Page 1 of 2
Trojan in MultiEX?
Posted: Tue Dec 09, 2008 7:24 pm
by Bogey
What's up with this?
================================
Risk name: Trojan-PSW.Win32.LdPinch.bgj
Source: Scanner
Risk level: High
Risk category: Trojan
Advice: This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.
jaederstorm.exe
jn.exe
Name: Trojan-PSW.Win32.LdPinch.bgj
Type: Malware
Type Description: Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category: Trojan
Category Description: Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level: High
Level Description: High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type: Remove
File Traces:
040cee7e-127f-4421-9b2b-612aa1a27033.exe
file.exe
instal.exe
Reme_DOC.exe
smart.exe
==============================
Re: Trojan in MultiEX?
Posted: Tue Dec 09, 2008 9:35 pm
by Mr.Mouse
i have no idea??
JN is by Strobe. Please contact him.
Re: Trojan in MultiEX?
Posted: Tue Dec 09, 2008 9:44 pm
by asmxtx
Don't be too suspicious about that. Be aware: such called "Anti-Virus"-programs are mainly designed to protect commercial software and the possibilities to change or to alter it - but NOT TO PROTECT YOU and your computer. The corporation which has programmed the "Anti-Virus"-software is probably involved with the creator of a program which has altered with MULTIEX and earns money with the creator.
Although I am not affiliated with MULTIEX, I don't think it is as dangerous as your "Anti-Virus"-program says.
Deinstall your "Anti-Virus"-malware and use another browser, e.g. Opera.
Re: Trojan in MultiEX?
Posted: Wed Dec 10, 2008 5:38 pm
by mambox
Used many many times and never any sign of trojan.
you've got it from a safe location?
Re: Trojan in MultiEX?
Posted: Wed Dec 10, 2008 7:10 pm
by Bogey
mambox wrote:Used many many times and never any sign of trojan.
you've got it from a safe location?
If this site isn't safe, then what is?
Re: Trojan in MultiEX?
Posted: Wed Dec 10, 2008 7:24 pm
by Mr.Mouse
This site IS save. I implemented the latest version of Strobe's JaederNaub, and I have absolutely no reason to believe he uploaded a Trojan version.
You should perhaps check the file with other scanners.
Re: Trojan in MultiEX?
Posted: Wed Dec 10, 2008 9:04 pm
by xrevenge
Mr.Mouse wrote:You should perhaps check the file with other scanners.
virustotal:
Code: Select all
File jaederstorm.exe received on 12.10.2008 20:56:26 (CET)Antivirus Version Last Update Result
AhnLab-V3 2999.99.99.3 2008.12.10 -
AntiVir 7.9.0.43 2008.12.10 -
Authentium 5.1.0.4 2008.12.10 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2008.12.10 -
AVG 8.0.0.199 2008.12.10 -
BitDefender 7.2 2008.12.10 -
CAT-QuickHeal 10.00 2008.12.10 (Suspicious) - DNAScan
ClamAV 0.94.1 2008.12.10 -
Comodo 718 2008.12.10 -
DrWeb 4.44.0.09170 2008.12.10 -
eSafe 7.0.17.0 2008.12.10 Suspicious File
eTrust-Vet 31.6.6254 2008.12.10 -
Ewido 4.0 2008.12.10 -
F-Prot 4.4.4.56 2008.12.10 W32/Heuristic-210!Eldorado
F-Secure 8.0.14332.0 2008.12.10 W32/Packed_Upack.A
Fortinet 3.117.0.0 2008.12.10 -
GData 19 2008.12.10 -
Ikarus T3.1.1.45.0 2008.12.10 -
K7AntiVirus 7.10.550 2008.12.10 -
Kaspersky 7.0.0.125 2008.12.10 -
McAfee 5460 2008.12.10 New Malware.aj
McAfee+Artemis 5460 2008.12.10 New Malware.n
Microsoft 1.4205 2008.12.10 -
NOD32 3682 2008.12.10 -
Norman 5.80.02 2008.12.10 W32/Packed_Upack.A
Panda 9.0.0.4 2008.12.10 Suspicious file
PCTools 4.4.2.0 2008.12.10 Packed/Upack
Prevx1 V2 2008.12.10 -
Rising 21.07.22.00 2008.12.10 -
SecureWeb-Gateway 6.7.6 2008.12.10 Win32.Malware.gen!90 (suspicious)
Sophos 4.36.0 2008.12.10 Sus/ComPack-K
Sunbelt 3.2.1801.2 2008.12.10 Trojan-PSW.Win32.LdPinch.bgj
