Review Trojan/Virus Reports « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » General discussion

[sticky]

Review Trojan/Virus Reports

(274 posts) (127 voices)

Started 5 years ago by Lee
Latest reply from jcollake

« Previous 1…789 10 Next »

Violet4714

offline
Member

after reading this i kept resubmitting the Inpaint zip to the three scanners...and the results kept changing...maybe it is being submitted & then cleared by the antivirus companies?...

the latest:

VirusTotal now shows Kaspersky, Ikarus, a-squared, Comodo (previously, they showed McAfee, but it now shows clean):
http://www.virustotal.com/analisis/58803113208fb4b106a447afd10ee94794bb5e1fd7eed99f266d030b719733ab-1279317092

Jotti now shows Kaspersky, Ikarus, and F-Secure:
http://virusscan.jotti.org/en/scanresult/6ba6c4aabbbf4831fc2bb3dec832bcbabec418da

NoVirusThanks now shows G-Data (Kaspersky now shows clean):
http://scanner.novirusthanks.org/analysis/111f93266fa217be2733ec8d1e709481/SW5QYWludDI0LnppcA==/

(Outpost & Spybot show clean here)

Posted 1 year ago #
Rho

offline
Member

I downloaded the Inpaint giveaway the other day and it was infected with this - Trojan.Win32.Agent2.ctje. As you can imagine my disapointment in GOTD for not checking out this mob bettter. I am now considering whether I should have anything more to do with GOTD, has anybody else have this problem?

Posted 1 year ago #
BuBBy

offline
Teh adnim

Rho, to answer your question "has anybody else have this problem" - I'd suggest re-reading the posts prior to your own which discuss the matter you refer to - it looks like the Antivirus companies are gradually updating their signatures to show that Inpaint is not infected with a Trojan.

Posted 1 year ago #
Rho

offline
Member

Hi BuBBy, thanks for the tip I'm new around here so bare with me. A false positive you say, yes you might be right but it still doesn't takeaway from the fact that this companies software is problematic in what ever way and I think it's a poor effort from someone trying to establish credibility in the market so you buy their product. Although I'm new to GOTD forums I've been downloading GOTD giveaway's for a few years now and this is the only time this has happened, but going forward I'm now very timid about anything GTOD has to offer. Just how I feel?

Posted 1 year ago #
notblocklox

offline
retired

Please, Rho, I don't get what you are saying:

"...but it still doesn't takeaway from the fact that this companies software is problematic in what ever way ..."

What is problematic with InPaint or GOTD in this context?
When the AV programmes are overzealous, how can you blame the developers of InPaint for that ?

graylox

Posted 1 year ago #
davspren

offline
Member

hey i am new to this forum but not too new to gotd. the last program that i was able to install was inpaint. ever since my system has refused to install the gotd at all. Now, trying to deduce what the problem could be led me to this forum. I ran winutilities totally and my system runs just fine but something happened after last mondays inpaint gotd. thank you for the links for the virus scans. I have Mcafee but they didnt detect anything. I think I will check out all the gotd's from now on before i jump into something just because it is free

Posted 1 year ago #
maka

offline
Member

WinUtilities by YL computing software

Warning: Trojan horse embedded

I tried to delete the software from my computer after learning that it is made by a Chinese software company. My anti virus immediately warned me that it is trying to inject a trojan horse that could take over my entire computer.

I wish giveaway of the day would do some more research before distributing such dubious software.

Posted 1 year ago #
Violet4714

offline
Member

hi, maka...

could you please give us a few details about this?...it's been given away quite a few times with no problems...

you tried to delete it only because it came from a chinese developer?...

i'd like to read more about this, if you can provide the details, please...

thanks...

Posted 1 year ago #
hotdoge3

offline
Member

WinUtilities by YL computing software its on my PC and come up %100 clean Antivirus Antispy all say ok, may be some info may help name of Antivirus name of the dll or exe that it say got the Trojan horse and a scan on line may help & post back

http://www.virustotal.com/

Posted 1 year ago #
maka

offline
Member

I have an AVG anti virus and zemana anti logger running. Some versions of both are available for free from download.com. Load it on your computer then try to uninstall winutilities from your computer.

Posted 1 year ago #
Violet4714

offline
Member

hi, maka...

thanks for your response...i'm sorry you had a problem with the program...

unfortunately, i do not have those programs installed, and i am reluctant to uninstall everything i have, then uninstall (and lose) a program i haven't had a problem with, then reinstall my usual antivirus/antispyware/etc. (my always-on is Outpost Security Suite, and i also have a few on-demand scanners)...

i downloaded the program from the WinUtilities site & ran it thru the online scanners...

results:
VirusTotal (0/42):
http://www.virustotal.com/analisis/05afb2aa394bddd5fb0aba5acdf9ef6f920e5c93ff2d2d9aac57266720fda08d-1280280647

Jotti (0/19):
http://virusscan.jotti.org/en/scanresult/a71b30d85039a93bca588a27f86d0a66984d702a

novirusthanks (0/13):
http://scanner.novirusthanks.org/analysis/15a0f13e1928a3a69a5443c17ba69523/d3VpbnN0YWxsLmV4ZQ==/

maybe someone that has AVG and/or Zemana installed can try to replicate your results...

thank you for your warning...it's always helpful to have this information posted...

