Abyssmedia.com Forum Index Abyssmedia.com
Abyssmedia Support Forums
 
  FAQ    Search    Memberlist    Usergroups   Register 
  Profile    Log in to check your private messages    Log in 

Trojan Horse Detected by BitDefender on Compiled EXE

 
Post new topic   Reply to topic    Abyssmedia.com Forum Index -> ScriptCryptor
View previous topic :: View next topic  
Author Message
domleewon



Joined: 12 Oct 2009
Posts: 7

PostPosted: Mon Oct 12, 2009 5:03 pm    Post subject: Trojan Horse Detected by BitDefender on Compiled EXE Reply with quote

BitDefender Free Edition 2009 v.12 is detecting ScriptCryptor 2.9.7.0 compiled script EXEs as a TrojanHorse.Generic.2450358 and DELETES it. Since I send the exe to several people, I would like to know if there is a fix and will other antivirus apps report the same. Would like to use the product, but it's difficult to implement if it is deleted on every virus scan. Also, any idea as to why it's reported as a Trojan Horse?? Thanks
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Mon Oct 12, 2009 7:25 pm    Post subject: Reply with quote

I have tested compiled file with BitDefender 7.2 and it not detect trojan inside.
Back to top
domleewon



Joined: 12 Oct 2009
Posts: 7

PostPosted: Wed Oct 14, 2009 3:42 pm    Post subject: Reply with quote

Thanks for your input. However, the system in question is running BitDefender Free Edition 2009 v.12. I'm assuming this is different from the version you tested. It would be extremely helpful if you could test BitDefender Free Edition 2009 v.12 to see if it fails the same way.
Thanks again - DLW
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Thu Oct 15, 2009 10:52 pm    Post subject: Reply with quote

Please verify compiled file on http://www.virustotal.com and send me a link to report.
Back to top
domleewon



Joined: 12 Oct 2009
Posts: 7

PostPosted: Tue Oct 20, 2009 1:57 pm    Post subject: Reply with quote

Per your request the results are listed below. The site tested 41 antivirus apps and 12 of them found something to report as a virus, worm, trojan, or malware. The BitDefender test is with a different version than I am using but it still finds a problem. I hope this helps.

Note: I added "==>" to make detections stand out.


Srpski | | | Suomi | ihMdI | | ••••• | | Slovenš•ina | Dansk | ••••••• | Român• | Türkçe |
Nederlands | | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | •esky |
Polski | Español
Virustotal is a service that analyzes suspicious
files and facilitates the quick detection of viruses,
worms, trojans, and all kinds of malware
detected by antivirus engines. More information...
File hello.exe received on 2009.10.20 13:20:44 (UTC)
Current status: finished
Result: 12/41 (29.27%)
Print results
Antivirus Version Last Update Result

==> a-squared 4.5.0.41 2009.10.20 ==>Trojan-Downloader.VBS.Agent!IK

AhnLab-V3 5.0.0.2 2009.10.20 -
AntiVir 7.9.1.35 2009.10.20 -
Antiy-AVL 2.0.3.7 2009.10.20 -
Authentium 5.1.2.4 2009.10.20 -

==> Avast 4.8.1351.0 2009.10.19 ==>Win32:Malware-gen

AVG 8.5.0.420 2009.10.20 -

==> BitDefender 7.2 2009.10.20 ==> Trojan.Generic.2450358

CAT-QuickHeal 10.00 2009.10.20 -
ClamAV 0.94.1 2009.10.20 -

==> Comodo 2666 2009.10.20 ==> Heur.Packed.Unknown
==> DrWeb 5.0.0.12182 2009.10.20 ==> Trojan.AVKill.843

eSafe 7.0.17.0 2009.10.19 -
eTrust-Vet 35.1.7075 2009.10.19 -
F-Prot 4.5.1.85 2009.10.20 -

==> F-Secure 9.0.15300.0 2009.10.20 ==> IM-Worm:W32/Skypper.A

Fortinet 3.120.0.0 2009.10.20 -

==> GData 19 2009.10.20 ==> Trojan.Generic.2450358
==> Ikarus T3.1.1.72.0 2009.10.20 ==> Trojan-Downloader.VBS.Agent
==> Jiangmin 11.0.800 2009.10.20 ==> TrojanDownloader.BAT.n

