Trojan Horse Detected by BitDefender on Compiled EXE

VBS to EXE and JScript to EXE Compiler
domleewon
Posts: 7
Joined: Mon Oct 12, 2009 4:27 pm

Trojan Horse Detected by BitDefender on Compiled EXE

Post by domleewon »

BitDefender Free Edition 2009 v.12 is detecting ScriptCryptor 2.9.7.0 compiled script EXEs as a TrojanHorse.Generic.2450358 and DELETES it. Since I send the exe to several people, I would like to know if there is a fix and will other antivirus apps report the same. Would like to use the product, but it's difficult to implement if it is deleted on every virus scan. Also, any idea as to why it's reported as a Trojan Horse?? Thanks
support
Site Admin
Posts: 476
Joined: Fri Feb 13, 2004 1:05 pm

Post by support »

I have tested compiled file with BitDefender 7.2 and it not detect trojan inside.
domleewon
Posts: 7
Joined: Mon Oct 12, 2009 4:27 pm

Post by domleewon »

Thanks for your input. However, the system in question is running BitDefender Free Edition 2009 v.12. I'm assuming this is different from the version you tested. It would be extremely helpful if you could test BitDefender Free Edition 2009 v.12 to see if it fails the same way.
Thanks again - DLW
support
Site Admin
Posts: 476
Joined: Fri Feb 13, 2004 1:05 pm

Post by support »

Please verify compiled file on http://www.virustotal.com and send me a link to report.
domleewon
Posts: 7
Joined: Mon Oct 12, 2009 4:27 pm

Post by domleewon »

Per your request the results are listed below. The site tested 41 antivirus apps and 12 of them found something to report as a virus, worm, trojan, or malware. The BitDefender test is with a different version than I am using but it still finds a problem. I hope this helps.

Note: I added "==>" to make detections stand out.


Srpski | | | Suomi | ihMdI | | ••••• | | Slovenš•ina | Dansk | ••••••• | Român• | Türkçe |
Nederlands | | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | •esky |
Polski | Español
Virustotal is a service that analyzes suspicious
files and facilitates the quick detection of viruses,
worms, trojans, and all kinds of malware
detected by antivirus engines. More information...
File hello.exe received on 2009.10.20 13:20:44 (UTC)
Current status: finished
Result: 12/41 (29.27%)
Print results
Antivirus Version Last Update Result

==> a-squared 4.5.0.41 2009.10.20 ==>Trojan-Downloader.VBS.Agent!IK

AhnLab-V3 5.0.0.2 2009.10.20 -
AntiVir 7.9.1.35 2009.10.20 -
Antiy-AVL 2.0.3.7 2009.10.20 -
Authentium 5.1.2.4 2009.10.20 -

==> Avast 4.8.1351.0 2009.10.19 ==>Win32:Malware-gen

AVG 8.5.0.420 2009.10.20 -

==> BitDefender 7.2 2009.10.20 ==> Trojan.Generic.2450358

CAT-QuickHeal 10.00 2009.10.20 -
ClamAV 0.94.1 2009.10.20 -

==> Comodo 2666 2009.10.20 ==> Heur.Packed.Unknown
==> DrWeb 5.0.0.12182 2009.10.20 ==> Trojan.AVKill.843

eSafe 7.0.17.0 2009.10.19 -
eTrust-Vet 35.1.7075 2009.10.19 -
F-Prot 4.5.1.85 2009.10.20 -

==> F-Secure 9.0.15300.0 2009.10.20 ==> IM-Worm:W32/Skypper.A

Fortinet 3.120.0.0 2009.10.20 -

==> GData 19 2009.10.20 ==> Trojan.Generic.2450358
==> Ikarus T3.1.1.72.0 2009.10.20 ==> Trojan-Downloader.VBS.Agent
==> Jiangmin 11.0.800 2009.10.20 ==> TrojanDownloader.BAT.n

