Register | Login
BootSkins XP
Cursor FX
Dream
Icon Packager
LogonStudio XP
LogonStudio
Object Dock
Sound Schemes
Suites
WallPapers
WindowBlinds
All

Search
Forum Home | Login
We have re-enabled logins for the forums, please be aware that you may need to reset your password or register for an account again while we continue to restore full functionality.
Gammeldansk
Gammeldansk
Join Date 03/2009
+77

Possible Infected Docklet

April 3, 2009 4:44:46 PM from WinCustomize ForumsWinCustomize Forums

I recently downloaded a mail checking docklet from the ObjectDock Gallery (Docklets section). When I unzipped it, my McAfee Security Centre popped up to inform me that it had detected and safely removed the Banker Trojan. This may or may not have been a coincidence, so I dont think I should name the Docklet here. Perhaps the Moderators might look at all the Mail Checking Docklets in the Gallery (there's not that many) to see what they might find.

Locked Post
Search this post
Advanced Search
Subscription Options
Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Hankers
Join Date 04/2004
+542 moderator
Reply #1 April 3, 2009 5:04:01 PM
from WinCustomize ForumsWinCustomize Forums

This may or may not have been a coincidence, so I dont think I should name the Docklet here.

You can always PM a moderator with the name of the docklet rather than have to hunt-and peck through the list.

 

Check the lower part of the page for PM links - https://forums.wincustomize.com/user/1121551

+2
Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
ZubaZ
Join Date 11/2001
+917
Reply #2 April 3, 2009 5:04:14 PM
from WinCustomize ForumsWinCustomize Forums

Post the url.  Call it a warning until it's confirmed.

+1
Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Gammeldansk
Join Date 03/2009
+77
Reply #3 April 3, 2009 5:40:55 PM
from WinCustomize ForumsWinCustomize Forums

Thanks Hankers and Zubaz for such a quick response. I took the PM route.

Reason for Karma (Optional)
Successfully updated karma reason!

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

Gammeldansk
ZubaZ
Join Date 11/2001
+917
Reply #4 April 3, 2009 6:25:43 PM
from WinCustomize ForumsWinCustomize Forums

Gammeldansk
What AV are you using?  AVG found nothing here.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Gammeldansk
Join Date 03/2009
+77
Reply #5 April 3, 2009 7:05:34 PM
from WinCustomize ForumsWinCustomize Forums

Hi Zubaz. I'm using McAfee Virus Scan 13.3.117 updated today (its a component of McAfee Security Centre preinstalled on my system). I did another download of the docklet in question and ran a scan on the ZIP with the same result - PWS Banker Trojan detected and quarantined. I can understand an antivirus program reporting a false alarm, but why be so specific about the alleged infection's name.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Jafo
Join Date 03/2001
+1800 sdemployee
Reply #6 April 3, 2009 7:11:21 PM
from WinCustomize ForumsWinCustomize Forums

I can understand an antivirus program reporting a false alarm, but why be so specific about the alleged infection's name.

Typically any false-positive confuses a clean file with a specific signature....as is most likely the case here.

My AV shows it as clean [Bitdefender] and it's about as up-to-date as any AV ....it checks for sig updates every hour....eg..

last check 04/04/2009 9.26.24

last update 04/04/2009 8.28.18  [I'm in Australia]...

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Gammeldansk
Join Date 03/2009
+77
Reply #7 April 3, 2009 7:24:46 PM
from WinCustomize ForumsWinCustomize Forums

Guess its a false alarm then. But to be on the safe side I think I'll stick with my Windows Sidebar Mail Notifier - its never failed me. Many thanks for your help Zubaz, Hankers and Jafo.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
zigboom
Join Date 05/2008
+40
Reply #8 April 3, 2009 7:44:20 PM
from WinCustomize ForumsWinCustomize Forums

Just in case you want to be sure... you can upload the file to VirusTotal http://www.virustotal.com/ . It will get scanned with all the top industry antivirus engines and you can see the results ... It's a very good way to know if it's false positive or not.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Gammeldansk
Join Date 03/2009
+77
Reply #9 April 3, 2009 7:46:03 PM
from WinCustomize ForumsWinCustomize Forums

My apologies to the author of the docklet in question. The problem was highlighted in good faith and turned out to be a quirk in the way different AVs report their findings.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
CarGuy1
Join Date 03/2007
+548
Reply #10 April 3, 2009 7:56:06 PM
from WinCustomize ForumsWinCustomize Forums

Check the lower part of the page for PM links

I did not know that. (Saved for future referance)  [e digicons]:karma:[/e]  

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Hankers
Join Date 04/2004
+542 moderator
Reply #11 April 3, 2009 7:57:07 PM
from WinCustomize ForumsWinCustomize Forums

Thank you for posting your concern.  It's always best to check these things out.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
ZubaZ
Join Date 11/2001
+917
Reply #12 April 3, 2009 7:57:34 PM
from WinCustomize ForumsWinCustomize Forums

Better to be safe than sorry.  No harm done.

My AV (AVG) came up blank too.  But then I looked at teh age of teh docklet, the number of downloads, the lack of any other reports of virus activity in the comments and figured it was ok.

Reason for Karma (Optional)
Successfully updated karma reason!
Gammeldansk
Jafo
Join Date 03/2001
+1800 sdemployee
Reply #13 April 4, 2009 9:00:40 AM
from WinCustomize ForumsWinCustomize Forums

Over the years there's been a few uploads here that have raised alarms.....but almost all are found prior to being made public.

As you see there's bound to be the odd one or three that slip through....though they are usually found later due to a signature revision/update.

Commonly they are compression algorithms that are often found also in/with virii...so the alarm[s] go off.

It's always best to let us know if one does....so it can be rechecked and pulled from public if needed....so thanks again, Gammeldansk ....

Reason for Karma (Optional)
Successfully updated karma reason!
View all recent posts
Mark all posts as read Delete cookies created by the forum Return to Top
Stardock Forums v        Server Load Time:   Page Render Time:


Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2025 Stardock. All Rights Reserved.