FP: SFX RAR Archives [SOLVED]

[danburrito]

I created these SFX RAR ARchives myself with WinRAR, never showed up before beta 2.2.

 

Virus Total Analysis (1/41)

 

Seems like only the McAfee-GW-Edition has got a problem with (all of) these...

 

IObit Security 360

 

OS:Windows Vista

Version:0.2.2.8

Define Version:1085

Time:7/26/2009 5:56:01 PM

 

|Name|Type|Description|ID|

Trojan.Crypt.XPACK, File, D:\_Disk A\Avira AntiVir Personal v9.0.0.403_Config.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Capture v6.5.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Image Viewer v3.9.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Opera v10.00beta2_b1642_Settings.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Opera v9.64_b10487_Settings.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_MyDocs\Favorites.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_MyDocs\U.S. BCIS.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\CCS64 v3.7.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Domination v1.0.9.8.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Pro Pinball - Timeshock! - Patch v1.20b.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Sid Meier's Pirates! - Save.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\_IObit Game Booster v1.10.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Hardware\ASUS M2N32 SLI Deluxe BIOS.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartDefrag v1.20.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartRAM v2.0.2.0.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Revo Uninstaller v1.83.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Virus, Spyware & Security\Malwarebytes' FileASSASSIN v1.06.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\FileSplitter v1.01_final.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\MiniCLIP 2002.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\Paint.NET v3.36_plugins.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\BonkEnc v1.0.13.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\CDex v1.70_beta2.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free DVD MP3 Ripper v1.12_b268_XP.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free WMA to MP3 Converter v1.16_b2546.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Photo-Tools\DupDetector v3.201.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\AVIcodec v1.2_b113.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\VirtualDub v1.8.8_b30091.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\nrg2iso v1.01.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\uif2iso v0.1.7a.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_mp3-Players\Samsung YP-U3JQB Firmware v1.13.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\BartPE Builder v3.1.10a.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\CDCheck v3.1.14.0.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\FreeFileSync v2.1.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\CurrPorts v1.66.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\DNS Performance Test v0.8.4.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\Winerrmsg 0.1.1.exe, 12-231

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\_MY services.msc & tweaks\mscomctl.ocx.exe, 12-231

[Krissy]

Hello danburrito,

 

Please update your definition version, and scan again. If there is still any prblems, please post the report here.

 

Thanks in advance.

[danburrito]

Hi Krissy,

 

here's the report, as the problem still exists:

 

IObit Security 360

 

OS:Windows Vista

Version:0.2.2.8

Define Version:1091

Time:7/29/2009 4:57:52 PM

 

|Name|Type|Description|ID|

Trojan.Crypt.XPACK, File, D:\_Disk A\Avira AntiVir Personal v9.0.0.403_Config.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Capture v6.5.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\FastStone Image Viewer v3.9.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Opera v10.00beta2_b1642_Settings.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_MyDocs\Favorites.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_MyDocs\U.S. BCIS.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\CCS64 v3.7.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Domination v1.0.9.8.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Pro Pinball - Timeshock! - Patch v1.20b.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\Sid Meier's Pirates! - Save.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Games\_IObit Game Booster v1.10.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Hardware\ASUS M2N32 SLI Deluxe BIOS.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartDefrag v1.20.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\IObit SmartRAM v2.0.2.0.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Revo Uninstaller v1.83.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Virus, Spyware & Security\Malwarebytes' FileASSASSIN v1.06.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\FileSplitter v1.01_final.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\MiniCLIP 2002.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\_Misc\Paint.NET v3.36_plugins.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_MyDocs\Taxes & Credit Reports\IRS - Tax Return 2008.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_MyDocs\__Windows Mail\Windows Calendar.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\BonkEnc v1.0.13.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\CDex v1.70_beta2.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free DVD MP3 Ripper v1.12_b268_XP.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Audio-Tools\Free WMA to MP3 Converter v1.16_b2546.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Photo-Tools\DupDetector v3.201.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\AVIcodec v1.2_b113.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\Video-Tools\VirtualDub v1.8.8_b30091.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\nrg2iso v1.01.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_conversion tools\uif2iso v0.1.7a.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\Media\_mp3-Players\Samsung YP-U3JQB Firmware v1.13.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\BartPE Builder v3.1.10a.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\CDCheck v3.1.14.0.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\Data Backup & Recovery\FreeFileSync v2.1.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\CurrPorts v1.66.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\DNS Performance Test v0.8.4.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\System Info\Winerrmsg 0.1.1.exe, 12-335

Trojan.Crypt.XPACK, File, D:\_Disk A\System Tools\_MY services.msc & tweaks\mscomctl.ocx.exe, 12-335

[danburrito]

Seems to be fixed with definitions version 1093. Thanks!

