Jump to content

Trojan warning for Cool2K Codec Pack

chriss
 Share

Recommended Posts

chriss

chriss

Posted
Posted

Hi there,

I found this trojan loader in the recent Codec-Pack from Cool2K (done with clamav):

Scan Started Mon Jul 30 23:13:27 2007
-------------------------------------------------------------------------------


D:\Users\cs\Desktop\Cole2k.Media.-.Codec.Pack.V6.0.9.-Advanced-.32Bit.Setup.exe: Trojan.Downloader.Zlob-545 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 141644
Engine version: 0.91.1
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 1

Data scanned: 0.13 MB
Time: 2.719 sec (0 m 2 s)
--------------------------------------
Completed
--------------------------------------

The download is form www.cole2k.net directly.

Since the guys from cole2k do not seem to be interested in such warnings (on valid email-address on the page, the forum-registration does not work) I try some more serious forums to post this.

Please post this warning in other forums you know

Best regards, Chris


chriss

chriss

Posted
  • Author
Posted

Does not work, virus-total rejects the file because it is too big (about 20MB). But thank you for the suggestion.

Chris

chriss

chriss

Posted
  • Author
Posted

OK, I snipped of the first MB and sent it to virus-total since clamav just scanned 0.13MB and found that trojan.

Here are the results - what do you think?

AhnLab-V3 2007.8.2.0 2007.08.01 -

AntiVir 7.4.0.54 2007.08.01 -

Authentium 4.93.8 2007.08.01 -

Avast 4.7.1029.0 2007.08.01 -

AVG 7.5.0.476 2007.08.01 -

BitDefender 7.2 2007.08.01 -

CAT-QuickHeal 9.00 2007.08.01 -

ClamAV 0.91 2007.08.01 Trojan.Downloader.Zlob-545

DrWeb 4.33 2007.08.01 -

eSafe 7.0.15.0 2007.07.31 suspicious Trojan/Worm

eTrust-Vet 31.1.5024 2007.08.01 -

Ewido 4.0 2007.08.01 -

FileAdvisor 1 2007.08.01 -

Fortinet 2.91.0.0 2007.08.01 -

F-Prot 4.3.2.48 2007.08.01 -

F-Secure 6.70.13030.0 2007.08.01 -

Ikarus T3.1.1.8 2007.08.01 Trojan-Downloader.Win32.Zlob.ni

Kaspersky 4.0.2.24 2007.08.01 -

McAfee 5087 2007.07.31 -

Microsoft 1.2704 2007.08.01 -

NOD32v2 2430 2007.07.31 error occurred while reading archive

Norman 5.80.02 2007.08.01 -

Panda 9.0.0.4 2007.08.01 Suspicious file

Prevx1 V2 2007.08.01 -

Rising 19.34.22.00 2007.08.01 -

Sophos 4.19.0 2007.08.01 -

Sunbelt 2.2.907.0 2007.08.01 -

Symantec 10 2007.08.01 -

TheHacker 6.1.7.160 2007.08.01 -

VBA32 3.12.2.2 2007.07.31 -

VirusBuster 4.3.26:9 2007.08.01 -

Webwasher-Gateway 6.0.1 2007.08.01 Win32.ModifiedUPX.gen!84 (suspicious)

If this es really a trojan-downloader, its either a good one, or most of the scanners are really crap, since Zlob-545 is form 2006 and less than 20 percent found it.

Chris

Tarun

Tarun

Posted
Posted

Looks like a false positive, the few that call it suspicious look like it's due to them being packed by compression such as UPX.

  • 2 weeks later...
  • 5 weeks later...
c-o-l-e

c-o-l-e

Posted
Posted (edited)
Hi there,

I found this trojan loader in the recent Codec-Pack from Cool2K (done with clamav):

Scan Started Mon Jul 30 23:13:27 2007
-------------------------------------------------------------------------------


D:\Users\cs\Desktop\Cole2k.Media.-.Codec.Pack.V6.0.9.-Advanced-.32Bit.Setup.exe: Trojan.Downloader.Zlob-545 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 141644
Engine version: 0.91.1
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 1

Data scanned: 0.13 MB
Time: 2.719 sec (0 m 2 s)
--------------------------------------
Completed
--------------------------------------

The download is form www.cole2k.net directly.

Since the guys from cole2k do not seem to be interested in such warnings (on valid email-address on the page, the forum-registration does not work) I try some more serious forums to post this.

Please post this warning in other forums you know

Best regards, Chris

Hi, I'm Cole, the owner of Cole2k Media.

The warning that you're getting is a false positive.

If you wish to verify, you can do so just by searching google for "NSIS false positive", as this is the base of my installer and uninstaller.

I suggest you look up the reviews of ClamAV to verify constant complaints about false positives and removal of uninstallers for applications already installed on peoples systems, perhaps you should even consider writing a review of your own.

I've been repeatedly posting warnings on my forum about false positives and it is something I do take seriously, but nobody ever seems to bother using the search feature.

Registration on my forum to gain help is easy, provided you aren't using a freemail account to register and the forum doesn't think you're a spammer, hacker, paedophile etc.

http://www.softpedia.com/get/Multimedia/Vi...odec-Pack.shtml < says "100% Clean"

http://www.download.com/Cole2k-Media-Codec...4-10354286.html < says "Tested spyware free" just under the "Download Now" link.

Please post this warning in other forums you know

Promoting hate messages?

Edited by c-o-l-e
  • 5 months later...
Klinggon22

Klinggon22

Posted
Posted

Cole from Cole2k Media, your codec packs are not infected at all have been using then for a long time. Pluse the Codec pack they are speaking about is "Cool2k" not Cole2k.

Keep up the great work.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...