Page 1 of 1
Possible trojan contamination
Posted: Mon Aug 31, 2009 9:06 pm
by Pegleg
I've been trying for months to track down a trojan on my computer that was harvesting data from my contacts list and sending out fake emails in my name to the people on that list. Today I uninstalled Panda Antivirus and switched over to Avira, then ran a complete scan. It found a trojan that it called HTML/Silly.Gen that was located in the Custom Sounds Plist in the config folder of the resources section of the 1.72.2 build for Windows. I cleaned and uninstalled Oolite from my hard-drive and downloaded the new 1.73 build from Berlios. The download scanned clean, but when I began extracting the files I quickly got a warning that one of them was infected with the HTML/Silly.Gen trojan and needed to be quarrantined. So I again deleted all the Oolite files from my computer. You may want to check into this.
Posted: Mon Aug 31, 2009 9:39 pm
by DaddyHoggy
I use AVG free just rescanned and it doesn't find anything - that doesn't mean its not there of course...
Posted: Mon Aug 31, 2009 9:59 pm
by another_commander
False positive. The entire build (installer + tree structure after installation) was scanned using McAfee VirusScan Enterprise, scan engine 5301.4018, with DAT dated 28 August 2009 before its release. Additionally, there is absolutely nothing wrong in customsounds.plist. It is a standard NeXTStep format property file. It is safe to install.
Posted: Tue Sep 01, 2009 1:34 am
by Chaky
Wanna another false positive?
Just make one empty bat file and put this in it:
BitDefender will pick it up.
Posted: Tue Sep 01, 2009 6:50 am
by Diziet Sma
You may want to install, update and run
Malwarebytes' Anti-Malware to check (and clean) your PC... there are lots of nasty things out there that anti-virus programs won't detect.. the free one will do everything the paid version does except for real-time protection and auto-updating.
Posted: Tue Sep 01, 2009 9:16 am
by Svengali
It's the last entry that gives a warning.
In Oolites customsounds.plist
And in CustomSounds.oxp
Code: Select all
"[wormhole-created]" = "w_hole.ogg";
Both seem to trigger Avira's heuristical search. I've reported it ~3 weeks ago to Avira,but they haven't reacted. The LAB has the files, so maybe someday they'll do something, but I wouldn't count on it. So I'd think that the Byte-combination is the problem here. Renaming this entry solves it.
Code: Select all
"[wrmhole-created]" = "w_hole.ogg";
Edit: For sure reported it as 'false positive' .-)
Posted: Tue Sep 01, 2009 11:30 pm
by JensAyton
I’ve had a couple of bug reports from Avira users about the customsounds.plist “issue”. Avira appears to be incorrectly identifying it as JavaScript doing strange stuff. customsounds.plist does not contain executable code of any sort and cannot carry a trojan.
I asked those who e-mailed me to send bug reports to Avira, and recommend you do the same.