer has rave reviews from the regulars. Would hate to let this go. I posted this in the comments section today and I find that my comment is &quot;moderated&quot; So here goes. Had this evaluated at virustotal and jotti.org. The result is 1/41 and 1/21 detecting Trojan. Kaspersky in those two lists is happy. Zone Alarm on my computer informs me that AnVir is trying to contact two particular destination IP. What does that mean ? </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65795 Wed, 14 Oct 2009 16:28:03 +0000 notblocklox 65795@http://www.giveawayoftheday.com/forums/ <p>No, my Kasper is quite happy with AnVir. </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65789 Wed, 14 Oct 2009 14:16:04 +0000 prs 65789@http://www.giveawayoftheday.com/forums/ <p>Todays offering by AnVir had my Kaspersky Internet Security crying foul. It is detected as a Trojan. I added AnVir to exclusions. Anyone else have this trouble ? </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-65788 Wed, 14 Oct 2009 13:57:56 +0000 gtoal 65788@http://www.giveawayoftheday.com/forums/ <p>Today&#39;s signature update to McAfee just flagged the 22 Jan PDFZilla executable as &quot;Generic.dx!fua&quot; (and deleted it). </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-63537 Sun, 06 Sep 2009 22:48:10 +0000 rezidue 63537@http://www.giveawayoftheday.com/forums/ <p>VirusTotal scan of webgalery.exe from <a href="http://www.giveawayoftheday.com/softorbits-html-web-gallery-creator/">SoftOrbits HTML Web Gallery Creator given away on September 4, 2009</a></p> <p><strong>Trojan-Downloader.Win32.Adload.jot</strong></p> <p><a href="http://www.virustotal.com/analisis/1d243e423585d8295a62d5d465644c66767c0a7b5454a12ea5cce3cc0e3691cf-1252275170" rel="nofollow">http://www.virustotal.com/analisis/1d243e423585d8295a62d5d465644c66767c0a7b5454a12ea5cce3cc0e3691cf-1252275170</a> </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-63142 Sun, 30 Aug 2009 00:04:15 +0000 rezidue 63142@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.giveawayoftheday.com/2009/08/14/"><strong>Batch Image Resizer given away on August 14, 2009</strong></a></p> <p><strong>Backdoor.Win32.Hupigon.htas</strong></p> <p>Please note the wrapper was removed for this scan to verify that it had nothing to do with the bundled Software Informer application.</p> <p><a href="http://www.virustotal.com/analisis/f2fb709f74ecf276846fffb5e0da1edc784bcf124b48b124958bda6892cbbe7d-1251589760" rel="nofollow">http://www.virustotal.com/analisis/f2fb709f74ecf276846fffb5e0da1edc784bcf124b48b124958bda6892cbbe7d-1251589760</a></p> <p><strong>In fact out of the 9 offerings from SoftOrbits.com only 4 applications scanned 100% clean at VirusTotal,</strong> the rest scan as containing a trojan or adware.</p> <p>Sorry I didn't see this sooner,</p> <p>Regards,<br /> Damian </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-62712 Sat, 22 Aug 2009 06:43:16 +0000 ants 62712@http://www.giveawayoftheday.com/forums/ <p>Update!<br /> After the Gold Audio Suite build has been updated no infection is detected.<br /> The demo version at vendors site is not changed. </p> http://www.giveawayoftheday.com/forums/topic/719/page/6#post-62710 Sat, 22 Aug 2009 05:51:07 +0000 ants 62710@http://www.giveawayoftheday.com/forums/ <p>Hello!<br /> Posting this here, because comments are not moderated.<br /> This is about the Gold Audio Suite, August 21, 2009</p> <p>Hello, giveawayfans!</p> <p>What do we get today? A virus or a false positive?</p> <p>Someone here advised to disable security - not wise;<br /> I have uploaded erdmpg4.dll to some sites doing a file scan.<br /> ca 50% of scanners find it infected with something named 'induc'</p> <p>clean, say: ArcaVir, A-Squared,AntiVir, CPSecure, Ikarus, NOD32, Panda,Quick Heal, VBA32, Comodo, eSafe, Jiangmin, K7AntiVirus, McAfee-GW, PCTools</p> <p>infected, say: avast!, AVG, bitdefender, ClamAV, Dr.Web, F-Prot, F-Secure, GDATA, Kaspersky, Sophos, VirusBuster, Authentium, Microsoft, Norman, Prevx, Symantec, Trend micro, McAfee5715, Fortinet, Sunbelt</p> <p>Went to Sophos site, they say:<br /> " W32/Induc-A<br /> Aliases Virus.Win32.Induc.a<br /> Category Viruses and Spyware<br /> Type Virus<br /> ................<br /> W32/Induc-A is a virus that infects Delphi files at compile-time. As such, these files cannot be disinfected and need to be recompiled cleanly.<br /> ................<br /> Because infected executables are produced at compile time by infected Delphi development environments,<br /> we are seeing many cases of infected files coming from genuine software vendors.<br /> These are not false positives.