chriss Posted July 31, 2007 Share Posted July 31, 2007 Hi there,I found this trojan loader in the recent Codec-Pack from Cool2K (done with clamav):Scan Started Mon Jul 30 23:13:27 2007-------------------------------------------------------------------------------D:\Users\cs\Desktop\Cole2k.Media.-.Codec.Pack.V6.0.9.-Advanced-.32Bit.Setup.exe: Trojan.Downloader.Zlob-545 FOUND----------- SCAN SUMMARY -----------Known viruses: 141644Engine version: 0.91.1Scanned directories: 0Scanned files: 1Skipped non-executable files: 0Infected files: 1Data scanned: 0.13 MBTime: 2.719 sec (0 m 2 s)--------------------------------------Completed--------------------------------------The download is form www.cole2k.net directly.Since the guys from cole2k do not seem to be interested in such warnings (on valid email-address on the page, the forum-registration does not work) I try some more serious forums to post this.Please post this warning in other forums you knowBest regards, Chris Link to comment Share on other sites More sharing options...
Tarun Posted August 1, 2007 Share Posted August 1, 2007 Upload it to virus-total and check it there. Link to comment Share on other sites More sharing options...
chriss Posted August 1, 2007 Author Share Posted August 1, 2007 Does not work, virus-total rejects the file because it is too big (about 20MB). But thank you for the suggestion.Chris Link to comment Share on other sites More sharing options...
chriss Posted August 1, 2007 Author Share Posted August 1, 2007 OK, I snipped of the first MB and sent it to virus-total since clamav just scanned 0.13MB and found that trojan.Here are the results - what do you think?AhnLab-V3 2007.8.2.0 2007.08.01 -AntiVir 7.4.0.54 2007.08.01 -Authentium 4.93.8 2007.08.01 -Avast 4.7.1029.0 2007.08.01 -AVG 7.5.0.476 2007.08.01 -BitDefender 7.2 2007.08.01 -CAT-QuickHeal 9.00 2007.08.01 -ClamAV 0.91 2007.08.01 Trojan.Downloader.Zlob-545DrWeb 4.33 2007.08.01 -eSafe 7.0.15.0 2007.07.31 suspicious Trojan/WormeTrust-Vet 31.1.5024 2007.08.01 -Ewido 4.0 2007.08.01 -FileAdvisor 1 2007.08.01 -Fortinet 2.91.0.0 2007.08.01 -F-Prot 4.3.2.48 2007.08.01 -F-Secure 6.70.13030.0 2007.08.01 -Ikarus T3.1.1.8 2007.08.01 Trojan-Downloader.Win32.Zlob.niKaspersky 4.0.2.24 2007.08.01 -McAfee 5087 2007.07.31 -Microsoft 1.2704 2007.08.01 -NOD32v2 2430 2007.07.31 error occurred while reading archiveNorman 5.80.02 2007.08.01 -Panda 9.0.0.4 2007.08.01 Suspicious filePrevx1 V2 2007.08.01 -Rising 19.34.22.00 2007.08.01 -Sophos 4.19.0 2007.08.01 -Sunbelt 2.2.907.0 2007.08.01 -Symantec 10 2007.08.01 -TheHacker 6.1.7.160 2007.08.01 -VBA32 3.12.2.2 2007.07.31 -VirusBuster 4.3.26:9 2007.08.01 -Webwasher-Gateway 6.0.1 2007.08.01 Win32.ModifiedUPX.gen!84 (suspicious)If this es really a trojan-downloader, its either a good one, or most of the scanners are really crap, since Zlob-545 is form 2006 and less than 20 percent found it.Chris Link to comment Share on other sites More sharing options...
Tarun Posted August 1, 2007 Share Posted August 1, 2007 Looks like a false positive, the few that call it suspicious look like it's due to them being packed by compression such as UPX. Link to comment Share on other sites More sharing options...
bonestonne Posted August 10, 2007 Share Posted August 10, 2007 i use the Cole2kMedia pack Advanced, i use Avast, and never had an issue with it. Link to comment Share on other sites More sharing options...
c-o-l-e Posted September 9, 2007 Share Posted September 9, 2007 (edited) Hi there,I found this trojan loader in the recent Codec-Pack from Cool2K (done with clamav):Scan Started Mon Jul 30 23:13:27 2007-------------------------------------------------------------------------------D:\Users\cs\Desktop\Cole2k.Media.-.Codec.Pack.V6.0.9.-Advanced-.32Bit.Setup.exe: Trojan.Downloader.Zlob-545 FOUND----------- SCAN SUMMARY -----------Known viruses: 141644Engine version: 0.91.1Scanned directories: 0Scanned files: 1Skipped non-executable files: 0Infected files: 1Data scanned: 0.13 MBTime: 2.719 sec (0 m 2 s)--------------------------------------Completed--------------------------------------The download is form www.cole2k.net directly.Since the guys from cole2k do not seem to be interested in such warnings (on valid email-address on the page, the forum-registration does not work) I try some more serious forums to post this.Please post this warning in other forums you knowBest regards, ChrisHi, I'm Cole, the owner of Cole2k Media.The warning that you're getting is a false positive.If you wish to verify, you can do so just by searching google for "NSIS false positive", as this is the base of my installer and uninstaller.I suggest you look up the reviews of ClamAV to verify constant complaints about false positives and removal of uninstallers for applications already installed on peoples systems, perhaps you should even consider writing a review of your own.I've been repeatedly posting warnings on my forum about false positives and it is something I do take seriously, but nobody ever seems to bother using the search feature.Registration on my forum to gain help is easy, provided you aren't using a freemail account to register and the forum doesn't think you're a spammer, hacker, paedophile etc.http://www.softpedia.com/get/Multimedia/Vi...odec-Pack.shtml < says "100% Clean"http://www.download.com/Cole2k-Media-Codec...4-10354286.html < says "Tested spyware free" just under the "Download Now" link.Please post this warning in other forums you knowPromoting hate messages? Edited September 9, 2007 by c-o-l-e Link to comment Share on other sites More sharing options...
Klinggon22 Posted March 8, 2008 Share Posted March 8, 2008 Cole from Cole2k Media, your codec packs are not infected at all have been using then for a long time. Pluse the Codec pack they are speaking about is "Cool2k" not Cole2k.Keep up the great work. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now