Compact
VirusTotal - Free Online Virus and Malware Scan - Result Page 1 of 4
http://www.virustotal.com/analisis/cd6268f1eb65bbfa1c0b2f183c7247779bdb00dfe97e15... 10/20/2009
K7AntiVirus 7.10.874 2009.10.19 -
Kaspersky 7.0.0.125 2009.10.20 -
McAfee 5776 2009.10.19 -
McAfee+Artemis 5776 2009.10.19 -

==> McAfee-GWEdition 6.8.5 2009.10.20 ==> Heuristic.LooksLike.Riskware.QuickBatch.H

Microsoft 1.5101 2009.10.20 -
NOD32 4526 2009.10.20 -
Norman 6.03.02 2009.10.19 -
nProtect 2009.1.8.0 2009.10.20 -
Panda 10.0.2.2 2009.10.20 -
PCTools 4.4.2.0 2009.10.19 -

==> Prevx 3.0 2009.10.20 ==> High Risk Worm

Rising 21.52.14.00 2009.10.20 -
Sophos 4.46.0 2009.10.20 -
Sunbelt 3.2.1858.2 2009.10.20 -
Symantec 1.4.4.12 2009.10.20 -
TheHacker 6.5.0.2.048 2009.10.20 -
TrendMicro 8.950.0.1094 2009.10.20 -
VBA32 3.12.10.11 2009.10.19 -

==> ViRobot 2009.10.20.1996 2009.10.20 Trojan.Win32.Skypper.185856

VirusBuster 4.6.5.0 2009.10.19 -
Additional information
File size: 185344 bytes
MD5...: 307a413e20a4963981c3f4851ef158a2
SHA1..: cca979084508fa8f2f9bd84a25b80f8ecd488bbc
SHA256: cd6268f1eb65bbfa1c0b2f183c7247779bdb00dfe97e15d2d239d02ebf95f443
ssdeep: 3072:PHTXhR+zOQEa7RhEHUKDaWNGplJxUnUHCtX6+lUMa4hm3VdJcXG0ieiDzSJ
z6VC4:PHTLINfFtWNiHS5Jhm3VC/iVDOzm
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x274e8
timedatestamp.....: 0x4a67b387 (Thu Jul 23 00:49:11 2009)
machinetype.......: 0x14c (I386)
( 9 sections )
VirusTotal - Free Online Virus and Malware Scan - Result Page 2 of 4
http://www.virustotal.com/analisis/cd6268f1eb65bbfa1c0b2f183c7247779bdb00dfe97e15... 10/20/2009
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25e04 0x26000 6.53 24c3071b41df301c1c64324e317fba44
.itext 0x27000 0xa68 0xc00 5.66 a2db7b9eb3078d39afeb98cc950a95b0
.data 0x28000 0xf18 0x1000 2.96 2b6ebfa7dadc765b35ae142cb77e03ce
.bss 0x29000 0x5ae0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2f000 0x124c 0x1400 4.77 24815343e6f7258b8e3f32f72950141d
.tls 0x31000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x32000 0x18 0x200 0.21 6a4b09f4cf2b330faa7d551260c71fc4
.reloc 0x33000 0x2d74 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x36000 0x3c6c 0x3e00 4.35 834808f033755d8b9fa889f8f15f6c3a
( 15 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA,
CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc,
GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement,
VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA,
lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA,
GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA,
GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess,
CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind,
RaiseException, GetStdHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExA, UnregisterClassA, TranslateMessage,
SetWindowLongA, SetTimer, RegisterClassA, PostThreadMessageA, PeekMessageA,
MessageBoxA, LoadStringA, KillTimer, GetWindowLongA, GetSystemMetrics,
GetClassInfoA, DispatchMessageA, DestroyWindow, DefWindowProcA, CharNextA,
CharUpperBuffA, CharToOemA
> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc,
SizeofResource, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile,
ResetEvent, ReadFile, MultiByteToWideChar, LockResource, LoadResource,
LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection,
GetVersionExA, GetUserDefaultLCID, GetTickCount, GetThreadLocale,
GetTempPathA, GetSystemDefaultLCID, GetStdHandle, GetShortPathNameA,
GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA,
GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA,
GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo,
FreeResource, InterlockedIncrement, InterlockedExchange,
InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA,
FindFirstFileA, FindClose, EnumCalendarInfoA, EnterCriticalSection,
DeleteFileA, DeleteCriticalSection, CreateFileA, CreateEventA,
CompareStringA, CloseHandle
> advapi32.dll: RegSetValueExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey
> oleaut32.dll: CreateErrorInfo, GetErrorInfo, SetErrorInfo,
DispGetIDsOfNames, RegisterTypeLib, LoadTypeLibEx, SafeArrayGetElement,
SafeArrayGetLBound, SafeArrayGetUBound, SysFreeString
> ole32.dll: CreateBindCtx, CoTaskMemFree, CLSIDFromProgID,
StringFromCLSID, CoCreateInstance, CoLockObjectExternal,
CoDisconnectObject, CoRevokeClassObject, CoRegisterClassObject,
CoUninitialize, CoInitialize, IsEqualGUID
> kernel32.dll: Sleep
VirusTotal - Free Online Virus and Malware Scan - Result Page 3 of 4
http://www.virustotal.com/analisis/cd6268f1eb65bbfa1c0b2f183c7247779bdb00dfe97e15... 10/20/2009
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Although the detection rate
afforded by the use of multiple antivirus engines is far superior to that offered by just one
product, these results DO NOT guarantee the harmlessness of a file. Currently, there is
not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> ole32.dll: IsEqualGUID
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound,
SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd,
VariantCopy, VariantClear, VariantInit
> URLMON.DLL: MkParseDisplayNameEx
> shell32.dll: SHGetSpecialFolderPathA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
<a href='http://info.prevx.com/aboutprogramtext.asp?
PX5=73D2C0890089FF7BD43D022C2F857D008BC6E0FC'
target='_blank'>http://info.prevx.com/aboutprogramtext.asp?
PX5=73D2C0890089FF7BD43D022C2F857D008BC6E0FC</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
VirusTotal - Free Online Virus and Malware Scan - Result Page 4 of 4
http://www.virustotal.com/analisis/cd6268f1eb65bbfa1c0b2f183c7247779bdb00dfe97e15... 10/20/2009
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Tue Oct 20, 2009 2:29 pm    Post subject: Reply with quote