<br /> Clients and software developers seeking to understand why their software is being detected as W32/Induc-A should<br /> see this [http://www.sophos.com/blogs/sophoslabs/v/post/6195] blog article.<br /> ................<br /> How it spreads </p> <p> * Infected files</p> <p>Affected operating systems Windows<br /> Protection available since 18 August 2009 15:14:59 (GMT)<br /> Last updated 20 August 2009 05:28:01 (GMT)<br /> Detected by All Sophos products<br /> ..............."</p> <p>Some information from eset - NOD32 site:<br /> Thanks to ESET’s early warning system - ThreatSense.Net ,<br /> the first 24 hours from the virus’s release, ESET has received over 30,000 unique infected samples,<br /> where in many cases the original software was a legitimate application prior to infection.</p> <p>According to Juraj Malcho, the Head of ESET Virus Lab,<br /> “the concern is over the period during which the virus went undetected and was able to infect a large number of PCs,<br /> resulting in the infiltrated software being distributed to users directly by their vendor.<br /> To our dismay, often the reaction of the software vendor has been that the detection of a virus is a false-positive.<br /> ”It is likely that the first samples of the virus date back to April 2009.<br /> The reason why the virus was left unnoticed for such a long time period is that Delphi code tends to be quite voluminous<br /> and the virus body itself quite small. </p> <p>......................</p> <p>......................</p> <p>This was written before post #11 in comments </p> http://www.giveawayoftheday.com/forums/topic/5991#post-62460 Tue, 18 Aug 2009 22:31:45 +0000 Robert 62460@http://www.giveawayoftheday.com/forums/ <p>Hi Sue,dr mabuse,GM...</p> <p>No problems over here either.<br /> If in doubt you can always look for a second opinion and upload files to <a href="http://www.virustotal.com" rel="nofollow">http://www.virustotal.com</a><br /> (the file will be scanned with 41 different antivirus engines and the result will give you a pretty good idea if it's false positive or not) </p> http://www.giveawayoftheday.com/forums/topic/5991#post-62456 Tue, 18 Aug 2009 22:11:17 +0000 watcher13 62456@http://www.giveawayoftheday.com/forums/ <p>That particular hit is often a false positive caused by Avira's heuristic detection routine. I've seen it more than once. If you're not familiar, heuristics are designed to try and identify new, never before identified viruses, but often hit on normal, built in behaviors of the software. Still, no problem with being cautious if you'd rather just uninstall to be safe.</p> <p>From Avira's site, you can see it's just a generic heuristic hit. However, someone would have to submit the file for Avira to verify it's a false positive:</p> <p>TR/Dropper.Gen - Trojan<br /> Summary Full description </p> <p>Virus: TR/Dropper.Gen<br /> Date discovered: 19/06/2007<br /> Type: Trojan<br /> Subtype: Dropper<br /> In the wild: Yes<br /> Reported Infections: Low<br /> Distribution Potential: Low<br /> Damage Potential: Low<br /> Static file: No<br /> Engine version: 7.04.00.34 </p> <p> General Side effects:<br /> • Drops malicious files</p> <p> Special detection TR/Dropper.Gen </p> <p>Description:<br /> A generic detection routine designed to detect common family characteristics shared in several variants.</p> <p>This special detection routine was developed in order to detect unknown variants and will be enhanced continuously. </p> http://www.giveawayoftheday.com/forums/topic/5991#post-62450 Tue, 18 Aug 2009 20:11:53 +0000 RosnSC 62450@http://www.giveawayoftheday.com/forums/ <p>I downloaded the updated one to my laptop. Didn't get any warnings of any type, so it must be okay. A little later on this evening I plan to download it to my desktop computer. I would have done that one last night, too, but it was 'down'.</p> <p>Sue </p> http://www.giveawayoftheday.com/forums/topic/5991#post-62439 Tue, 18 Aug 2009 18:36:02 +0000 GMMan 62439@http://www.giveawayoftheday.com/forums/ <p>Have you gotten the newer download? I heard that there were reports of this earlier, but GAOTD has uploaded a newer, fixed version of the program. I didn't receive any warnings from my avast!. </p> http://www.giveawayoftheday.com/forums/topic/5991#post-62437 Tue, 18 Aug 2009 18:22:12 +0000 dr_mabuse 62437@http://www.giveawayoftheday.com/forums/ <p>I donloaded today the files and unzipped them.<br /> after execution of the setup file i got the warning by my Avira Personal<br /> that the file Streaming Video Recorder.exe vontains a trojan, namely:<br /> TR/Dropper.Gen - Trojan<br /> which will drop malicious files on the system.