Abyssmedia.com Forum Index Abyssmedia.com
Abyssmedia Support Forums
 
  FAQ    Search    Memberlist    Usergroups   Register 
  Profile    Log in to check your private messages    Log in 

Trojan horse detected by AVG v9.0 (paid version)

 
Post new topic   Reply to topic    Abyssmedia.com Forum Index -> ScriptCryptor
View previous topic :: View next topic  
Author Message
neilallison147



Joined: 02 Sep 2010
Posts: 7

PostPosted: Fri Sep 03, 2010 2:39 am    Post subject: Trojan horse detected by AVG v9.0 (paid version) Reply with quote

I have just purchased ScriptCryptor and have generated an exe. When I try to run it or e-mail it, AVG detects a Trojan horse. (Trojan horse generic 18 FTT).

I've tried uploading it to www.virustotal.com and don't see any information on the screen that helps.
I've also tried to e-mail it to them but I get a message saying the mailserver has detected a virus too.

Where to now?
Back to top
neilallison147



Joined: 02 Sep 2010
Posts: 7

PostPosted: Fri Sep 03, 2010 2:56 am    Post subject: Reply with quote

I managed to get it e-mailled to Virus Total by shutting AVG off. Here are the results.

Complete scanning result of "M3Get.exe", processed in VirusTotal at 09/03/2010 04:38:11 (CET).

[ file data ]
* name..: M3Get.exe
* size..: 194048
* md5...: 3298b111296fa97e1aaf41b91cbd4482
* sha1..: 35eecce07b23a083808e52d6b42a41a346207b09
* peid..: -

[ scan result ]
AhnLab-V3 2010.09.03.00/20100903 found nothing
AntiVir 8.2.4.46/20100902 found [SPR/QuickBatch.Gen]
Antiy-AVL 2.0.3.7/20100902 found [Trojan/Win32.Delf.gen]
Authentium 5.2.0.5/20100903 found nothing
Avast 4.8.1351.0/20100902 found nothing
Avast5 5.0.594.0/20100902 found nothing
AVG 9.0.0.851/20100902 found [Generic18.FTT]
BitDefender 7.2/20100903 found nothing
CAT-QuickHeal 11.00/20100902 found nothing
ClamAV 0.96.2.0-git/20100902 found [PUA.Crypt.ScriptCryptor]
Comodo 5950/20100903 found [Heur.Packed.Unknown]
DrWeb 5.0.2.03300/20100903 found nothing
Emsisoft 5.0.0.37/20100903 found [Trojan.JS.StartPage!IK]
eSafe 7.0.17.0/20100901 found nothing
eTrust-Vet 36.1.7833/20100902 found nothing
F-Prot 4.6.1.107/20100901 found nothing
F-Secure 9.0.15370.0/20100903 found nothing
Fortinet 4.1.143.0/20100902 found nothing
GData 21/20100903 found nothing
Ikarus T3.1.1.88.0/20100903 found [Trojan.JS.StartPage]
Jiangmin 13.0.900/20100903 found [Trojan/Delf.pbn]
K7AntiVirus 9.63.2424/20100902 found nothing
Kaspersky 7.0.0.125/20100903 found nothing
McAfee 5.400.0.1158/20100903 found nothing
McAfee-GW-Edition 2010.1B/20100903 found nothing
Microsoft 1.6103/20100902 found nothing
NOD32 5419/20100902 found nothing
Norman 6.05.11/20100902 found nothing
nProtect 2010-09-02.01/20100902 found nothing
Panda 10.0.2.7/20100902 found [W32/MSNworm.IX.worm]
PCTools 7.0.3.5/20100903 found nothing
Prevx 3.0/20100903 found nothing
Rising 22.63.03.03/20100902 found nothing
Sophos 4.57.0/20100903 found nothing
Sunbelt 6826/20100902 found nothing
SUPERAntiSpyware 4.40.0.1006/20100903 found nothing
Symantec 20101.1.1.7/20100903 found nothing
TheHacker 6.5.2.1.362/20100903 found nothing
TrendMicro 9.120.0.1004/20100902 found nothing
TrendMicro-HouseCall 9.120.0.1004/20100903 found nothing
VBA32 3.12.14.0/20100902 found [Trojan.Win32.Delf.spj]
ViRobot 2010.8.31.4017/20100902 found nothing
VirusBuster 12.64.15.0/20100902 found nothing