Posted 1 year ago #
Reidun Hanserud

offline
Member

I downloaded Inpaint the last time it was offered, and everything seemed all right. I tried it out on a picture, and it worked perfectly. You couldn't see that the picture had been repaired. But when I turned on my computer the other day, AVG came up with a red alert warning that the program contained a Trojan horse and that I had to get rid of it immediately.
Don't the people at GOTD check these programs before they are offered to the public?

Posted 1 year ago #
notblocklox

offline
retired

Hi, Reidun Hanserud welcome to the forums.

Viruses detection

Yes, of course, GOTD tests all the download packages before they are published.
It seems to be a false positive, what AVG found.
I would advise you to test the file with another AV programme, e.g. with:
http://virusscan.jotti.org/en
or
http://www.virustotal.com/
or send it to the laboratory of your or any other antivirus company.

Good luck.

graylox

PS: Scroll up in this thread, and read BuBBy's answer to another user.

PPS:

Okay I sent it to Virustotal again:

http://www.virustotal.com/file-scan/report.html?id=44940e90b63eb840ddb2626271aae124a6880efe9dbb0fcd867c9398c94d9758-1285467053

All relevant AV programmes didn't find any malware, only 3 rather unknown programmes of 40 found a suspicious file.

Nothing to worry about.

Posted 1 year ago #
hotdoge3

offline
Member

allso have Inpaint %100% good I don't think AVG is very good you can check see graylox post to be safe try virusttotal fist.

http://www.av-comparatives.org/

http://www.av-comparatives.org/

not test very good.

Posted 1 year ago #
garylatman

offline
Member

When I went to check today's Giveawayoftheday, my Avast 4.8 Home Edition (Free) alerted me that the site contained a Trojan, so I aborted it but also reported it as a False Positive. This never happened before. Does anyone know what's going on? Should I ignore this?

Posted 1 year ago #
notblocklox

offline
retired

...Avast 4.8 Home Edition (Free) alerted me that the site contained a Trojan...

What site do you mean? Or do you mean the programme? When you downloaded the .zip file from the GOTD site, you can be sure, that it is checked by the project team.

This programme is a logger tool, your AV could see that as suspicious behaviour.

I would advise you to test the file with another AV programme, e.g. with:
http://virusscan.jotti.org/en
or
http://www.virustotal.com/
or send it to the laboratory of your or any other antivirus company.

Good luck.

graylox

Posted 1 year ago #
calin

offline
Member

Same situation as garylatman : trojan
"Object : http://giveawayoftheday.com/| > (gzip)
Infection JS:ScriptIP-inf[Trj] ".

Posted 1 year ago #
wicked K

offline
Member

I'm using avast anti-virus and getting a Trojan horse blocked today:

Object: http://www.giveawayoftheday.com
Infected: JS:ScriptIP-inf

I never had a problem going to the website before. I can get to this forum but as soon as I click <back to giveaway of the day> I get the Trojan pop-up or if I type in http://www.giveawayoftheday.com. It not getting a Trojan for the software that's being given away today. I cant get to the the website to download the program

What can be going on?

Posted 1 year ago #
notblocklox

offline
retired

That seems to be an Avast thing.
My Kaspersky don't alert me.
Try the usual things: Clean the caches, delete the GOTD cookies, reboot the router, try again.
Or / And go to one of the other language sites of GOTD, the download is the same in all of them.

graylox

EDIT :

I tested the GOTD site online :
http://scanner2.novirusthanks.org/analysis/f9a3ae5cee24407e4205cef7c95998ee/c3RhZmZsb2dnZXItNC02/

and the download site:

http://vscan.urlvoid.com/analysis/9b62c67a5cba2bc797c62af3643747db/c3RhZmZsb2dnZXItemlw/

You may do some more tests with other online scanners:

e.g. on this site:

http://www.novirusthanks.org/services/

Posted 1 year ago #
rizla01

offline
Member

Phew. Thought it was me.

I, too, am having this problem - Same trojan warning.

IS the site infected or what?

Posted 1 year ago #
notblocklox

offline
retired

No, just look at the scans I posted, the site is clean.

Posted 1 year ago #
Keter

offline
Member

Graylox - I tried going directly to the About page (giveawayoftheday.com/about/) and Contact page (giveawayoftheday.com/about/contact/) which should have nothing to do with the daily giveaway, and got the same trojan warning. I don't get it on (blog.giveawayoftheday.com/) or on (game.giveawayoftheday.com/) even though these have links to the staff logger software giveaway.

Yes, I'm using Avast. But seriously, I think something's amiss with the site. I guess we'll know for sure in a few hours if it persists.

