SPYWARE Detected in some of the ADDON Packs from KEL W/Proof

Discuss & post Update Pack addons here.
Locked
Jaleelmalik
Posts: 3
Joined: Fri Mar 31, 2006 3:50 pm

SPYWARE Detected in some of the ADDON Packs from KEL W/Proof

Post by Jaleelmalik » Fri Mar 31, 2006 9:59 pm

Virus Detected In Following Addons/Files

Virus Detected in following addons using

Panda Internet Security 2006
Updated 2nd April 2006

Proofs are given here

http://www.qasim-ul-uloom.com/vp/virusproof1.jpg
http://www.qasim-ul-uloom.com/vp/virusproof2.jpg



Virus Name Addon Pack

Bck/Bandok.AG Msn Messenger 7.5.cab[msnsc.ex_][msnsc.exe]
Bck/Bandok.AG Kels_Uber_Addon_v6.3.CAB[Uberpack.cab][Dgfix.exe]
Bck/Bandok.AG Kels_Uber_Addon_v6.2.CAB[Uberpack.cab][Dgfix.exe]
Bck/Bandok.AG Kels_Uber_Addon_v6.1.CAB[Uberpack.cab][Dgfix.exe]
Bck/Bandok.AG Kels_lite_addon_v1.8.cab[Litepack.cab][Dgfix.exe]
Bck/Bandok.AG Kels_lite_addon_v1.7.cab[Litepack.cab][Dgfix.exe]
Bck/Bandok.AG kels_Uber_Addon_v6.7.CAB[Uberpack.cab][Dgfix.exe]
Bck/Bandok.AG Kels_Uber_Addon_v6.7\Uberpack.cab[Dgfix.exe]
Bck/Bandok.AG Kels_Uber_Addon_v6.7\Uberpack\Dgfix.exe
Last edited by Jaleelmalik on Sun Apr 02, 2006 3:23 am, edited 3 times in total.

User avatar
5eraph
Site Admin
Posts: 4621
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Fri Mar 31, 2006 10:16 pm

Please be more specific and provide the name of your antivirus and when it was last updated.

I think it's highly likely that you're getting a false positive considering that most of the files you list are from Kel's most popular addons and ranging from a large time period. No one else seems to have reported it. Are you using Kapersky?

User avatar
Kelsenellenelvian
Moderator
Posts: 4383
Joined: Tue Nov 30, 2004 8:32 pm
Location: Pocatello, ID
Contact:

Post by Kelsenellenelvian » Fri Mar 31, 2006 11:22 pm

Nod32 reports as clean. Ask dgelwins but I do believe Dgfix is either a compiled auto-it file or a compilied .bat file and it is pretty widely known that some anti-virus progs don't like compiled files because they can't read them right.

Nologic
Posts: 63
Joined: Wed Nov 02, 2005 7:37 pm

Post by Nologic » Sat Apr 01, 2006 1:38 am

hmm first off virus's are not spyware. ;)

I don't know about compiled bat files but I do know about compiled autoit scripts...the compression used on them, is what flags them as a virus...since its the same compression type that many virus writers use...so if dgfix.exe is a compiled autoit script your virus software is being cheesy about what it calls a virus.

Any ways you're being a tad dramatic with the big red lettering.

Tell you what go grab one of my scripts over at MSFN compile it and see if it tests as a virus, if it does then I'd say you need to get a different virus scanner...since you can read the source code and see there is nothing wrong with it. :)

Draknar
Posts: 25
Joined: Fri Mar 24, 2006 3:55 pm
Location: Twin Ports

Post by Draknar » Sat Apr 01, 2006 2:37 am

It's false report.

Had same thing but found out that it be false.

But large red lettering is little too much.

Image
Last edited by Draknar on Sun Apr 02, 2006 7:14 am, edited 2 times in total.

User avatar
Kelsenellenelvian
Moderator
Posts: 4383
Joined: Tue Nov 30, 2004 8:32 pm
Location: Pocatello, ID
Contact:

Post by Kelsenellenelvian » Sat Apr 01, 2006 5:30 am

As you can see from Draknar's post it is a compiled batch file that was compiled with Quick Batch File Compiler. It is not password protected or anything and you are free to de-compile it yourself and see what the contents are... The red is waaaay too much and I understand your concern so please calm down.
Last edited by Kelsenellenelvian on Sat Apr 01, 2006 5:46 am, edited 1 time in total.

User avatar
Kelsenellenelvian
Moderator
Posts: 4383
Joined: Tue Nov 30, 2004 8:32 pm
Location: Pocatello, ID
Contact:

Post by Kelsenellenelvian » Sat Apr 01, 2006 5:40 am

P.S. This --> Msn Messenger 7.5.cab <-- is not MINE!

User avatar
5eraph
Site Admin
Posts: 4621
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Sat Apr 01, 2006 5:58 am

I did see the guy pop in shortly after I replied, but not since. I think we scared him off...

It's too bad though, I would have liked to know which AV he was using and who that MSN Messenger addon belongs to.

Any ideas? A forum search doesn't bring up that CAB file.

And why bother posting AV scans of old addons?

User avatar
boooggy
Posts: 1297
Joined: Tue Aug 16, 2005 2:20 am
Location: Bucharest, Romania

Post by boooggy » Sat Apr 01, 2006 6:35 am

i think msn messenger belongs to dgelwin....

User avatar
Kelsenellenelvian
Moderator
Posts: 4383
Joined: Tue Nov 30, 2004 8:32 pm
Location: Pocatello, ID
Contact:

Post by Kelsenellenelvian » Sat Apr 01, 2006 6:40 am


User avatar
RyanVM
Site Admin
Posts: 5190
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sat Apr 01, 2006 9:14 am

....riiiiiiight
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

User avatar
ton80
Posts: 211
Joined: Mon Mar 07, 2005 3:10 am

Post by ton80 » Sun Apr 02, 2006 7:05 am

@ Jaleelmalik
You could have just PMed Kelsenellenelvian which is what I did when I got a report. We discovered that it was false. All quiet and private.
Saves being :oops: :oops: :oops: in public. Maybe you should use more than one AV product as a standby. You know- get a second or third opinion!!!

BTW, Kelsenellenelvian, thanks again for being gentle with me on that above-mentioned subject a few months ago.
Ton80

User avatar
Kelsenellenelvian
Moderator
Posts: 4383
Joined: Tue Nov 30, 2004 8:32 pm
Location: Pocatello, ID
Contact:

Post by Kelsenellenelvian » Sun Apr 02, 2006 8:15 am

Well I am locking this thread now. I have removed dgfix from version 7 of my pack so no more issues with it.

Locked