I have just purchased ScriptCryptor and have generated an exe. When I try to run it or e-mail it, AVG detects a Trojan horse. (Trojan horse generic 18 FTT).
I've tried uploading it to www.virustotal.com and don't see any information on the screen that helps.
I've also tried to e-mail it to them but I get a message saying the mailserver has detected a virus too.
Where to now?
Trojan horse detected by AVG v9.0 (paid version)
-
- Posts: 7
- Joined: Thu Sep 02, 2010 4:24 am
-
- Posts: 7
- Joined: Thu Sep 02, 2010 4:24 am
I managed to get it e-mailled to Virus Total by shutting AVG off. Here are the results.
Complete scanning result of "M3Get.exe", processed in VirusTotal at 09/03/2010 04:38:11 (CET).
[ file data ]
* name..: M3Get.exe
* size..: 194048
* md5...: 3298b111296fa97e1aaf41b91cbd4482
* sha1..: 35eecce07b23a083808e52d6b42a41a346207b09
* peid..: -
[ scan result ]
AhnLab-V3 2010.09.03.00/20100903 found nothing
AntiVir 8.2.4.46/20100902 found [SPR/QuickBatch.Gen]
Antiy-AVL 2.0.3.7/20100902 found [Trojan/Win32.Delf.gen]
Authentium 5.2.0.5/20100903 found nothing
Avast 4.8.1351.0/20100902 found nothing
Avast5 5.0.594.0/20100902 found nothing
AVG 9.0.0.851/20100902 found [Generic18.FTT]
BitDefender 7.2/20100903 found nothing
CAT-QuickHeal 11.00/20100902 found nothing
ClamAV 0.96.2.0-git/20100902 found [PUA.Crypt.ScriptCryptor]
Comodo 5950/20100903 found [Heur.Packed.Unknown]
DrWeb 5.0.2.03300/20100903 found nothing
Emsisoft 5.0.0.37/20100903 found [Trojan.JS.StartPage!IK]
eSafe 7.0.17.0/20100901 found nothing
eTrust-Vet 36.1.7833/20100902 found nothing
F-Prot 4.6.1.107/20100901 found nothing
F-Secure 9.0.15370.0/20100903 found nothing
Fortinet 4.1.143.0/20100902 found nothing
GData 21/20100903 found nothing
Ikarus T3.1.1.88.0/20100903 found [Trojan.JS.StartPage]
Jiangmin 13.0.900/20100903 found [Trojan/Delf.pbn]
K7AntiVirus 9.63.2424/20100902 found nothing
Kaspersky 7.0.0.125/20100903 found nothing
McAfee 5.400.0.1158/20100903 found nothing
McAfee-GW-Edition 2010.1B/20100903 found nothing
Microsoft 1.6103/20100902 found nothing
NOD32 5419/20100902 found nothing
Norman 6.05.11/20100902 found nothing
nProtect 2010-09-02.01/20100902 found nothing
Panda 10.0.2.7/20100902 found [W32/MSNworm.IX.worm]
PCTools 7.0.3.5/20100903 found nothing
Prevx 3.0/20100903 found nothing
Rising 22.63.03.03/20100902 found nothing
Sophos 4.57.0/20100903 found nothing
Sunbelt 6826/20100902 found nothing
SUPERAntiSpyware 4.40.0.1006/20100903 found nothing
Symantec 20101.1.1.7/20100903 found nothing
TheHacker 6.5.2.1.362/20100903 found nothing
TrendMicro 9.120.0.1004/20100902 found nothing
TrendMicro-HouseCall 9.120.0.1004/20100903 found nothing
VBA32 3.12.14.0/20100902 found [Trojan.Win32.Delf.spj]
ViRobot 2010.8.31.4017/20100902 found nothing
VirusBuster 12.64.15.0/20100902 found nothing
[ notes ]
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
Complete scanning result of "M3Get.exe", processed in VirusTotal at 09/03/2010 04:38:11 (CET).