Symantec 10 2008.12.10 -
TheHacker 6.3.1.2.182 2008.12.10 W32/Behav-Heuristic-060
TrendMicro 8.700.0.1004 2008.12.10 PAK_Generic.006
VBA32 3.12.8.10 2008.12.09 -
ViRobot 2008.12.10.1511 2008.12.10 -
VirusBuster 4.5.11.0 2008.12.10 Packed/Upack
Additional information
File size: 42844 bytes
MD5...: effe5d950275994e4ae4475ade814c26
SHA1..: 2194df2ac64551265ef1a3246ecea2a6703431df
SHA256: d0bdbd4333773f714b51301d7c10c1953c73ac9b59d03a79b517604cc5422f90
SHA512: b946a942affe08d2984d88ca921955f58401dbf31f7959248d3c98403aee0395<BR>14f985dacc815f14128c22709df5aeec3d2aded60a6086245570e996a8674894<BR>
ssdeep: 768:UMkhFZMaixzkaZLJJBh+o47Woq5Jo/fWsIc4S3DdbENVY:UPFZMaix4KPf+o<BR>4mznM4S3ZbEk<BR>
PEiD..: -
TrID..: File type identification<BR>DOS Executable Generic (100.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401018<BR>timedatestamp.....: 0x4011b0be (Fri Jan 23 23:39:42 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>PS 0x1000 0x2f000 0x1f0 5.27 92af59510d87e934b5ad6628b4a13300<BR>@4C 0x30000 0x12000 0xa55c 8.00 5e3634d6c04542da661ce96b2dd030ba<BR>_B@ 0x42000 0x1000 0x1f0 5.27 92af59510d87e934b5ad6628b4a13300<BR><BR>( 0 imports ) <BR><BR>( 0 exports ) <BR>
packers (Kaspersky): PE_Patch, UPack
packers (F-Prot): UPack
packers (Authentium): UPack
virusscan.jotti:
Code: Select all
Service load: 0% 100%
File: jn211A.exe
Status: INFECTED/MALWARE
MD5: 34f5d41f26e299ef44f629c36aeb5bb0
Packers detected: PE_PATCH, UPACK
Scanner results
Scan taken on 10 Dec 2008 19:56:35 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found Heur.Win32.I
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found Trojan-PWS.Win32.Agent.hf
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Packed_Upack.A
Panda Antivirus Found nothing
Sophos Antivirus Found Sus/ComPack-K (probable variant)
VirusBuster Found nothing
VBA32 Found nothing
scanner.virus.org:
Code: Select all
File: jn211A.exe
SHA-1 Digest: 1a915606976e4e6db55020ac72aa2ab36d6071ab
Size: 163560 bytes
Detected Packer: None
Status: Infected or Malware (Confidence 16.67%)
Date Scanned: Wed Dec 10 19:58:55 +0000 2008
Scanner Scanner Version Scanner Engine Scanner Signatures Result Scan Time
A-Squared 4.0.0.27 N/A 1228935675 Clean 23.33 secs
Arcavir 1.0.5 N/A 13:16 07-12-2008 Heur.Win32.I 7.81 secs
avast! 1.0.8 N/A 081210-0 Clean 15.85 secs
AVG Anti Virus 7.5.52 442 270.9.16/1841 Clean 15.36 secs
Avira AntiVir 2.1.12-97 7.9.0.43 7.1.0.218 Clean 13.16 secs
BitDefender 7.81008 7.22436 2341097 Clean 14.01 secs
CA eTrust N/A 31.06.00 31.06.6254 Clean 5.26 secs
CAT QuickHeal 10.00 N/A 10 December, 2008 Clean 12.23 secs
ClamAV 0.94.1 N/A 8744 Clean 1.92 secs
Comodo 3.0 3.0 718.4321976 Clean 17.34 secs
CPSecure 1.15 1.1.0.715 10/12/2008 10:36AM Clean 4.81 secs
Dr. Web 4.44.0.10060 4.44.0.9170 486113 Clean 44.91 secs
F-PROT 4.6.8 3.16.16 20 November 2008 Clean 34.12 secs
F-PROT 6 6.2.1.4252 4.4.4.56 20081210101583328 Clean 31.36 secs
F-Secure 1.10 6392 2008-12-10_08 Clean 30.24 secs
Ikarus T3SCAN 1.32.4.0 1.01.45 2008-12-10 18:01:07 Clean 17.32 secs
Kaspersky 5.7.13 1299746 10-12-2008 Clean 31.37 secs
McAfee Virusscan 5.30.0 5.3.00 v5458 New Malware.aj 58.91 secs
Norman Virus Control 7.00.00 5.93.01 5.93.00 W32/Packed_Upack.A 48.54 secs
Panda 9.04.03.0001 1846974 09/12/2008 Clean 6.61 secs
Sophos Sweep 4.36.0 2.81.2 4.36 Clean 22.62 secs
Trend Micro N/A 8.700-1004 702 Clean 16.40 secs
VBA32 3.12.8.10 N/A 2008.12.09 Clean 19.03 secs
VirusBuster 2005 1.3.4 4.3.23:9 9.144.35/11.0 Suspicious 5.91 secs
its actually quite disheartening to see how stupid most of the AVs on the market are...