[ notes ]
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Fri Sep 03, 2010 8:45 pm    Post subject: Reply with quote

Looks cool, especially:

AntiVir 8.2.4.46/20100902 found [SPR/QuickBatch.Gen]

- point to the Quick Batch File Compiler

ClamAV 0.96.2.0-git/20100902 found [PUA.Crypt.ScriptCryptor]

- yes, it compiled with ScriptCryptor

VBA32 3.12.14.0/20100902 found [Trojan.Win32.Delf.spj]

- yes, we use the Delphi for Win32

Please understand that this is false positives. AV detect our compiler and mark it as suspicious file because it can be used for virus creation.
Back to top
neilallison147



Joined: 02 Sep 2010
Posts: 7

PostPosted: Sat Sep 04, 2010 1:40 am    Post subject: Reply with quote

Ok. But what can be done about it? I can't be creating .exe files and installing them on clients machines where there is a potential for their virus software to pick them up as infected.

It has to be something to do with ScriptCryptor because there appears to be so many posts on this forum where virus software is detecting virus's in the .exe files (albeit incorrect).

If there is nothing Abyss can do to fix this, then as good as the software appears to be, it will be of no use to me.
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Sun Sep 05, 2010 1:25 am    Post subject: Reply with quote

You need to submit the false positive report to AV company and they remove signature from database.

Please understand, we don't know your AV version, database version, don't have your EXE file, so we can not submit report to AV.
Back to top
neilallison147



Joined: 02 Sep 2010
Posts: 7

PostPosted: Sun Sep 05, 2010 2:17 am    Post subject: Reply with quote

That's all well and good for th AV package that I am using but what about all the other AV packages on the list from Virus Total? What if my clients where I install the .exe files are using a different AV package (which they almost certainly are !!).
Do I have to submit a report to ALL the AV software vendors? That's not really practical is it?
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Sun Sep 05, 2010 12:16 pm    Post subject: Reply with quote

In fact, most vendors just copied detections form others, so one report may remove few detections.
Back to top
neilallison147



Joined: 02 Sep 2010
Posts: 7

PostPosted: Sun Sep 05, 2010 12:32 pm    Post subject: Reply with quote

So can I assume that Abyss Media will not do anything about this issue?
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Thu Sep 09, 2010 6:51 pm    Post subject: Reply with quote

We can only release new version that will not match with current signature.
Back to top
neilallison147



Joined: 02 Sep 2010
Posts: 7

PostPosted: Thu Sep 09, 2010 9:49 pm    Post subject: Reply with quote

When is this new version likely to be released?

I'm sure you understand that I cannot be installing exe files at clients sites that are going to be reported as infected.

If the new release can't resolve this, then I'm afraid I will be requesting a refund. Which would be a shame because the product is fast, really easy to use and very well priced.

Here's hoping we can get a satisfactory resolution.
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Wed Sep 15, 2010 2:32 pm    Post subject: Reply with quote

As I know, AV doesn't like encryption routines in our compilers, so we will update algorithm for all compilers at this month.
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Wed Sep 15, 2010 5:19 pm    Post subject: Reply with quote

I have submitted a sample to VirusTotal and got only one false detection
from VBA32 (who is it?):

http://www.virustotal.com/file-scan/report.html?id=81eb491a5f11a22b6ef0ce0a12372fabefead2c777a9c2624d7d26cc90141357-1284561354

ClamAV detect it as PUA.Crypt.ScriptCryptor (not a virus!)
Panda report about suspicious file
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Abyssmedia.com Forum Index -> ScriptCryptor All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2011 phpBB Group