[danburrito]

this came up with definitions version 1110:

 

IObit Security 360

 

Betriebssystem:Windows Vista

Version:0.3.0.22

Definitionsversion:1110

Zeit:8/8/2009 10:57:32 PM

 

|Name|Typ|Beschreibung|ID|

Dropper.NewRest, File, D:\_Disk A\Avira AntiVir Personal v9.0.0.407_Config.exe, 12-1765

Dropper.Dldr, File, D:\_MyDocs\Taxes & Credit Reports\IRS - Tax Return 2007.exe, 12-1762

--

 

Dropper.NewRest shows up 30something times VirusTotal: 2/41

Dropper.Dldr about 4 times VirusTotal: 1/41

 

All files are self created WinRAR SFX archives and I'm must be FPs.

[danburrito]

resolved with def. version 1111.

 

Thanks!

[danburrito]

And... some are back again with def. version 1126

 

IObit Security 360

 

Betriebssystem:Windows Vista

Version:0.3.1.20

Definitionsversion:1126

Zeit:8/19/2009 4:27:01 PM

 

|Name|Typ|Beschreibung|ID|

Dropper.Dldr.Agent, File, D:\_Disk A\System Tools\PC Decrapifier v2.0.0.exe, 12-248

Trojan.Monder.28589, File, D:\_Disk A\_Misc\msvcr71.dll.exe, 12-367

Trojan.Monder.28589, File, D:\_MyDocs\Taxes & Credit Reports\IRS - Tax Return 2007.exe, 12-367

Trojan.Monder.28589, File, D:\_Disk A\Media\_mp3-Players\Sansa Express Firmware v01.01.05a.exe, 12-367

Trojan.Monder.28589, File, D:\_Disk A\System Tools\Data Backup & Recovery\ERUNT v1.1j.exe, 12-367

[danburrito]

Solved with def. version 1127. Thank you, IObit.

[danburrito]

One from yesterday is back again...

 

Betriebssystem:Windows Vista

Version:0.3.1.20

Definitionsversion:1128

Zeit:8/20/2009 3:50:52 PM

 

|Name|Typ|Beschreibung|ID|

Trojan.Agent, File, D:\_Disk A\System Tools\PC Decrapifier v2.0.0.exe, 12-460

[danburrito]

IObit Security 360

 

Betriebssystem:Windows Vista

Version:0.4.0.20

Definitionsversion:1137

Zeit:8/24/2009 9:13:28 PM

Überprüfte Objekte:70476

Gefundene Bedrohungen:2

 

|Name|Typ|Beschreibung|ID|

Dropper.Frauder, File, D:\_Disk A\_Misc\DeadLink v3.3.exe, 12-860

Dropper.Frauder, File, D:\_Disk A\Media\Audio-Tools\Audio Record Wizard v5.0.5.exe, 12-860

 

 

======

 

The first file is a SFX RAR archive,

the second one is a regular installer. Please see THIS thread, because these have been detected as FP's before.

[itobe]

fp

 

hi danburrito,

this FP has been solved, please update to the newest definition version.

 

|Name|Typ|Beschreibung|ID|

Dropper.Frauder, File, D:\_Disk A\_Misc\DeadLink v3.3.exe, 12-860

Dropper.Frauder, File, D:\_Disk A\Media\Audio-Tools\Audio Record Wizard v5.0.5.exe, 12-860

 

 

======

 

The first file is a SFX RAR archive,

the second one is a regular installer. Please see THIS thread, because these have been detected as FP's before.

[danburrito]

hi danburrito,

this FP has been solved, please update to the newest definition version.

 

Thank you, and welcome to the board, itobe.

 

IS360 updated, ran full scan and it found two new FP's:

 

Definitionsversion:1140

Zeit:8/26/2009 4:36:21 PM

Überprüfte Objekte:69504

Gefundene Bedrohungen:2

 

|Name|Typ|Beschreibung|ID|

Dropper.Kolabc, File, D:\_Disk A\Media\Audio-Tools\ID3-TagIT v3.3.0_final.exe, 12-734

Dropper.Kolabc, File, D:\_Disk A\Media\Video-Tools\2. DVD Shrink v3.2.0.15_final.exe, 12-734

 

edit: fixed with def. version 1141 - Thanks!

[danburrito]

downloaded new defs, and found these three FP:

 

Betriebssystem:Windows Vista

Version:0.4.0.20

Definitionsversion:1142

Zeit:8/27/2009 3:23:28 PM

Überprüfte Objekte:70311

Gefundene Bedrohungen:3

 

|Name|Typ|Beschreibung|ID|

 

KIT.AreoRemAdmin, File, C:\Program Files\FastStone\FastStone Capture v6.5\FSCapture.exe, 12-91

KIT.AreoRemAdmin, File, C:\Program Files\FastStone\FastStone Capture v6.5\FSRecorder.exe, 12-91

KIT.AreoRemAdmin, File, C:\Program Files\FastStone\FastStone Image Viewer v3.9\FSViewer.exe, 12-91

[danburrito]

one more:

 

Misleading.Installer, File, D:\_Disk A\Media\_Codecs\3. AC3Filter v1.61b.exe, 11-2251

 

VirusTotal scan comes in at 0/41.

[danburrito]

FP's in the two most recent posts above have been fixed with def. version 1143!

 

Thank you, once again.