Compact
VirusTotal - Free Online Virus and Malware Scan - Result Page 1 of 4
http://www.virustotal.com/analisis/cd62 ... 00dfe97e15... 10/20/2009
K7AntiVirus 7.10.874 2009.10.19 -
Kaspersky 7.0.0.125 2009.10.20 -
McAfee 5776 2009.10.19 -
McAfee+Artemis 5776 2009.10.19 -

==> McAfee-GWEdition 6.8.5 2009.10.20 ==> Heuristic.LooksLike.Riskware.QuickBatch.H

Microsoft 1.5101 2009.10.20 -
NOD32 4526 2009.10.20 -
Norman 6.03.02 2009.10.19 -
nProtect 2009.1.8.0 2009.10.20 -
Panda 10.0.2.2 2009.10.20 -
PCTools 4.4.2.0 2009.10.19 -

==> Prevx 3.0 2009.10.20 ==> High Risk Worm

Rising 21.52.14.00 2009.10.20 -
Sophos 4.46.0 2009.10.20 -
Sunbelt 3.2.1858.2 2009.10.20 -
Symantec 1.4.4.12 2009.10.20 -
TheHacker 6.5.0.2.048 2009.10.20 -
TrendMicro 8.950.0.1094 2009.10.20 -
VBA32 3.12.10.11 2009.10.19 -

==> ViRobot 2009.10.20.1996 2009.10.20 Trojan.Win32.Skypper.185856

VirusBuster 4.6.5.0 2009.10.19 -
Additional information
File size: 185344 bytes
MD5...: 307a413e20a4963981c3f4851ef158a2
SHA1..: cca979084508fa8f2f9bd84a25b80f8ecd488bbc
SHA256: cd6268f1eb65bbfa1c0b2f183c7247779bdb00dfe97e15d2d239d02ebf95f443
ssdeep: 3072:PHTXhR+zOQEa7RhEHUKDaWNGplJxUnUHCtX6+lUMa4hm3VdJcXG0ieiDzSJ
z6VC4:PHTLINfFtWNiHS5Jhm3VC/iVDOzm
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x274e8
timedatestamp.....: 0x4a67b387 (Thu Jul 23 00:49:11 2009)
machinetype.......: 0x14c (I386)
( 9 sections )
VirusTotal - Free Online Virus and Malware Scan - Result Page 2 of 4
http://www.virustotal.com/analisis/cd62 ... 00dfe97e15... 10/20/2009
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25e04 0x26000 6.53 24c3071b41df301c1c64324e317fba44
.itext 0x27000 0xa68 0xc00 5.66 a2db7b9eb3078d39afeb98cc950a95b0
.data 0x28000 0xf18 0x1000 2.96 2b6ebfa7dadc765b35ae142cb77e03ce
.bss 0x29000 0x5ae0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2f000 0x124c 0x1400 4.77 24815343e6f7258b8e3f32f72950141d
.tls 0x31000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x32000 0x18 0x200 0.21 6a4b09f4cf2b330faa7d551260c71fc4
.reloc 0x33000 0x2d74 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x36000 0x3c6c 0x3e00 4.35 834808f033755d8b9fa889f8f15f6c3a
( 15 imports )
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA,
CharNextA
> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc,
GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement,
VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA,
lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA,
GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA,
GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess,
CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind,
RaiseException, GetStdHandle
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> user32.dll: CreateWindowExA, UnregisterClassA, TranslateMessage,
SetWindowLongA, SetTimer, RegisterClassA, PostThreadMessageA, PeekMessageA,
MessageBoxA, LoadStringA, KillTimer, GetWindowLongA, GetSystemMetrics,
GetClassInfoA, DispatchMessageA, DestroyWindow, DefWindowProcA, CharNextA,
CharUpperBuffA, CharToOemA
> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc,
SizeofResource, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile,
ResetEvent, ReadFile, MultiByteToWideChar, LockResource, LoadResource,
LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection,
GetVersionExA, GetUserDefaultLCID, GetTickCount, GetThreadLocale,
GetTempPathA, GetSystemDefaultLCID, GetStdHandle, GetShortPathNameA,
GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA,
GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA,
GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo,
FreeResource, InterlockedIncrement, InterlockedExchange,
InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA,
FindFirstFileA, FindClose, EnumCalendarInfoA, EnterCriticalSection,
DeleteFileA, DeleteCriticalSection, CreateFileA, CreateEventA,
CompareStringA, CloseHandle
> advapi32.dll: RegSetValueExA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey
> oleaut32.dll: CreateErrorInfo, GetErrorInfo, SetErrorInfo,
DispGetIDsOfNames, RegisterTypeLib, LoadTypeLibEx, SafeArrayGetElement,
SafeArrayGetLBound, SafeArrayGetUBound, SysFreeString
> ole32.dll: CreateBindCtx, CoTaskMemFree, CLSIDFromProgID,
StringFromCLSID, CoCreateInstance, CoLockObjectExternal,
CoDisconnectObject, CoRevokeClassObject, CoRegisterClassObject,
CoUninitialize, CoInitialize, IsEqualGUID
> kernel32.dll: Sleep
VirusTotal - Free Online Virus and Malware Scan - Result Page 3 of 4
http://www.virustotal.com/analisis/cd62 ... 00dfe97e15... 10/20/2009
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Although the detection rate
afforded by the use of multiple antivirus engines is far superior to that offered by just one
product, these results DO NOT guarantee the harmlessness of a file. Currently, there is
not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> ole32.dll: IsEqualGUID
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound,
SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd,
VariantCopy, VariantClear, VariantInit
> URLMON.DLL: MkParseDisplayNameEx
> shell32.dll: SHGetSpecialFolderPathA
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
<a href='http://info.prevx.com/aboutprogramtext.asp?
PX5=73D2C0890089FF7BD43D022C2F857D008BC6E0FC'
target='_blank'>http://info.prevx.com/aboutprogramtext.asp?
PX5=73D2C0890089FF7BD43D022C2F857D008BC6E0FC</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
VirusTotal - Free Online Virus and Malware Scan - Result Page 4 of 4
http://www.virustotal.com/analisis/cd62 ... 00dfe97e15... 10/20/2009
support
Site Admin
Posts: 476
Joined: Fri Feb 13, 2004 1:05 pm