<br /> So is this to take serious ?<br /> Please inform me urgently.<br /> YS<br /> Dr.Mabuse </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60695 Fri, 24 Jul 2009 07:18:40 +0000 Lee 60695@http://www.giveawayoftheday.com/forums/ <p>Found another one: <a href="http://scanner.novirusthanks.org/" rel="nofollow">http://scanner.novirusthanks.org/</a></p> <p>As it says it's called no virus thanks. </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60604 Thu, 23 Jul 2009 12:57:58 +0000 notblocklox 60604@http://www.giveawayoftheday.com/forums/ <p>Thanks for reminding of this two very useful sites.<br /> Yes both links have been mentioned several times, but there are always new users who didn't read it and as we can see, even old hands get some benefit from re-runs.<br /> So I used both services since a long time, I never found that download link for use in the context menu. Thanks, wizz.<br /> Perhaps there is somebody who can explain this: <a href="http://virusscan.jotti.org/hashsearch.php">Hash search</a> ?</p> <p>graylox </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60599 Thu, 23 Jul 2009 12:27:21 +0000 wizzard_of_ozz2004 60599@http://www.giveawayoftheday.com/forums/ <p>lmao oops guess i forgot to include the link Lee. Thanks for clearing that up. I'm just a little tired, you have no idea how many times I actually edited that first post before I was happy with it. </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60597 Thu, 23 Jul 2009 12:08:10 +0000 Lee 60597@http://www.giveawayoftheday.com/forums/ <p>wizzard advertised that already.</p> <p>I like them both.</p> <p>Virustotal software is a bum to find, it's direct link is: <a href="http://www.virustotal.com/vtsetup.exe" rel="nofollow">http://www.virustotal.com/vtsetup.exe</a></p> <p>Once installed all you do is right click a file and hit send to then virustotal. </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60595 Thu, 23 Jul 2009 11:44:47 +0000 ido99 60595@http://www.giveawayoftheday.com/forums/ <p>Thanks, but <a href="http://www.VIRUSTOTAL.com/" rel="nofollow">http://www.VIRUSTOTAL.com/</a> is better. </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60593 Thu, 23 Jul 2009 11:11:52 +0000 Lee 60593@http://www.giveawayoftheday.com/forums/ <p>Thanks, I tried it, yet to try the software, be good as a shortcut from the desktop. </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60591 Thu, 23 Jul 2009 10:45:31 +0000 wizzard_of_ozz2004 60591@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.virustotal.com" rel="nofollow">http://www.virustotal.com</a> is another such site Lee. VirusTotal has 39 scanners backing it and it is an award winner from PCWorld Thanks for the recommendation of Jotti. I don't know where I got it from, but I downloaded software from them and now I just right click on a file and in the send to option is VirusTotal. It will automatically send my file to the site to scan rather than going to the site first and uploading it. I'll look around for a download page and update later.</p> <p><strong>Edit</strong></p> <p>I found the download page. Click on the Download button at the bottom of the page =) </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60580 Thu, 23 Jul 2009 07:30:09 +0000 LeKanaw 60580@http://www.giveawayoftheday.com/forums/ <p>Thank You Lee</p> <p>I've heard good things about Jotti, but had forgotten. Must be in a BM somewhere 'round here ...<br /> Thank you for reminding us</p> <p>Ciao </p> http://www.giveawayoftheday.com/forums/topic/5787#post-60578 Thu, 23 Jul 2009 07:07:49 +0000 Lee 60578@http://www.giveawayoftheday.com/forums/ <p>Was trying out a-squared this morning and watching all the malware it was reporting</p> <p>even though NIS2009, Windows Defender and Spy-Bot Search &#38; Destroy reported nothing.</p> <p>It was bothering me and I am doing a deep scan it's at 3% and that is after 40 minutes.</p> <p>It has found so far, 8 suspicious files.</p> <p>I expected a couple were a bit spurious, though never detected by the fore-mentioned scanners.</p> <p>I found a site, where you can upload your file which is seen as suspicious and 21 scanners will simultaneously scan the file and report what has been found.</p> <p>If this has been posted before then stand-on-me, I thought it would help people stop worrying about files being reported by a lone-scanner as a problem.</p> <p>Link: <a href="http://virusscan.jotti.org/en" rel="nofollow">http://virusscan.jotti.org/en</a></p> <p>Contains many different languages, English is default. </p>