Found a Trojan (Not)

Report new bugs here, or look at known issues of current and previous releases of UBCD.

Moderators: Icecube, StopSpazzing

Locked
Message
Author
BGH
Posts: 5
Joined: Sun Jan 07, 2007 10:38 pm

Found a Trojan (Not)

#1 Post by BGH » Sun Jan 07, 2007 10:50 pm

I was posting on another forum about an install that I was doing and a budy showed me http://www.ultimatebootcd.com/ . It sounds like a top notch set of tools and I can't wait to ad it to my collection. I'm posting here today as an FYI sort of as a thank you for such great work.


I downloaded UBCD4Win from generalcomputersupport.com and got a
Trojan.PWS.Ras.A

Found it with Bitdefender
Last edited by BGH on Tue Jan 09, 2007 2:40 pm, edited 1 time in total.
Noobe with a cause

Constance
Posts: 338
Joined: Fri Sep 23, 2005 1:21 am
Location: France

#2 Post by Constance » Mon Jan 08, 2007 12:39 am

Well, 2 things :
- these here website and forum are not affiliated in any way with UBCD4Win
- this may be a false positive... but you're not supposed to download UBCD4Win, you're supposed to build it using tools provided. I'd recommend to download from the official website or one of its official mirrors, listed here : http://ubcd4win.com/downloads.htm

Do not trust any other website about this, unless you know it's a website you can trust in general.
You may also compare the md5 hash for the file you already downloaded with the one written on the page I provided a link to, to check if your download is ok or corrupted by any mean...

See also : http://ubcd4win.com/faq.htm#false
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.

BGH
Posts: 5
Joined: Sun Jan 07, 2007 10:38 pm

#3 Post by BGH » Mon Jan 08, 2007 1:10 am

I wasn't sure if it was a false positive since I couldn't find any information
about the Trojan found.

As for building it, I kind of discovered that after I found a disk image.
Thanks for the response.
Noobe with a cause

Constance
Posts: 338
Joined: Fri Sep 23, 2005 1:21 am
Location: France

#4 Post by Constance » Mon Jan 08, 2007 2:01 am

Well, did your anti-virus tell you in which precise file it supposedly had found this trojan ?
Looks like there is something about this particular "trojan" in their FAQ.

Anyway, I downloaded the file from the website you said and checked the MD5 hash using Hashtab : seems ok, so the file isn't corrupted.
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.

baronvonfoxbat7734
Posts: 90
Joined: Thu Sep 29, 2005 5:44 am

#5 Post by baronvonfoxbat7734 » Mon Jan 08, 2007 6:06 am

Due to several of the utilities that are included in the UBCD4Win, many times a year several AV vendors accidentally detect trojans and such when there is none. Another thing that pops up is that some files are flagged as hacktools and some people confuse that for trojans as well. Not that you have, just a info statement.

As Constance mentioned, if in doubt double check the hash before running to double check it has not been tampered with. If it says exactly what file is offensive, you can upload the file to http://virusscan.jotti.org/ and have it check the file against all the other AV vendors out there. Sometimes it is just one that flags that file and sometimes several vendors flag the file. It is a good benchmark to test the file.

BGH
Posts: 5
Joined: Sun Jan 07, 2007 10:38 pm

#6 Post by BGH » Mon Jan 08, 2007 12:15 pm

I believe it was a keystroke logger of some kind. I'll see if I can't find some reference to it. I've had false positives before and no big deal. What made me curious about this one was that windows would not delete it to the recycle bin. I had to use the virus software to yank it out.


k:\temp folder\plugin\system-info\information\keyfinderpe\keyfinder.exe infected: Trojan.PWS.Ras.A

I am not a programmer and what I know about computers can fit into a thimble. By that, I'm saying that I know way more than Forest Gump, but less than a motivated teenager.

Thanks for the help.
Noobe with a cause

baronvonfoxbat7734
Posts: 90
Joined: Thu Sep 29, 2005 5:44 am

#7 Post by baronvonfoxbat7734 » Mon Jan 08, 2007 12:25 pm

keyfinder... gotcha. What that nice little tool is all about is simply allowing you to see what product keys are installed for your MS products and maybe a few others as well. It is not malicious by itself. If in the wrong hands (1337 h4x0rz) it can be used to steal the product keys of valid products and post them on warez sites.

Summary, no worries big buddy on that little gem of a file. It is not going to harm you more than M$ already has. ;-)

-=EDIT=-

It can also be used by SysAdmins to copy out a key that someone has lost the key to. Such as if the system is dead and needs to be rebuilt but the office key is missing, this little tool can get the key to re-install the office product back onto the machine and such. Very handy in those types of situations and of which is why it is included.

BGH
Posts: 5
Joined: Sun Jan 07, 2007 10:38 pm

#8 Post by BGH » Mon Jan 08, 2007 4:23 pm

THank you for the follow up.
Could someone please put false alarm in the thread subject or something so this wonderful piece of work doesn't get an undeserved bad rep.

:oops:
Noobe with a cause

BGH
Posts: 5
Joined: Sun Jan 07, 2007 10:38 pm

#9 Post by BGH » Mon Jan 08, 2007 4:59 pm

Constance wrote:Well, 2 things :
- these here website and forum are not affiliated in any way with UBCD4Win
- this may be a false positive... but you're not supposed to download UBCD4Win, you're supposed to build it using tools provided. I'd recommend to download from the official website or one of its official mirrors, listed here : http://ubcd4win.com/downloads.htm

Do not trust any other website about this, unless you know it's a website you can trust in general.
You may also compare the md5 hash for the file you already downloaded with the one written on the page I provided a link to, to check if your download is ok or corrupted by any mean...

See also : http://ubcd4win.com/faq.htm#false

After doing some reading on one of the links you posted, I realized that the solution was there for me to find. I just didn't look close enough. Thumbs up Cola.
Noobe with a cause

Constance
Posts: 338
Joined: Fri Sep 23, 2005 1:21 am
Location: France

#10 Post by Constance » Tue Jan 09, 2007 11:09 am

:)
BTW I think you can edit the thread title yourself by editing the first message.
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.

Locked