Jump to content

Trojan threat?

pcriddle

By pcriddle
in Issues & bug reporting

Recommended Posts

UmmiQ

UmmiQ

Posted
Posted

I had that same problem a year ago or so. Problem was Chrome and Panda AV working together. Had many false positive this time.
It helped if I downloaded it somewhere else (laptop for example) and then copied it to my PC to install.

Now using Bitdefender and I have no false positives :)

Link to comment
Oen

Oen

Posted
Posted (edited)

I had the exact same AV hit as OP, Trojan:Win32/Spallowz.A!plock    http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fSpallowz.A!plock&threatid=2147697481&enterprise=0#tab-link-4

 

Checked out VirusTotal.com from MGIMATTY's response, and unfortunately it did find another Trojan in the file, here's the trimmed results...

 

 

SHA256: b77f6dda429a991a739ed3b011c60a6cdd27cc00829d16590f2122cf5edcbb77
File name: Aslains_XVM_WoT_Modpack_Installer_v.9.13.08.exe
Detection ratio: 1 / 53
Analysis date: 2015-12-21 02:40:44 UTC ( 1 minute ago )
 

Antivirus      Result                           Update
Jiangmin     Trojan.Yakes.buad       20151220

 

 

Not sure the link to the file scan on VirusTotal.com will work for the rest of you, but here it is if it does.

https://www.virustotal.com/en/file/b77f6dda429a991a739ed3b011c60a6cdd27cc00829d16590f2122cf5edcbb77/analysis/1450665644/

 

So, 2 things... Why do you guys think the Trojan:Win32/Spallowz.A!plock is a false positive? And what about the Trojan.Yakes.buad that VirusTotal.com found?

 

Thank you all

Edited by Oen
Link to comment
  • Moderator
Quaksen

Quaksen

Posted
  • Moderator
Posted

Okay, so, a few things....

 

Why is it a false positive? Look at Virustotal... one hit.

Now take that antivirus program, and Google it.

Result: A Chinese antivirus company, and majority of reviews I found, give it HORRIBLE ratings.

 

Trusting a random Chinese company, over, say, Kaspersky, is a bit crazy.

 

And Google result for the Chinese "trojan" report is:

Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.
False positive reason might be right there... since the installer connects to and downloads from remote servers, if you selected DLC options, and on starting, to check for a newer installer.
  • Upvote 1
Link to comment
Oen

Oen

Posted
Posted

Got it. Thanks Quaksen for the clarification, I had misread that as if "Jiangmin" was a part of the file it found to be corrupt (closer to what I'm used to seeing), not as one of the many AV scans done (never heard of them). A quick scan of the rest and it was obvious, my apologies for not catching the setup.

 

And also thanks again MGIMATTY for the tip on the website on the first place.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.

  I accept