| View previous topic :: View next topic |
| Author |
Message |
mkgrnwlt
User
Joined: 20 Feb 2008
Posts: 2
Location: New Zealand
|
 Posted: Wed Feb 20, 2008 3:52 am Post subject: Virus in download from CNet |
 |
|
I just (maybe 10 minutes ago) followed the link from the splitcamera.com site to download the installation file from the CNet download site. The file downloaded fine, but when I start the installation, and the files are being installed, my antivirus program tells me there is a trojan embedded in the SplitCam.exe file. It gives the virus name: Win32:Trojan-gen {Other}
The antivirus has a "repair" option, which does not repair this file. Other options in the antivirus result in the file being deleted, and then splitcamera will not work.
Is this a real problem? Or is this one of those cases where the install instructions should have said to temporarily disable antivirus to avoid false alarms?
Needless to say, I don't want to introduce a virus on my computer.
-- Mike |
|
| Back to top |
|
Marco_Polo
User
Joined: 20 Feb 2008
Posts: 1
|
| Posted: Wed Feb 20, 2008 10:23 am Post subject: |
|
|
Happened to me as well 
I'm wondering if it's a false positive or a real problem? Anyone else had this issue |
|
| Back to top |
|
racooper
User
Joined: 21 Feb 2008
Posts: 3
|
| Posted: Thu Feb 21, 2008 11:04 pm Post subject: |
|
|
Looks like there may be a problem with the CNet download. I pulled it and ran it against virustotal and jotti and it wasn't pretty.
| Code: |
VirusTotal
File SplitCam.exe received on 02.21.2008 23:46:40 (CET)
Antivirus Version Last Update Result
AntiVir 7.6.0.67 2008.02.21 BDS/Dsnx.05.A.27
Avast 4.7.1098.0 2008.02.21 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.02.21 BackDoor.Generic4.FQI
Ewido 4.0 2008.02.21 Backdoor.DSNX.05.a
FileAdvisor 1 2008.02.21 High threat detected
F-Prot 4.4.2.54 2008.02.20 W32/Heuristic-162!Eldorado
F-Secure 6.70.13260.0 2008.02.21 W32/Smalldoor.ADPB
Ikarus T3.1.1.20 2008.02.21 Virus.Win32.Trojan
Norman 5.80.02 2008.02.21 W32/Smalldoor.ADPB
Panda 9.0.0.4 2008.02.21 Generic Backdoor
Rising 20.32.32.00 2008.02.21 Backdoor.Win32.Small.adp
Sophos 4.26.0 2008.02.21 Sus/ComPack-C
Sunbelt 3.0.884.0 2008.02.21 VIPRE.Suspicious
Webwasher-Gateway 6.6.2 2008.02.21 Trojan.Backdoor.Dsnx.05.A.27
Additional information
File size: 920576 bytes
MD5: cf63960fad8fe226fb7814b28d0bc8ad
SHA1: 82d47d1ed80655e122beae51ae14dc09154f04c0
PEiD: ASProtect v1.23 RC1
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=cf63960fad8fe226fb7814b28d0bc8ad
packers: PE_Patch, Aspack
packers: PE_Patch
Jotti
File: SplitCam.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: cf63960fad8fe226fb7814b28d0bc8ad
Packers detected: PE_PATCH
Bit9 reports: High threat detected (more info)
Scanner results
Scan taken on 21 Feb 2008 22:47:06 (GMT)
AntiVir Found BDS/Dsnx.05.A.27
ArcaVir Found Trojan.Dsnx.05.A
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found BackDoor.Generic4.FQI
CPsecure Found BackDoor.W32.Agent.rk
Ikarus Found Virus.Win32.Trojan
Norman Virus Control Found W32/Smalldoor.ADPB
Panda Antivirus Found Generic
Rising Antivirus Found Backdoor.Win32.Small.adp
Sophos Antivirus Found Sus/ComPack-C (probable variant)
|
I did the same scans against the executable download directly from this site and it wasn't nearly as bad...
| Code: |
Virustotal
File SplitCam.exe received on 02.21.2008 23:31:39 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.21 -
FileAdvisor 1 2008.02.21 Low threat detected
F-Prot 4.4.2.54 2008.02.20 W32/Heuristic-162!Eldorado
Panda 9.0.0.4 2008.02.21 Suspicious file
Sophos 4.26.0 2008.02.21 Sus/ComPack-C
Sunbelt 3.0.884.0 2008.02.21 VIPRE.Suspicious
Webwasher-Gateway 6.6.2 2008.02.21 Win32.Malware.gen (suspicious)
Additional information
File size: 990208 bytes
MD5: 3d266f740b395870b7342b09112e0e4f
SHA1: 20a96d8b2b12d4798175347b0a1851dfb6406011
PEiD: ASProtect v1.23 RC1
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=3d266f740b395870b7342b09112e0e4f
packers: PE_Patch, Aspack
packers: PE_Patch
Jotti
File: SplitCam.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5: 3d266f740b395870b7342b09112e0e4f
Packers detected: PE_PATCH
Bit9 reports: Low threat detected (more info)
Scanner results
Scan taken on 21 Feb 2008 22:32:07 (GMT)
Ikarus Found Suspect code-parts (probable variant)
Sophos Antivirus Found Sus/ComPack-C (probable variant)
|
|
|
| Back to top |
|
mkgrnwlt
User
Joined: 20 Feb 2008
Posts: 2
Location: New Zealand
|
| Posted: Fri Feb 22, 2008 9:13 pm Post subject: |
|
|
| Is the CNet download file going to be fixed/replaced? The splitcamera website offers a couple of other options to download direct from their server, but those files do not seem to be an installation package. What do I need to download to use the software? |
|
| Back to top |
|
racooper
User
Joined: 21 Feb 2008
Posts: 3
|
|
| Back to top |
|
SPLITCAM SUPPORT
Site Admin
Joined: 16 Jul 2005
Posts: 524
|
| Posted: Fri Feb 22, 2008 10:55 pm Post subject: |
|
|
After download and install splitcam from download.com what version was installed on your PC ?
And Setup ask you for update to new version?
Thanks and sorry for problem !
P.S. In this time we back setup online download from our site , and block link to download.com.
We try resolve problem with download.com as soon as possible.
All other version of our soft and other setup files was be checked with 10-20 antiviruses in online check antiviruses systems :
http://virusscan.jotti.org/
http://www.virustotal.com/
_________________
SplitCam Support
http://www.splitcamera.com |
|
| Back to top |
|
|
