Jump to content


Photo

trojan.win32.generic.bt! in xp clean express ?


  • Please log in to reply
3 replies to this topic

#1 taplop

taplop

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 September 2010 - 08:17 AM

Hello,

a scan with Ad-Aware (newest version and updates) says that inside the setup file of XP Clean Express is the Trojan trojan.win32.generic.bt!

It is an older version of XP Clean Express but I downloaded the newest from developer too and there it shows the same

Here is what virustotal.com says to the new and the older version (same result):

AhnLab-V3 2010.09.13.00 2010.09.13 -
AntiVir 8.2.4.50 2010.09.13 -
Antiy-AVL 2.0.3.7 2010.09.13 -
Authentium 5.2.0.5 2010.09.13 -
Avast 4.8.1351.0 2010.09.13 -
Avast5 5.0.594.0 2010.09.13 -
AVG 9.0.0.851 2010.09.13 -
BitDefender 7.2 2010.09.13 -
CAT-QuickHeal 11.00 2010.09.13 -
ClamAV 0.96.2.0-git 2010.09.13 -
Comodo 6065 2010.09.13 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.09.13 -
Emsisoft 5.0.0.37 2010.09.13 -
eSafe 7.0.17.0 2010.09.12 -
eTrust-Vet 36.1.7852 2010.09.13 -
F-Prot 4.6.1.107 2010.09.13 -
F-Secure 9.0.15370.0 2010.09.13 -
Fortinet 4.1.143.0 2010.09.13 -
GData 21 2010.09.13 -
Ikarus T3.1.1.88.0 2010.09.13 -
Jiangmin 13.0.900 2010.09.13 -
K7AntiVirus 9.63.2496 2010.09.11 -
Kaspersky 7.0.0.125 2010.09.13 -
McAfee 5.400.0.1158 2010.09.13 Artemis!2090B3F26DF4
McAfee-GW-Edition 2010.1B 2010.09.13 Artemis!2090B3F26DF4
Microsoft 1.6103 2010.09.12 -
NOD32 5446 2010.09.13 -
Norman 6.06.06 2010.09.13 -
nProtect 2010-09-13.02 2010.09.13 -
Panda 10.0.2.7 2010.09.12 -
PCTools 7.0.3.5 2010.09.13 -
Prevx 3.0 2010.09.14 -
Rising 22.65.00.03 2010.09.13 -
Sophos 4.57.0 2010.09.13 Mal/Generic-A
Sunbelt 6868 2010.09.13 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.09.13 -
Symantec 20101.1.1.7 2010.09.13 -
TheHacker 6.7.0.0.016 2010.09.12 -
TrendMicro 9.120.0.1004 2010.09.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.13 -
VBA32 3.12.14.0 2010.09.13 -
ViRobot 2010.8.25.4006 2010.09.13 -
VirusBuster 12.65.2.0 2010.09.12 -

The older version has MD5 8e7d761d073d9f8cca732e05905a2c4f and the newer has MD5 7201c7928fc69412a0aebc448f9f73d0

I can't attach the setup because it is too big but it seems the "setup.exe" inside makes the prolem, so I attached it here

This is what virustotal.com says about the setup.exe

AhnLab-V3 2010.09.13.00 2010.09.13 -
AntiVir 8.2.4.50 2010.09.14 -
Antiy-AVL 2.0.3.7 2010.09.13 -
Authentium 5.2.0.5 2010.09.13 -
Avast 4.8.1351.0 2010.09.13 -
Avast5 5.0.594.0 2010.09.13 -
AVG 9.0.0.851 2010.09.13 -
BitDefender 7.2 2010.09.13 -
CAT-QuickHeal 11.00 2010.09.13 -
ClamAV 0.96.2.0-git 2010.09.13 -
Comodo 6065 2010.09.13 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.09.13 -
Emsisoft 5.0.0.37 2010.09.14 -
eSafe 7.0.17.0 2010.09.12 -
eTrust-Vet 36.1.7852 2010.09.13 -
F-Prot 4.6.1.107 2010.09.13 -
F-Secure 9.0.15370.0 2010.09.13 -
Fortinet 4.1.143.0 2010.09.13 -
GData 21 2010.09.13 -
Ikarus T3.1.1.88.0 2010.09.13 -
Jiangmin 13.0.900 2010.09.13 -
K7AntiVirus 9.63.2496 2010.09.11 Trojan
Kaspersky 7.0.0.125 2010.09.13 -
McAfee 5.400.0.1158 2010.09.13 Artemis!2090B3F26DF4
McAfee-GW-Edition 2010.1B 2010.09.13 Artemis!2090B3F26DF4
Microsoft 1.6103 2010.09.12 -
NOD32 5446 2010.09.13 -
Norman 6.06.06 2010.09.13 -
nProtect 2010-09-13.02 2010.09.13 -
Panda 10.0.2.7 2010.09.12 -
PCTools 7.0.3.5 2010.09.13 -
Prevx 3.0 2010.09.14 High Risk Worm
Rising 22.65.00.03 2010.09.13 -
Sophos 4.57.0 2010.09.13 Mal/Generic-A
Sunbelt 6868 2010.09.13 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.09.13 -
Symantec 20101.1.1.7 2010.09.13 -
TheHacker 6.7.0.0.016 2010.09.12 -
TrendMicro 9.120.0.1004 2010.09.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.13 -
VBA32 3.12.14.0 2010.09.13 -
ViRobot 2010.8.25.4006 2010.09.13 -
VirusBuster 12.65.2.0 2010.09.12 -


I attached the files with zip and password "infected"

Can I send the setup files somehow? They are 4,5 and 5 MB big

Could you please check?

Thanks a lot

Attached Files



#2 LS Anders

LS Anders

    Lavasoft Staff

  • Members
  • PipPipPip
  • 559 posts

Posted 14 September 2010 - 03:08 PM

Hello

Thank you for your report. The file will be removed from detection.


Regards
LS Anders

#3 taplop

taplop

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 September 2010 - 07:41 PM

Hello

I did an update now but the setup.exe is still found as win32.trojandropper.joiner

Is it already in the database or should I try later?

#4 taplop

taplop

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 14 September 2010 - 11:28 PM

I don't want to bother, but I'm insecure now

Could you please tell me if it is false-positve, because I updated some minutes ago and have Version 0150.0087 but still adaware finds win32.trojandropper.joiner in setup.exe (from within xp_express.exe) and trojan.win32.generic.bt! in xp_express.exe (the archive where setup.exe is inside)

do I have to wait for the next or one of the next updates or did I mis something?

thanks for help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users