[ file data ]
* name..: M3Get.exe
* size..: 194048
* md5...: 3298b111296fa97e1aaf41b91cbd4482
* sha1..: 35eecce07b23a083808e52d6b42a41a346207b09
* peid..: -
[ scan result ]
AhnLab-V3 2010.09.03.00/20100903 found nothing
AntiVir 8.2.4.46/20100902 found [SPR/QuickBatch.Gen]
Antiy-AVL 2.0.3.7/20100902 found [Trojan/Win32.Delf.gen]
Authentium 5.2.0.5/20100903 found nothing
Avast 4.8.1351.0/20100902 found nothing
Avast5 5.0.594.0/20100902 found nothing
AVG 9.0.0.851/20100902 found [Generic18.FTT]
BitDefender 7.2/20100903 found nothing
CAT-QuickHeal 11.00/20100902 found nothing
ClamAV 0.96.2.0-git/20100902 found [PUA.Crypt.ScriptCryptor]
Comodo 5950/20100903 found [Heur.Packed.Unknown]
DrWeb 5.0.2.03300/20100903 found nothing
Emsisoft 5.0.0.37/20100903 found [Trojan.JS.StartPage!IK]
eSafe 7.0.17.0/20100901 found nothing
eTrust-Vet 36.1.7833/20100902 found nothing
F-Prot 4.6.1.107/20100901 found nothing
F-Secure 9.0.15370.0/20100903 found nothing
Fortinet 4.1.143.0/20100902 found nothing
GData 21/20100903 found nothing
Ikarus T3.1.1.88.0/20100903 found [Trojan.JS.StartPage]
Jiangmin 13.0.900/20100903 found [Trojan/Delf.pbn]
K7AntiVirus 9.63.2424/20100902 found nothing
Kaspersky 7.0.0.125/20100903 found nothing
McAfee 5.400.0.1158/20100903 found nothing
McAfee-GW-Edition 2010.1B/20100903 found nothing
Microsoft 1.6103/20100902 found nothing
NOD32 5419/20100902 found nothing
Norman 6.05.11/20100902 found nothing
nProtect 2010-09-02.01/20100902 found nothing
Panda 10.0.2.7/20100902 found [W32/MSNworm.IX.worm]
PCTools 7.0.3.5/20100903 found nothing
Prevx 3.0/20100903 found nothing
Rising 22.63.03.03/20100902 found nothing
Sophos 4.57.0/20100903 found nothing
Sunbelt 6826/20100902 found nothing
SUPERAntiSpyware 4.40.0.1006/20100903 found nothing
Symantec 20101.1.1.7/20100903 found nothing
TheHacker 6.5.2.1.362/20100903 found nothing
TrendMicro 9.120.0.1004/20100902 found nothing
TrendMicro-HouseCall 9.120.0.1004/20100903 found nothing
VBA32 3.12.14.0/20100902 found [Trojan.Win32.Delf.spj]
ViRobot 2010.8.31.4017/20100902 found nothing
VirusBuster 12.64.15.0/20100902 found nothing
[ notes ]
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_respon ... 23-0550-99
-
- Site Admin
- Posts: 476
- Joined: Fri Feb 13, 2004 1:05 pm
Looks cool, especially:
AntiVir 8.2.4.46/20100902 found [SPR/QuickBatch.Gen]
- point to the Quick Batch File Compiler
ClamAV 0.96.2.0-git/20100902 found [PUA.Crypt.ScriptCryptor]
- yes, it compiled with ScriptCryptor
VBA32 3.12.14.0/20100902 found [Trojan.Win32.Delf.spj]
- yes, we use the Delphi for Win32
Please understand that this is false positives. AV detect our compiler and mark it as suspicious file because it can be used for virus creation.
AntiVir 8.2.4.46/20100902 found [SPR/QuickBatch.Gen]
- point to the Quick Batch File Compiler
ClamAV 0.96.2.0-git/20100902 found [PUA.Crypt.ScriptCryptor]
- yes, it compiled with ScriptCryptor
VBA32 3.12.14.0/20100902 found [Trojan.Win32.Delf.spj]
- yes, we use the Delphi for Win32
Please understand that this is false positives. AV detect our compiler and mark it as suspicious file because it can be used for virus creation.
-
- Posts: 7
- Joined: Thu Sep 02, 2010 4:24 am
Ok. But what can be done about it? I can't be creating .exe files and installing them on clients machines where there is a potential for their virus software to pick them up as infected.
It has to be something to do with ScriptCryptor because there appears to be so many posts on this forum where virus software is detecting virus's in the .exe files (albeit incorrect).
If there is nothing Abyss can do to fix this, then as good as the software appears to be, it will be of no use to me.
It has to be something to do with ScriptCryptor because there appears to be so many posts on this forum where virus software is detecting virus's in the .exe files (albeit incorrect).
If there is nothing Abyss can do to fix this, then as good as the software appears to be, it will be of no use to me.
-
- Site Admin
- Posts: 476
- Joined: Fri Feb 13, 2004 1:05 pm
-
- Posts: 7
- Joined: Thu Sep 02, 2010 4:24 am
That's all well and good for th AV package that I am using but what about all the other AV packages on the list from Virus Total? What if my clients where I install the .exe files are using a different AV package (which they almost certainly are !!).
Do I have to submit a report to ALL the AV software vendors? That's not really practical is it?
Do I have to submit a report to ALL the AV software vendors? That's not really practical is it?
-
- Site Admin
- Posts: 476
- Joined: Fri Feb 13, 2004 1:05 pm
-
- Posts: 7
- Joined: Thu Sep 02, 2010 4:24 am
-
- Site Admin
- Posts: 476
- Joined: Fri Feb 13, 2004 1:05 pm
-
- Posts: 7
- Joined: Thu Sep 02, 2010 4:24 am
When is this new version likely to be released?
I'm sure you understand that I cannot be installing exe files at clients sites that are going to be reported as infected.
If the new release can't resolve this, then I'm afraid I will be requesting a refund. Which would be a shame because the product is fast, really easy to use and very well priced.
Here's hoping we can get a satisfactory resolution.
I'm sure you understand that I cannot be installing exe files at clients sites that are going to be reported as infected.
If the new release can't resolve this, then I'm afraid I will be requesting a refund. Which would be a shame because the product is fast, really easy to use and very well priced.
Here's hoping we can get a satisfactory resolution.
-
- Site Admin
- Posts: 476
- Joined: Fri Feb 13, 2004 1:05 pm
-
- Site Admin
- Posts: 476
- Joined: Fri Feb 13, 2004 1:05 pm
I have submitted a sample to VirusTotal and got only one false detection
from VBA32 (who is it?):
http://www.virustotal.com/file-scan/rep ... 1284561354
ClamAV detect it as PUA.Crypt.ScriptCryptor (not a virus!)
Panda report about suspicious file
from VBA32 (who is it?):
http://www.virustotal.com/file-scan/rep ... 1284561354
ClamAV detect it as PUA.Crypt.ScriptCryptor (not a virus!)
Panda report about suspicious file