Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 8:30pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   Golden Eye trojan in mp3 player software?		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Golden Eye trojan in mp3 player software?  (Read 973 times)
Tingram
Newbie
*





   


Posts: 21
Golden Eye trojan in mp3 player software?
« on: Aug 26th, 2007, 1:48pm »		 Quote Quote  Modify Modify
TH has again (second time) reported that it has found the Golden Eye trojan in the software for my recenly-purchased iRiver mp3 player.  The path for the trojan is C:\Program Files\iriver\iriver plus 3\CBHook.dll, if that helps. I couldn't find any mention of Golden Eye in the forums here - can anyone advise whether this is a genuine infection (I've allowed TH to clean it, both times)?
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4120
Re: Golden Eye trojan in mp3 player software?
« Reply #1 on: Aug 26th, 2007, 1:55pm »		 Quote Quote  Modify Modify
Sounds like it could very well be a false positive. Could you email the file in question to support@misec.net for analysis?
IP Logged
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #2 on: Aug 26th, 2007, 4:27pm »		 Quote Quote  Modify Modify
Thanks, Magnus.  I can't actually see that file listed in that directory.  TH also reported that it couldn't unpack a couple of iRiver-related files or folders, which I should perhaps have included in my original post.  I'm just repeating the search to include hidden files (I'm on Windows XP, btw), but that file's not been found.  Should I look out for it appearing again and include the details of the hidden files, if TH reports it again?
IP Logged
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: Golden Eye trojan in mp3 player software?
« Reply #3 on: Aug 26th, 2007, 4:51pm »		 Quote Quote  Modify Modify
well, maybe the reason you couldn't find the file in the folder is because you allowed TH to "clean" it, where the file was "quarantined"..
 
you could try sending the quarantined file to misec..
IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 2113
Re: Golden Eye trojan in mp3 player software?
« Reply #4 on: Aug 26th, 2007, 10:57pm »		 Quote Quote  Modify Modify
Easiest to unquarantine first, then it will be in the folder again
 
Not sure what trojan you mean though, I've never heard of that trojan name.. please send the file and I'll check straight away
IP Logged
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #5 on: Aug 27th, 2007, 4:35am »		 Quote Quote  Modify Modify
Thanks again.  I've just run TH scanner again, and it's flagged up the following:
 
File scan
Found trojan file: C:\Program Files\iriver\iriver plus 3\CBHook.dll (Monitor.GoldenEye.100)
Warning: Unable to unpack UPX-packed file C:\Program Files\iriver\iriver plus 3\iLauncher.exe  
(Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\Program Files\iriver\iriver plus 3\iPlus3.exe  
(Add to ignore list)
 
Golden eye appears to be a keylogger program: "Golden Eye is a spyware (monitoring tool) which also has the ability to capture all keystrokes (including username, password, credit card number etc i.e. anything that is typed) and record all other activity on your computer. According to the vendor "Golden Eye works like a surveillance camera pointed directly at your computer monitor, monitoring and recording anything anybody does on your computer, and storing this in a secure area for your later review." We recommend that you should remove this program unless installed for a purpose." is one description I've found.
 
I'll email cbhook.dll to misec now.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Golden Eye trojan in mp3 player software?
« Reply #6 on: Aug 27th, 2007, 5:11am »		 Quote Quote  Modify Modify
You can also run CBhook.dll through Jotti to see what other security programs say about it.
 
http://virusscan.jotti.org/
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #7 on: Aug 27th, 2007, 5:39am »		 Quote Quote  Modify Modify
I've just removed the file again with TH, but if it re-appears, I'll run Jotti against it.  I have other programs running, including SuperAntiSpyware and AVG Anti-malware, and they haven't found the file in question.
IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 2113
Re: Golden Eye trojan in mp3 player software?
« Reply #8 on: Aug 27th, 2007, 11:34am »		 Quote Quote  Modify Modify
Thanks, sounds like a commercial keylogger.. we'll look into it
IP Logged
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #9 on: Aug 29th, 2007, 3:04pm »		 Quote Quote  Modify Modify
I've scanned the file with Jotti, as suggested - nothing found there.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Golden Eye trojan in mp3 player software?
« Reply #10 on: Aug 30th, 2007, 12:40am »		 Quote Quote  Modify Modify
Did Gavin or Magnus get back to you via email concerning the status of cbhook.dll?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #11 on: Aug 30th, 2007, 1:45pm »		 Quote Quote  Modify Modify
No, not yet.
IP Logged
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #12 on: Aug 30th, 2007, 1:57pm »		 Quote Quote  Modify Modify
Hmmm, there's more!  TH is now reporting "Found trojan file: C:\RECYCLER\S-1-5-21-1390067357-1078145449-725345543-1004\Dc2.dll (Monitor.GoldenEye.100)"
 
I've run that through Jotti, and it tells me the file has 0 bytes.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Golden Eye trojan in mp3 player software?
« Reply #13 on: Aug 30th, 2007, 2:06pm »		 Quote Quote  Modify Modify
I emailed Gavin/Magnus to check in on your post here.  Sorry about the delay...apparently overlooked because of the activity with V5.0 beta testing.  Embarassed
Quote:
Hmmm, there's more!  TH is now reporting "Found trojan file: C:\RECYCLER\S-1-5-21-1390067357-1078145449-725345543-1004\Dc2.dll (Monitor.GoldenEye.100)"

 
Did you try emptying your Recycle Bin...Trash Can?
 
Also empty all these folders:
 
Remove all the files and folders from the below TEMP Folders:
 
C:\Documents and Settings\ "user name" \Local Settings\Temp  
 
C:\temp
 
C:\windows\temp
 
Do NOT delete the "temp" folder itself.
 
The TIF ( Temporary Internet Files) can also be emptied via:
Internet Explorer--Tools--Internet Options--General tab--"Delete Files",
Also tick the "delete all offline content" box .
 
« Last Edit: Aug 30th, 2007, 2:09pm by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Tingram
Newbie
*





   


Posts: 21
Re: Golden Eye trojan in mp3 player software?
« Reply #14 on: Aug 30th, 2007, 3:35pm »		 Quote Quote  Modify Modify
Will do that - thanks.  TH has quarantined the last-mentioned file, btw.
IP Logged
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register