Bloodstar-Altair
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
I downloaded a plug-in (linked from Sucamarto's) and when I went to install it PestPatrol warned me there was a trojan. I emailed the author to ask about it via their download site but it's been three days with no answer. I was wondering if someone else could confirm that it is in fact a trojan or a threat. If it is then obviously I (or the confirmer) can post which plug-in has the problem so people can clean their computers.
What I don't understand is why Norton didn't catch it first. That is why I am not sure it is a problem and why I am not flying off the handle and possibly screwing up someone's good name and hard work.
-----signature-----
|
|
Link to this post
|
MT_Gouru
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
You're not talking about Dual Client are you?
That one is notorious for stealing passwords.
<grin>
-----signature-----
|
|
Link to this post
|
Drakier
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
Bloodstar: it would be easier to check if you provided the name of the plugin.
I might have time later today to check into it, but I'd need to know which one.. and I think the users understand you're not trying to go overboard and just be cautious, so you can publically state which plugin and hopefully everyone will understand that you're just trying to get more information about it, and you're not exactly accusing the author or plugin of anything yet.
also.. another reason to post the name publically is so that other people besides myself can look into it.. I'm by no means the best at looking for trojans, but I've done it in the past, and there are other people who are much better at it, but it would be a pain for them to have to ask for the name to be PMed to them, and would be annoying for you to have to PM it to everyone.
-----signature-----
|
|
Link to this post
|
Bloodstar-Altair
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
|
Well I would have been perfectly willing to PM anyone that wanted to check the plug-in but I hear what you are saying. The plug-in is Trophy Hunter. I'll go home at lunch (I'm on the west coast) and get the exact name of the trojan that PestPatrol is warning me about and post that to.
-----signature-----
|
|
Link to this post
|
Drakier
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
yes.. please provide the trojan name that you're reporting..
Trophy Hunter has been around for a long time without incident, and while I haven't checked it yet, I do think that it's most likely a false positive and that it is ok. I'll check anyway just to make sure on my end, but I don't think I'll find anything (especially without the trojan name so I can research what that trojan does).
-----signature-----
|
|
Link to this post
|
Drakier
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
after an initial quick check-through, I find that the Trophy Hunter installer installs 2 Dll files... one of which is the plugin as a .NET 2.0 plugin, and the other is a resource DLL for icons and images.
the NET2.0 DLL for the plugin looked pretty standard for plugins, and it didn't have anything out of the normal that I saw.. it seemed to be a complete working plugin. The ICON dll was basically just a standard resource dll.
So without any other information, I can't find anything that seems out of place or not-normal.
-----signature-----
|
|
Link to this post
|
Bloodstar-Altair
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
Yeah, I like Trophy Hunter which is why I wanted to load it again now that I am back. This is what PestPatrol is giving me:
Trojan.Win32.WMF.exploit.generic
Here is a link to what they say on their site:
http://www.pestpatrol.com/spywarecenter/pest.aspx?id=453096781
-----signature-----
|
|
Link to this post
|
Drakier
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
I have no idea why trophy hunter would register with that at all...
nowhere in the code or the setup files are the WMF files used or specified....
the only thing I can think of is the link you used might be different than the official one, but I doubt it.. especially if you clicked the link from Suca's site...
best bet is to just make sure you have the right file, and ignore what the PestPatrol thing says... I don't see any reason why it would throw that error.
-----signature-----
|
|
Link to this post
|
Bloodstar-Altair
Posts:
????
Registered:
????
Extended Info (if available)
Real Post Cnt: 0
User ID: 0
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
|
I'm guessing it's something harmless that is tripping PestPatrol but I wanted to hear it from either the programmer or someone with a clue (like you). Thanks for your help.
-----signature-----
|
|
Link to this post
|
immortalbob
Title: AC Vault Staff
I am batman!
Posts:
11,887
Registered:
Feb 24, '02
Extended Info (if available)
Real Post Cnt: 11,708
User ID: 649,929
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
|
probably catching it because it has the ability to store stats and then upload them to the website. Probably thinks it is some sort of data miner.
-----signature-----
ImmortalBob, Axer Extraordinaire
+Turbine Sappho tells you, "I am starting to think you are immortal"
|
|
Link to this post
|
Sucamarto
Posts:
20,839
Registered:
May 15, '01
Extended Info (if available)
Real Post Cnt: 20,746
User ID: 96,777
|
Subject:
Anyone here good at checking on a possible trojan in a plug-in?
|
|
Id say it sounds like a bogus virus warning.
-----signature-----
Sucamarto's AC Heaven - http://acheaven.buwahaha.com Sucamarto - (275) Bunny Master Panumbriis Shadow - (275) - Sword,Cook,Alch,Tinker Allegiance - Tasia the True "May the seed of your loin be fruitfull in the belly of your woman" Neil
|
|
Link to this post
|
