PDA

View Full Version : FP: SFX RAR Archives [SOLVED]

danburrito
Jul. 27th, 2009, 00:01
I created these SFX RAR ARchives myself with WinRAR, never showed up before beta 2.2.

Virus Total Analysis (1/41) (http://www.virustotal.com/analisis/b6fde20261236368d45e1242f05e66e158f0574d045caac727 05a44fa389559c-1248649462)

Seems like only the McAfee-GW-Edition has got a problem with (all of) these...

IObit Security 360

OS:Windows Vista
Version:0.2.2.8
Define Version:1085
Time:7/26/2009 5:56:01 PM

|Name|Type|Description|ID|
Trojan.Crypt.XPACK, File, D:\_Disk A\Avira AntiVir Personal v9.0.0.403_Config.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Capture v6.5.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Image Viewer v3.9.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Opera v10.00beta2_b1642_Settings.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Opera v9.64_b10487_Settings.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_MyDocs\Favorites.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_MyDocs\U.S. BCIS.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\CCS64 v3.7.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Domination v1.0.9.8.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Pro Pinball - Timeshock! - Patch v1.20b.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Sid Meier's Pirates! - Save.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\_IObit Game Booster v1.10.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Hardware\ASUS M2N32 SLI Deluxe BIOS.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartDefrag v1.20.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartRAM v2.0.2.0.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Revo Uninstaller v1.83.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Virus, Spyware & Security\Malwarebytes' FileASSASSIN v1.06.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\FileSplitter v1.01_final.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\MiniCLIP 2002.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\Paint.NET v3.36_plugins.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\BonkEnc v1.0.13.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\CDex v1.70_beta2.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free DVD MP3 Ripper v1.12_b268_XP.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free WMA to MP3 Converter v1.16_b2546.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Photo-Tools\DupDetector v3.201.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\AVIcodec v1.2_b113.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\VirtualDub v1.8.8_b30091.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\nrg2iso v1.01.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\uif2iso v0.1.7a.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_mp3-Players\Samsung YP-U3JQB Firmware v1.13.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\BartPE Builder v3.1.10a.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\CDCheck v3.1.14.0.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\FreeFileSync v2.1.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\CurrPorts v1.66.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\DNS Performance Test v0.8.4.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\Winerrmsg 0.1.1.exe, 12-231
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\_MY services.msc & tweaks\mscomctl.ocx.exe, 12-231
Krissy
Jul. 29th, 2009, 09:23
Hello danburrito,

Please update your definition version, and scan again. If there is still any prblems, please post the report here.

Thanks in advance.
danburrito
Jul. 29th, 2009, 22:58
Hi Krissy,

here's the report, as the problem still exists:

IObit Security 360

OS:Windows Vista
Version:0.2.2.8
Define Version:1091
Time:7/29/2009 4:57:52 PM

|Name|Type|Description|ID|
Trojan.Crypt.XPACK, File, D:\_Disk A\Avira AntiVir Personal v9.0.0.403_Config.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Capture v6.5.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Image Viewer v3.9.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Opera v10.00beta2_b1642_Settings.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_MyDocs\Favorites.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_MyDocs\U.S. BCIS.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\CCS64 v3.7.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Domination v1.0.9.8.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Pro Pinball - Timeshock! - Patch v1.20b.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Sid Meier's Pirates! - Save.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Games\_IObit Game Booster v1.10.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Hardware\ASUS M2N32 SLI Deluxe BIOS.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartDefrag v1.20.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartRAM v2.0.2.0.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Revo Uninstaller v1.83.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Virus, Spyware & Security\Malwarebytes' FileASSASSIN v1.06.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\FileSplitter v1.01_final.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\MiniCLIP 2002.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\Paint.NET v3.36_plugins.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_MyDocs\Taxes & Credit Reports\IRS - Tax Return 2008.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_MyDocs\__Windows Mail\Windows Calendar.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\BonkEnc v1.0.13.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\CDex v1.70_beta2.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free DVD MP3 Ripper v1.12_b268_XP.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free WMA to MP3 Converter v1.16_b2546.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Photo-Tools\DupDetector v3.201.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\AVIcodec v1.2_b113.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\VirtualDub v1.8.8_b30091.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\nrg2iso v1.01.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\uif2iso v0.1.7a.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_mp3-Players\Samsung YP-U3JQB Firmware v1.13.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\BartPE Builder v3.1.10a.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\CDCheck v3.1.14.0.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\FreeFileSync v2.1.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\CurrPorts v1.66.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\DNS Performance Test v0.8.4.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\Winerrmsg 0.1.1.exe, 12-335
Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\_MY services.msc & tweaks\mscomctl.ocx.exe, 12-335
danburrito
Jul. 30th, 2009, 21:10
Seems to be fixed with definitions version 1093. Thanks!
danburrito
Aug. 9th, 2009, 06:02
this came up with definitions version 1110:

IObit Security 360

Betriebssystem:Windows Vista
Version:0.3.0.22
Definitionsversion:1110
Zeit:8/8/2009 10:57:32 PM

|Name|Typ|Beschreibung|ID|
Dropper.NewRest, File, D:\_Disk A\Avira AntiVir Personal v9.0.0.407_Config.exe, 12-1765
Dropper.Dldr, File, D:\_MyDocs\Taxes & Credit Reports\IRS - Tax Return 2007.exe, 12-1762
--

Dropper.NewRest shows up 30something times VirusTotal: 2/41 (http://www.virustotal.com/analisis/35391d167016b6c2fcaaba2e6b362f3ed4c1e29f466532991e 517614a79f95ab-1249793420)
Dropper.Dldr about 4 times VirusTotal: 1/41 (http://www.virustotal.com/analisis/f1b2dcc06b49a62fea4af9862629ee8cbce7682a6678966ef2 179c965f5170bc-1249792014)

All files are self created WinRAR SFX archives and I'm must be FPs.
danburrito
Aug. 9th, 2009, 16:19
resolved with def. version 1111.

