Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Trojan/Shutdowner.um?  		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Trojan/Shutdowner.um?    (Read 7198 times)
morph99
Newbie
*





   


Posts: 5
Trojan/Shutdowner.um?  
« on: Dec 12th, 2008, 6:56pm »		 Quote Quote  Modify Modify
Did a scan on virustotal website and this file came up as a trojan.  I haven't installed the program and don't think I'm going to now that it's been flagged.  Thought I'd pass it along to you guys because trojanhunter missed it.  I'm unsure whether it's really a trojan but TheHacker said it was so I thought I'd pass it along.  
 
It's  6mb download from here
http://www.freedownloadscenter.com/Multimedia_and_Graphics/WAV_Players_a nd_Editors/AV_MP3_Player___Morpher.html
 
and here is what totalvirus said
 
http://www.virustotal.com/analisis/2c4aa67de7445efa6402987653714b07
 
« Last Edit: Dec 12th, 2008, 6:58pm by morph99 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Trojan/Shutdowner.um?  
« Reply #1 on: Dec 12th, 2008, 11:16pm »		 Quote Quote  Modify Modify
I have emailed Gavin and requested him to test the file.  I suspect that the file is not malicious because only TheHacker flagged it...but Gavin can test it to see for sure.  
 
Media player add-ins are frequently a source of significant infection payloads.
 
Thanks for the heads up.  Cheesy
« Last Edit: Dec 12th, 2008, 11:17pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Thomas
Full Member
***






   


Gender: male
 Posts: 233
Re: Trojan/Shutdowner.um?  
« Reply #2 on: Dec 13th, 2008, 7:30am »		 Quote Quote  Modify Modify
plus Media files like mp3 and that can have a trojan or virus in them don't know if that true
IP Logged
Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Trojan/Shutdowner.um?  
« Reply #3 on: Dec 13th, 2008, 10:16am »		 Quote Quote  Modify Modify
Quote:
plus Media files like mp3 and that can have a trojan or virus in them don't know if that true

 
Very true...and veerrrrrrrrrry common.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 3912
Re: Trojan/Shutdowner.um?  
« Reply #4 on: Dec 13th, 2008, 1:50pm »		 Quote Quote  Modify Modify
It could just be a shutdown/restart tool used by the installer when it finishes. I'll download and test it when I get a chance soon Smiley
IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Gender: male
 Posts: 3912
Re: Trojan/Shutdowner.um?  
« Reply #5 on: Dec 13th, 2008, 2:06pm »		 Quote Quote  Modify Modify
Found adware file: X:\mp3morpher\$PLUGINSDIR\DealioKit1-stub-0.exe (Adware.Dealio.100)
 
Interesting, this is one of the hundreds of files inside the installer. I wouldn't install this, and we will most likely detect the installer soon
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Trojan/Shutdowner.um?  
« Reply #6 on: Dec 13th, 2008, 11:28pm »		 Quote Quote  Modify Modify
Also, on my system with hphosts protection installed in the HOSTS file, the entire website of freedownloadscenter is blocked from access.  This indicates that users have found files with malicious intent on the website.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Technosoft-McDss
Newbie
*





   


Posts: 2
Re: Trojan/Shutdowner.um?  
« Reply #7 on: Mar 16th, 2009, 1:12am »		 Quote Quote  Modify Modify
This installer bundles Dealio comparison shopping Toolbar along with it which is considered as adware by few AVs. Thats why the detection Adware.Dealio.100 as Gavin notes.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »