HELP IS HIGHLY APPRECIATED!
Full Version: Is This A Trojan?
My local lan cable provider has installed this tool on my system (created by them) they say it's to protect their own server and at the same time i can't uninstall because if i do so.. Internet will stop working. I am just kinda doubtful. Can anyone check and confirm if it contains any malicious code? I uploaded the file at jotti most of them are cleared (avg,avast) only few find keylogger. Here is the link to download the setup. http://www.zshare.net/download/10816298427a4f8e/
HELP IS HIGHLY APPRECIATED!
HELP IS HIGHLY APPRECIATED!
Post deleted.
eh? zshare is just a hosting site. I uploaded the file there so people can download and check. I am talking about the program not the site. And yes net does stop working after uninstalling. It's created by them program title is AntiPoisoner and it has their credits. :/
PrevX database has this:
What we know about ANTIPOISONER.EXE:
The filename ANTIPOISONER.EXE was first seen on Apr 7 2008 in PAKISTAN.
The filename ANTIPOISONER.EXE refers to many versions of an executable program.
The most common file size is 202,678 bytes. But the following file sizes have also been seen:
* 210,437 bytes
* 204,707 bytes
The unsafe files using this name are associated with the malware group TROJAN.AGENT.GEN.
These files have no vendor, product or version information specified in the file header.
ANTIPOISONER.EXE has been seen to perform the following behavior(s):
* The Process is packed and/or encrypted using a software packing process
* Executes a Process
* Registers a Dynamic Link Library File
ANTIPOISONER.EXE has been the subject of the following behavior(s):
* Created as a process on disk
* Executed as a Process
Full page here.
There's something about Pakistan origins. Where the heck do you live
And according to the Pakistanian forum here something about denial of service and a virus hitting their DNS clients. Something to think about...
What we know about ANTIPOISONER.EXE:
The filename ANTIPOISONER.EXE was first seen on Apr 7 2008 in PAKISTAN.
The filename ANTIPOISONER.EXE refers to many versions of an executable program.
The most common file size is 202,678 bytes. But the following file sizes have also been seen:
* 210,437 bytes
* 204,707 bytes
The unsafe files using this name are associated with the malware group TROJAN.AGENT.GEN.
These files have no vendor, product or version information specified in the file header.
ANTIPOISONER.EXE has been seen to perform the following behavior(s):
* The Process is packed and/or encrypted using a software packing process
* Executes a Process
* Registers a Dynamic Link Library File
ANTIPOISONER.EXE has been the subject of the following behavior(s):
* Created as a process on disk
* Executed as a Process
Full page here.
There's something about Pakistan origins. Where the heck do you live
And according to the Pakistanian forum here something about denial of service and a virus hitting their DNS clients. Something to think about...
Wow thanks for the valuble information. I live in pakistan too.
I checked AntiPoisoner.exe but mine is only of 198KB. If i remove that program internet doesn't work properly.. Means either slow or won't work at all. Could any of you check the resource like what it contains? i have uploaded the file. That will really relax me! 
I checked AntiPoisoner.exe but mine is only of 198KB. If i remove that program internet doesn't work properly.. Means either slow or won't work at all. Could any of you check the resource like what it contains?
i have uploaded the file. That will really relax me!
Ah good, I was thinking "OMG WTF" if you had this Pakistan file and you were on the other side of the world ;D
I'll have a look at the thing in a sandbox and Returnil.
You might also consider contacting your cable provider and ask why they gave it to you. From that Pakistan forum it sounds like something to prevent denial of service, but then again it might really be dangerous.
I'll let you know the results later
I'll have a look at the thing in a sandbox and Returnil.
You might also consider contacting your cable provider and ask why they gave it to you. From that Pakistan forum it sounds like something to prevent denial of service, but then again it might really be dangerous.
I'll let you know the results later
I'm going to go ahead and move this to Am I Infected?
I based my reply on what information you provided and what the program is according to the link.
Since you have included additional info, I will delete my reply to avoid confusion.
Since you have included additional info, I will delete my reply to avoid confusion.
kyfuser, They say it's to protect their server :/ Waiting for your response thanks!
Awaiting your response, kyfuser! :]
Sorry for being a bit slow, I had to finish homework ;D
Well I just finished it in Returnil and Sandboxie. Although the whole install prograam seemed really suspicious, I couldn't see anything wrong with it.
So unless your ISP providers suddenly turned rogue, the little program won't be doing anything bad to your computer anytime soon
Well I just finished it in Returnil and Sandboxie. Although the whole install prograam seemed really suspicious, I couldn't see anything wrong with it.
So unless your ISP providers suddenly turned rogue, the little program won't be doing anything bad to your computer anytime soon
What is Returnil and Sandboxie? They check the file? Did you check the antipoisoner.exe after installing? If not trojan, What it does actually? So small in size and it cant be that it protects from viruses.
No, they don't check the file. They're a virtual drive for virtual reality XD In other words, it's an isolated environment where you can do anything and not have it affect the rest of the computer, even if something goes wrong. That makes available a huge variety of interesting uses, most of which I immediately realized possibilities of and strongly disapprove of. I'd give you the links but I need to rush through my essay, I'll post them later
There's nothing wrong with the antipoisoner.exe itself, it's just an installation file. And don't think that small files are insignificant, most of the most critical system files (regedit, cmd.exe, etc) are actually pretty small. I don't know exactly how the whole thing screws up your internet if it's installed, so you'll have to delve into that on your own, sorry :\
Hw O.O Will edit later.
There's nothing wrong with the antipoisoner.exe itself, it's just an installation file. And don't think that small files are insignificant, most of the most critical system files (regedit, cmd.exe, etc) are actually pretty small. I don't know exactly how the whole thing screws up your internet if it's installed, so you'll have to delve into that on your own, sorry :\
Hw O.O Will edit later.
iceash.....are you located in Karachi? If yes, which part? Check your C Drive and see if there is a folder named CAP.
Laterz.
Laterz.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.