Keter

Posted 1 year ago #
r0lZ

offline
Member

Problem confirmed. It might be a false positive, but unless you uninstall Avast, it is not possible to navigate to today's giveaway. Anyway, there is probably something dangerous with a java script somewhere, and imo it should be replaced/verified.

Avast has recently modified its algorithms and/or the virus signature database, as it has suddenly found a virus on my system, somewhat confirmed by a score of 6/41 at VirusTotal. Anyway, I think it is dangerous to visit the GOTD main site until the problem has really been investigated. What's the purpose of the java scripts on your page? Are they really needed, or can you disable them at least until Avast's false positive gets fixed (if it's the case)?

Posted 1 year ago #
r0lZ

offline
Member

I just did a global scan of giveawayoftheday.com with URLVoid, and it confirms that the site IS INFECTED, according to hpHosts! 1/17 might be a somewhat clean score, but it is not totally satisfactory.

Posted 1 year ago #
bounceback

offline
Member

Had the same problem with Avast, just updated engine and virus definitions, rebooted and the problem has gone

Posted 1 year ago #
notblocklox

offline
retired

Thanks, bounceback, a false positive is not the problem of GOTD but a problem of Avast, or any other AV tool.
Therefore you should always send a report to your AV developer, they can only fix it when they know about it. And of course, you should update more than once a week. My Kaspersky is set to update as soon as there is any change sent by the company.

graylox

Posted 1 year ago #
robsarge

offline
Member

Has anyone had a problem with Boxoft Photo Magicmaker from GAOTD 21 November? As soon as I tried to open it AVG says it is infected with Trojan horse Crypt_c.DDV and deleted it. Tried it the first day (21st) and it was ok, seems like AVG decided on the 26th update it was infected. ANyone else?

Posted 1 year ago #
notblocklox

offline
retired

Hi, robsarge, please read the following post.

graylox

Posted 1 year ago #
notblocklox

offline
retired

Copy of the posts from yesterday:
.

Virus/trojan on Boxoft Photo Magic "Photomagicmaker.exe"

* Started 1 day ago by garmnut

1.

garmnut

My F-secure would like to remove Photomagicmaker.exe 'cos it thinks it's trojan..

Sending file to the Virus Total give following results: 9/43 scanners think it's trojanhorse.
http://www.virustotal.com/file-scan/report.html?id=1fe94dc800bcc31a36c05db1231eda609ff25b52fffc62d3fb0b6eefab052424-1290756295

So... what to do? If I let F-secure neutralize it, it do remove that .exe and good bye for the software..

If it really is infected, then I do hope that giveawayoftheday NEVER EVER give anything made by same creators!
Posted 1 day ago
2.

graylox

Looking at the results, the hits are widely spread over several AV programmes. Nevertheless, that can be a false positive.

Be assured, the GOTD team scans every package they give away. When you download directly from the developer - then there is of course no guarantee.

Sometimes scanners find a new trojan/virus only after some time. So there is never a safety of 100%.
I downloaded the programme but deleted it, because I don't like it, so I can't look at it now.
As an advice: send the file to your or any other AV laboratory to test if it is a false positive.
I would quarantine the programme for some days, and redo the scan, when it's a false positive (most likely), the AV tools will be updated and the scan will be clean.

Good luck.

graylox
Posted 1 day ago
3.

Robert

I wrote the developer about this when the main exe was quarantined over here on 2010/11/22.
As far as I can tell it was something about some code lines and the way the main exe was compressed.

Anyway ,below is the friendly answer I received from Boxoft.com back then:
(in case the problem persisted)

Thanks for contacting me.
I'm sorry for any inconvenience that might cause. Will you please download the trial version from our website directly to have another try: http://boxoft.com/photo-magic-maker/ ?
Thanks for all.

Best Regards,
Alice Li

No problems/alerts with the version on their website (being version 1.1)...
...and the program is still registered. :)
Posted 1 day ago

Posted 1 year ago #
Whiterabbit-uk

offline
Games Guru

With respect to Boxoft Photomagicmaker, I installed it at the last minute when it was given away, but only on my Vista installation, which I rarely use. When I first booted Vista up to check to see if last weeks game giveaway worked on Vista. The first time I'd bothered to since installing the software, I got a pop up directly connected to this software that gave me a list of suggested sites I'd find useful to visit based on my browsing history so far. I made sure any etra's were unchecked when I installed the program, so feel that the additional software that this program installed was installed without my permission. (Can't remember the type of malware this comes under; some sort of adware perhaps).

Anyway, on re booting Vista last week I finally got around to checking Boxoft Photomagicmaker and decided it wasn't worth keeping, so have deleted the program and worked through the registry and deleted any reference to the software. Thankfully no more pop-ups have happened since, however, I do consider the stuff that was installed a form of malware. Has anyone else had this experience? (please excuse the rather wishy washy explanation. Just woke up after a nap. :)

Posted 1 year ago #

RSS feed for this topic

« Previous 1…789 10 Next »

Reply »

You must log in to post.