Trojan warning for Cool2K Codec Pack

**chriss** · July 31, 2007

Hi there,

I found this trojan loader in the recent Codec-Pack from Cool2K (done with clamav):

Scan Started Mon Jul 30 23:13:27 2007
-------------------------------------------------------------------------------


D:\Users\cs\Desktop\Cole2k.Media.-.Codec.Pack.V6.0.9.-Advanced-.32Bit.Setup.exe: Trojan.Downloader.Zlob-545 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 141644
Engine version: 0.91.1
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 1

Data scanned: 0.13 MB
Time: 2.719 sec (0 m 2 s)
--------------------------------------
Completed
--------------------------------------

The download is form www.cole2k.net directly.

Since the guys from cole2k do not seem to be interested in such warnings (on valid email-address on the page, the forum-registration does not work) I try some more serious forums to post this.

Please post this warning in other forums you know

Best regards, Chris

**Tarun** · August 1, 2007

Upload it to virus-total and check it there.

**chriss** · August 1, 2007

Does not work, virus-total rejects the file because it is too big (about 20MB). But thank you for the suggestion.

Chris

**chriss** · August 1, 2007

OK, I snipped of the first MB and sent it to virus-total since clamav just scanned 0.13MB and found that trojan.

Here are the results - what do you think?

AhnLab-V3 2007.8.2.0 2007.08.01 -

AntiVir 7.4.0.54 2007.08.01 -

Authentium 4.93.8 2007.08.01 -

Avast 4.7.1029.0 2007.08.01 -

AVG 7.5.0.476 2007.08.01 -

BitDefender 7.2 2007.08.01 -

CAT-QuickHeal 9.00 2007.08.01 -

ClamAV 0.91 2007.08.01 Trojan.Downloader.Zlob-545

DrWeb 4.33 2007.08.01 -

eSafe 7.0.15.0 2007.07.31 suspicious Trojan/Worm

eTrust-Vet 31.1.5024 2007.08.01 -

Ewido 4.0 2007.08.01 -

FileAdvisor 1 2007.08.01 -

Fortinet 2.91.0.0 2007.08.01 -

F-Prot 4.3.2.48 2007.08.01 -

F-Secure 6.70.13030.0 2007.08.01 -

Ikarus T3.1.1.8 2007.08.01 Trojan-Downloader.Win32.Zlob.ni

Kaspersky 4.0.2.24 2007.08.01 -

McAfee 5087 2007.07.31 -

Microsoft 1.2704 2007.08.01 -

NOD32v2 2430 2007.07.31 error occurred while reading archive

Norman 5.80.02 2007.08.01 -

Panda 9.0.0.4 2007.08.01 Suspicious file

Prevx1 V2 2007.08.01 -

Rising 19.34.22.00 2007.08.01 -

Sophos 4.19.0 2007.08.01 -

Sunbelt 2.2.907.0 2007.08.01 -

Symantec 10 2007.08.01 -

TheHacker 6.1.7.160 2007.08.01 -

VBA32 3.12.2.2 2007.07.31 -

VirusBuster 4.3.26:9 2007.08.01 -

Webwasher-Gateway 6.0.1 2007.08.01 Win32.ModifiedUPX.gen!84 (suspicious)

If this es really a trojan-downloader, its either a good one, or most of the scanners are really crap, since Zlob-545 is form 2006 and less than 20 percent found it.

Chris

**Tarun** · August 1, 2007

Looks like a false positive, the few that call it suspicious look like it's due to them being packed by compression such as UPX.

**bonestonne** · August 10, 2007

i use the Cole2kMedia pack Advanced, i use Avast, and never had an issue with it.

**c-o-l-e** · September 9, 2007

Hi there,
I found this trojan loader in the recent Codec-Pack from Cool2K (done with clamav):
Scan Started Mon Jul 30 23:13:27 2007
-------------------------------------------------------------------------------


D:\Users\cs\Desktop\Cole2k.Media.-.Codec.Pack.V6.0.9.-Advanced-.32Bit.Setup.exe: Trojan.Downloader.Zlob-545 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 141644
Engine version: 0.91.1
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 1

Data scanned: 0.13 MB
Time: 2.719 sec (0 m 2 s)
--------------------------------------
Completed
--------------------------------------
The download is form www.cole2k.net directly.
Since the guys from cole2k do not seem to be interested in such warnings (on valid email-address on the page, the forum-registration does not work) I try some more serious forums to post this.
Please post this warning in other forums you know
Best regards, Chris

Hi, I'm Cole, the owner of Cole2k Media.

The warning that you're getting is a false positive.

If you wish to verify, you can do so just by searching google for "NSIS false positive", as this is the base of my installer and uninstaller.

I suggest you look up the reviews of ClamAV to verify constant complaints about false positives and removal of uninstallers for applications already installed on peoples systems, perhaps you should even consider writing a review of your own.

I've been repeatedly posting warnings on my forum about false positives and it is something I do take seriously, but nobody ever seems to bother using the search feature.

Registration on my forum to gain help is easy, provided you aren't using a freemail account to register and the forum doesn't think you're a spammer, hacker, paedophile etc.

http://www.softpedia.com/get/Multimedia/Vi...odec-Pack.shtml < says "100% Clean"

http://www.download.com/Cole2k-Media-Codec...4-10354286.html < says "Tested spyware free" just under the "Download Now" link.

Please post this warning in other forums you know

Promoting hate messages?

Edited September 9, 2007 by c-o-l-e

**Klinggon22** · March 8, 2008

Cole from Cole2k Media, your codec packs are not infected at all have been using then for a long time. Pluse the Codec pack they are speaking about is "Cool2k" not Cole2k.

Keep up the great work.

Sign In

Trojan warning for Cool2K Codec Pack

Recommended Posts

chriss

Link to comment

Share on other sites

Tarun

Link to comment

Share on other sites

chriss

Link to comment

Share on other sites

chriss

Link to comment

Share on other sites

Tarun

Link to comment

Share on other sites

bonestonne

Link to comment

Share on other sites

c-o-l-e

Link to comment

Share on other sites

Klinggon22

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Activity

Browse