Please download and install updated installation package 2.9.7.0 from this site.
Back to top
domleewon



Joined: 12 Oct 2009
Posts: 7

PostPosted: Tue Oct 20, 2009 3:11 pm    Post subject: Reply with quote

I was already running ScriptCryptor 2.9.7.0, which I downloaded Sept 23, 2009. I did down load ScriptCryptor 2.9.7.0 again today and the application's file size is larger so I assume it's a different version from the previous one I downloaded. It appears to work! Thank you very much!

If there is another update to version 2.9.7.0 how will I know?
Thanks-DLW
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Wed Oct 21, 2009 8:41 pm    Post subject: Reply with quote

We will add RSS feed later.
Back to top
jennifer



Joined: 15 Jun 2010
Posts: 1

PostPosted: Tue Jun 15, 2010 7:44 pm    Post subject: Re: Trojan Horse Detected by BitDefender on Compiled EXE Reply with quote

domleewon wrote:
BitDefender Free Edition 2009 v.12 is detecting ScriptCryptor 2.9.7.0 compiled script EXEs as a TrojanHorse.Generic.2450358 and DELETES it. Since I send the exe to several people, I would like to know if there is a fix and will other antivirus apps report the same. Would like to use the product, but it's difficult to implement if it is deleted on every virus scan. Also, any idea as to why it's reported as a Trojan Horse?? Thanks


It's pretty weird the reason why it is being reported as a trojan, but before accessing any other file why don't you try kaspersky 0.7 it's one of the best at detecting and fixing problems! Cool
Back to top
support
Site Admin


Joined: 13 Feb 2004
Posts: 376

PostPosted: Thu Jun 17, 2010 7:08 pm    Post subject: Re: Trojan Horse Detected by BitDefender on Compiled EXE Reply with quote

jennifer wrote:
It's pretty weird the reason why it is being reported as a trojan, but before accessing any other file why don't you try kaspersky 0.7 it's one of the best at detecting and fixing problems! Cool


Because KIS produce a lot of false detections?
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Abyssmedia.com Forum Index -> ScriptCryptor All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2011 phpBB Group