Thanks!
danburrito
Aug. 19th, 2009, 22:29
And... some are back again with def. version 1126

IObit Security 360

Betriebssystem:Windows Vista
Version:0.3.1.20
Definitionsversion:1126
Zeit:8/19/2009 4:27:01 PM

|Name|Typ|Beschreibung|ID|
Dropper.Dldr.Agent, File, D:\_Disk A\System Tools\PC Decrapifier v2.0.0.exe, 12-248
Trojan.Monder.28589, File, D:\_Disk A\_Misc\msvcr71.dll.exe, 12-367
Trojan.Monder.28589, File, D:\_MyDocs\Taxes & Credit Reports\IRS - Tax Return 2007.exe, 12-367
Trojan.Monder.28589, File, D:\_Disk A\Media\_mp3-Players\Sansa Express Firmware v01.01.05a.exe, 12-367
Trojan.Monder.28589, File, D:\_Disk A\System Tools\Data Backup & Recovery\ERUNT v1.1j.exe, 12-367
danburrito
Aug. 20th, 2009, 04:05
Solved with def. version 1127. Thank you, IObit.
danburrito
Aug. 20th, 2009, 21:54
One from yesterday is back again...

Betriebssystem:Windows Vista
Version:0.3.1.20
Definitionsversion:1128
Zeit:8/20/2009 3:50:52 PM

|Name|Typ|Beschreibung|ID|
Trojan.Agent, File, D:\_Disk A\System Tools\PC Decrapifier v2.0.0.exe, 12-460
danburrito
Aug. 25th, 2009, 03:16
IObit Security 360

Betriebssystem:Windows Vista
Version:0.4.0.20
Definitionsversion:1137
Zeit:8/24/2009 9:13:28 PM
Überprüfte Objekte:70476
Gefundene Bedrohungen:2

|Name|Typ|Beschreibung|ID|
Dropper.Frauder, File, D:\_Disk A\_Misc\DeadLink v3.3.exe, 12-860
Dropper.Frauder, File, D:\_Disk A\Media\Audio-Tools\Audio Record Wizard v5.0.5.exe, 12-860


======

The first file is a SFX RAR archive,
the second one is a regular installer. Please see THIS (http://forums.iobit.com/showpost.php?p=21449&postcount=57) thread, because these have been detected as FP's before.
itobe
Aug. 26th, 2009, 04:47
hi danburrito,
this FP has been solved, please update to the newest definition version.


|Name|Typ|Beschreibung|ID|
Dropper.Frauder, File, D:\_Disk A\_Misc\DeadLink v3.3.exe, 12-860
Dropper.Frauder, File, D:\_Disk A\Media\Audio-Tools\Audio Record Wizard v5.0.5.exe, 12-860


======

The first file is a SFX RAR archive,
the second one is a regular installer. Please see THIS (http://forums.iobit.com/showpost.php?p=21449&postcount=57) thread, because these have been detected as FP's before.
danburrito
Aug. 26th, 2009, 22:37
hi danburrito,
this FP has been solved, please update to the newest definition version.

Thank you, and welcome to the board, itobe.

IS360 updated, ran full scan and it found two new FP's:

Definitionsversion:1140
Zeit:8/26/2009 4:36:21 PM
Überprüfte Objekte:69504
Gefundene Bedrohungen:2

|Name|Typ|Beschreibung|ID|
Dropper.Kolabc, File, D:\_Disk A\Media\Audio-Tools\ID3-TagIT v3.3.0_final.exe, 12-734
Dropper.Kolabc, File, D:\_Disk A\Media\Video-Tools\2. DVD Shrink v3.2.0.15_final.exe, 12-734

edit: fixed with def. version 1141 - Thanks!
danburrito
Aug. 27th, 2009, 21:24
downloaded new defs, and found these three FP:

Betriebssystem:Windows Vista
Version:0.4.0.20
Definitionsversion:1142
Zeit:8/27/2009 3:23:28 PM
Überprüfte Objekte:70311
Gefundene Bedrohungen:3

|Name|Typ|Beschreibung|ID|

KIT.AreoRemAdmin, File, C:\Program Files\FastStone\FastStone Capture v6.5\FSCapture.exe, 12-91
KIT.AreoRemAdmin, File, C:\Program Files\FastStone\FastStone Capture v6.5\FSRecorder.exe, 12-91
KIT.AreoRemAdmin, File, C:\Program Files\FastStone\FastStone Image Viewer v3.9\FSViewer.exe, 12-91
danburrito
Aug. 27th, 2009, 23:35
one more:

Misleading.Installer, File, D:\_Disk A\Media\_Codecs\3. AC3Filter v1.61b.exe, 11-2251

VirusTotal scan (http://www.virustotal.com/analisis/6c86ee26f26024a92ddb146b456d4141ceccd2ab8bb85780ff ec504535a290e7-1247753880) comes in at 0/41.
danburrito
Aug. 28th, 2009, 03:35
FP's in the two most recent posts above have been fixed with def. version 1143!

Thank you, once again.