Post by support »

Please download and install updated installation package 2.9.7.0 from this site.
domleewon
Posts: 7
Joined: Mon Oct 12, 2009 4:27 pm

Post by domleewon »

I was already running ScriptCryptor 2.9.7.0, which I downloaded Sept 23, 2009. I did down load ScriptCryptor 2.9.7.0 again today and the application's file size is larger so I assume it's a different version from the previous one I downloaded. It appears to work! Thank you very much!

If there is another update to version 2.9.7.0 how will I know?
Thanks-DLW
support
Site Admin
Posts: 476
Joined: Fri Feb 13, 2004 1:05 pm

Post by support »

We will add RSS feed later.
jennifer
Posts: 1
Joined: Tue Jun 15, 2010 6:33 pm

Re: Trojan Horse Detected by BitDefender on Compiled EXE

Post by jennifer »

domleewon wrote:BitDefender Free Edition 2009 v.12 is detecting ScriptCryptor 2.9.7.0 compiled script EXEs as a TrojanHorse.Generic.2450358 and DELETES it. Since I send the exe to several people, I would like to know if there is a fix and will other antivirus apps report the same. Would like to use the product, but it's difficult to implement if it is deleted on every virus scan. Also, any idea as to why it's reported as a Trojan Horse?? Thanks
It's pretty weird the reason why it is being reported as a trojan, but before accessing any other file why don't you try kaspersky 0.7 it's one of the best at detecting and fixing problems! 8)
support
Site Admin
Posts: 476
Joined: Fri Feb 13, 2004 1:05 pm

Re: Trojan Horse Detected by BitDefender on Compiled EXE

Post by support »

jennifer wrote:It's pretty weird the reason why it is being reported as a trojan, but before accessing any other file why don't you try kaspersky 0.7 it's one of the best at detecting and fixing problems! 8)
Because KIS produce a lot of false detections?