«

[DeathDude]

Sounds like that program or file in question could also be considered spyware, with the terms that are used about downloading malware/trojans, sometimes trojans are grouped into the same category now a days, especially with the extent and damage spyware is causing nowadays.

Anyways did you do a google search on the file/program that was identified? Maybe look around the security forums that are out there and see if anything pops up about said file. If a lot of the major virus programs are saying nothing about the file, then it might just be a false positive. I know back in the day sophos was pretty notorious around the security forums for having a lot of false positives, not sure if thats changed, but might still apply in this case, especially if you are not getting a lot of info about the trojan on other security sites.

[gregor]

nope nothing virus like on the file.

like i said the only worry i have is that it's some home made virus thing that is not identified by virus scans. or is identified by some only through heuristics.

however it gave me back nothing. the pathc.exe seems to be only noCD crack while the other programe only points to copied .nfo text in forums and how to install it :-).

these are dictionaries, but they sell all of them in same package at a very high price. however i only need a few so i decided to go torrenting.

i will try some (anti)virus forums to see what they think. but i think this could well be false positive.

just to think i wouldn't even question it at my own computer with Avira, cause it simply wouldn't recognise it as a virus. :/ and japofran said they have a good recognision. plus i think that if oyu block the programe with firewall form accessing the firewall, how can it download anything malicious?:eek:

[Japo]

Quote:

Originally Posted by gregor

plus i think that if oyu block the programe with firewall form accessing the firewall, how can it download anything malicious?:eek:

True if what the virus tries to do is access the web, a firewall with outbound protection should thwart it. That is, provided the virus doesn't manage to leak through the firewall or kill it outright. :eek: And a firewall will only prevent it from accessing the web, not from formatting your hard drive and the like.

It's probably a false positive, but try to be sure.

[gregor]

this is what i get on virus total:

Antivirus Version Last update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - Generic9.ALQH
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - Trojan-Downloader.Win32.Small.BXA
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - -
Rising - - -
Sophos - - Mal/Dorf-A
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - Packed/FSG
Webwasher-Gateway - - Packer.FSG

as you can see most have -, while other give different names.

[Japo]

I really can't tell more than you can. Quite a bunch of scanners flag it, although at least the most reputable ones don't. Anyway with no less than nine different programs flagging it, it might be unwise to ignore that right away. If the positives are false they must be due to the fishy nature of the crack, even if it's harmful enough. The only thing that could shed further light would be finding someone who really knows his stuff about viruses, I don't think you can find more help here.

[DeathDude]

Yeah for most smaller viruses/worms each virus company tends to come up with a different name for its particular program.

I would also say it looks more like a false positive especially when you have Kaspersky and Nod32 saying nothing about it and they are two of the best right now, I bet it is the nocd crack that is being flagged by these programs, but again some nocd cracks can be infected and or with something nasty, depends where it came from, but if you have had no problems with said nocd crack then its probably fine.

[gregor]

heh, well i downloaded a completely different version of this programme. it's a much older version. and completelly different in size. however the noCD patch is from same person with his .NFO attached on how to use it.

the result is the same with sophos. this time programme came in ZIP form. when i scanned the archive everything was OK. as soon as i unpacked the two files that were giving me problem in other version - BANG! same info.

i found some forums with virus cleaning experts and will try to get some answers there.

[Nick]

Me using AVG too. I discovered with horror, that in our LAN are evil users present, so I decided to get some protection.