Possible trojan contamination
Moderators: winston, another_commander
Possible trojan contamination
I've been trying for months to track down a trojan on my computer that was harvesting data from my contacts list and sending out fake emails in my name to the people on that list. Today I uninstalled Panda Antivirus and switched over to Avira, then ran a complete scan. It found a trojan that it called HTML/Silly.Gen that was located in the Custom Sounds Plist in the config folder of the resources section of the 1.72.2 build for Windows. I cleaned and uninstalled Oolite from my hard-drive and downloaded the new 1.73 build from Berlios. The download scanned clean, but when I began extracting the files I quickly got a warning that one of them was infected with the HTML/Silly.Gen trojan and needed to be quarrantined. So I again deleted all the Oolite files from my computer. You may want to check into this.
Shoot first and pick up the goodies later...
-
DaddyHoggy
- Intergalactic Spam Assassin
- Posts: 8515
- Joined: Tue Dec 05, 2006 9:43 pm
- Location: Newbury, UK
- Contact:
I use AVG free just rescanned and it doesn't find anything - that doesn't mean its not there of course...
Oolite Life is now revealed hereSelezen wrote:Apparently I was having a DaddyHoggy moment.
-
another_commander
- Quite Grand Sub-Admiral
- Posts: 6646
- Joined: Wed Feb 28, 2007 7:54 am
False positive. The entire build (installer + tree structure after installation) was scanned using McAfee VirusScan Enterprise, scan engine 5301.4018, with DAT dated 28 August 2009 before its release. Additionally, there is absolutely nothing wrong in customsounds.plist. It is a standard NeXTStep format property file. It is safe to install.
Wanna another false positive?
Just make one empty bat file and put this in it:
BitDefender will pick it up.
Just make one empty bat file and put this in it:
Code: Select all
copy
copy
copy-
Diziet Sma
- ---- E L I T E ----
- Posts: 6311
- Joined: Mon Apr 06, 2009 12:20 pm
- Location: Aboard the Pitviper S.E. "Blackwidow"
You may want to install, update and run Malwarebytes' Anti-Malware to check (and clean) your PC... there are lots of nasty things out there that anti-virus programs won't detect.. the free one will do everything the paid version does except for real-time protection and auto-updating.
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
It's the last entry that gives a warning.
In Oolites customsounds.plist
And in CustomSounds.oxp
Both seem to trigger Avira's heuristical search. I've reported it ~3 weeks ago to Avira,but they haven't reacted. The LAB has the files, so maybe someday they'll do something, but I wouldn't count on it. So I'd think that the Byte-combination is the problem here. Renaming this entry solves it.
Edit: For sure reported it as 'false positive' .-)
In Oolites customsounds.plist
Code: Select all
"[wormhole-created]" = "";Code: Select all
"[wormhole-created]" = "w_hole.ogg";Code: Select all
"[wrmhole-created]" = "w_hole.ogg";-
JensAyton
- Grand Admiral Emeritus
- Posts: 6657
- Joined: Sat Apr 02, 2005 2:43 pm
- Location: Sweden
- Contact:
I’ve had a couple of bug reports from Avira users about the customsounds.plist “issue”. Avira appears to be incorrectly identifying it as JavaScript doing strange stuff. customsounds.plist does not contain executable code of any sort and cannot carry a trojan.
I asked those who e-mailed me to send bug reports to Avira, and recommend you do the same.
I asked those who e-mailed me to send bug reports to Avira, and recommend you do the same.
E-mail: [email protected]