oh well, what can you expect from a bunch of 0s and 1s...
Re: Trojan in MultiEX?
Posted: Wed Dec 10, 2008 9:59 pm
by asmxtx
It is only a matter of time until my Little Extractor Program (GOBREAD) will also become a "potential risk to your computer".
On the net I have seen many others people programs put on a black list.
The reason: Commercial game companies and their lawyers don't want their data to be explored and pay "Anti-Virus"-software-companies to try to rattle the users.
Re: Trojan in MultiEX?
Posted: Wed Dec 10, 2008 11:14 pm
by Bogey
I'm not overly concerned about it. I just wanted to show you guys what CounterSpy v3 says about the program.
Re: Trojan in MultiEX?
Posted: Thu Dec 11, 2008 12:25 am
by Rheini
xrevenge wrote:Norman 5.80.02 2008.12.10 W32/Packed_Upack.A
Panda 9.0.0.4 2008.12.10 Suspicious file
PCTools 4.4.2.0 2008.12.10 Packed/Upack
See this? Maybe it is packed with an executable compressor or even protector.
Modern malware uses them to hide their code from Antivirus programs.
Thus some apps cry wolf if they encounter a packed exe.
Re: Trojan in MultiEX?
Posted: Thu Dec 11, 2008 7:00 pm
by Dinoguy1000
You guys are all looking at the wrong thing here. Most modern antivirus programs use heuristics to detect threats that haven't otherwise been discovered and protected against. One of the behaviors commonly checked for by these heuristics is deep-scanning and ripping behavior - exactly what JN does. It's not a problem with Strobe's ripper, and it's not a conspiracy between AV software developers and commercial software publishers, it's got to do with the heuristics used by the AV programs, and is likely an unfixable issue.
Re: Trojan in MultiEX?
Posted: Thu Dec 11, 2008 7:21 pm
by xrevenge
well whatever, just tell your antivirus not to treat it as a threat anymore, if it has that option...
if it doesn't then i really recommend getting rid of it ASAP
Re: Trojan in MultiEX?
Posted: Mon Dec 15, 2008 10:29 am
by Mr.Mouse
Dinoguy1000 wrote:You guys are all looking at the wrong thing here. Most modern antivirus programs use heuristics to detect threats that haven't otherwise been discovered and protected against. One of the behaviors commonly checked for by these heuristics is deep-scanning and ripping behavior - exactly what JN does. It's not a problem with Strobe's ripper, and it's not a conspiracy between AV software developers and commercial software publishers, it's got to do with the heuristics used by the AV programs, and is likely an unfixable issue.
I agree, good point!
Re: Trojan in MultiEX?
Posted: Tue Feb 09, 2010 7:54 pm
by Mirrodin
Just searching for the definition of heuristics I found this which is just all the more satisfying to this conversation lol:
Heuristic (pronounced /hjʊˈrɪstɨk/, from the Greek "Εὑρίσκω" for "find" or "discover") is an adjective for experience-based techniques that help in problem solving, learning and discovery. A heuristic method is particularly used to rapidly come to a solution that is hoped to be close to the best possible answer, or 'optimal solution'. Heuristics are "rules of thumb", educated guesses, intuitive judgments or simply common sense. A heuristic is a general way of solving a problem. Heuristics as a noun is another name for heuristic methods.
Gotta' love what I highlighted in bold. Now apply that to the way all these AV/AS programs are designed and you have your answer why they are finding "problems" with some of these extraction programs...
Re: Trojan in MultiEX?
Posted: Wed Feb 24, 2010 7:37 pm
by Uli
report it as a false alert, takes a little time for the AV Company to check and confirm it but once it has they fix it.