Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller.exe & RogueKillerX64.exe - has Virus?


  • Please log in to reply
4 replies to this topic

#1 signal-vol

signal-vol

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 29 April 2013 - 01:47 PM

I ran a scan on RogueKiller.exe (32bit) and RogueKillerX64.exe (64bit) on VirusTotal. Each was reported to have virus.

 

For RogueKiller.exe TrendMicro-HouseCall  reported  TROJ_GEN.F47V0319

 

And for RogueKillerX64.exe McAfee-GW-Edition  reported Heuristic.BehavesLike.Win32.Suspicious-BAY.G

 

Does truly know if these determinations are false positives?

 

Thanks

 

Signal-Vol

 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:13 PM

Posted 29 April 2013 - 05:31 PM

Hello -

Can you Copy / Paste your results from Virus Total - Most likely a F/Pos as Trend will pick up many tools as infections.

Re-run it on Jotti or another similar checking site -

 

I just ran it and had no reaction -

 

Thank You -



#3 signal-vol

signal-vol
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 30 April 2013 - 07:45 PM

I downloaded the files from     http://tigzy.geekstogo.com/roguekiller.php

 

VirusTotal found  a virus for  the 32 bit and suspicious for the 64 bit.

Jotti found Win32:packer for the 32 bit and clean for the 64 bit (didn't post)

 

The Jotti post is converted to words by Notebook ++ because I can't post pics on the board.

 

It is interesting that on VirusTotal Trend Micro HouseCall found a virus and on Jotti Trend Micro Antivirus did not.

 

I appreciate the help.

 

 

 

 

 

VirusTotal

 

 

SHA256:

 

 

48ef0b014188d44411c32617ce62840e8ee86367dd75c3a9a6094e20e882da9e

File name: RogueKiller Detection ratio: 1 / 46 Analysis date: 2013-04-30 20:31:07 UTC ( 0 minutes ago )
 
More details
Antivirus Result Update Agnitum   20130430 AhnLab-V3   20130430 AntiVir   20130430 Antiy-AVL   20130430 Avast   20130430 AVG   20130430 BitDefender   20130430 ByteHero   20130430 CAT-QuickHeal   20130430 ClamAV   20130430 Commtouch   20130430 Comodo   20130430 DrWeb   20130430 Emsisoft   20130430 eSafe   20130423 ESET-NOD32   20130430 F-Prot   20130430 F-Secure   20130430 Fortinet   20130430 GData   20130430 Ikarus   20130430 Jiangmin   20130430 K7AntiVirus   20130430 K7GW   20130430 Kaspersky   20130430 Kingsoft   20130422 Malwarebytes   20130430 McAfee   20130430 McAfee-GW-Edition   20130430 Microsoft   20130430 MicroWorld-eScan   20130430 NANO-Antivirus   20130430 Norman   20130430 nProtect   20130430 Panda   20130430 PCTools   20130430 Sophos   20130430 SUPERAntiSpyware   20130430 Symantec   20130430 TheHacker   20130430 TotalDefense   20130430 TrendMicro   20130430 TrendMicro-HouseCall TROJ_GEN.F47V0319 20130430 VBA32   20130430 VIPRE   20130430 ViRobot   20130430
 
 
 
 

 

VirusTotal

 

 

SHA256:

 

 

 

 

dee73e429468ede4f4f918ad62116bab690e82f8228c610ca75e86de88495cfa

File name: RogueKiller Detection ratio: 1 / 46 Analysis date: 2013-04-30 20:41:02 UTC ( 0 minutes ago )
 
More details
Antivirus Result Update Agnitum   20130430 AhnLab-V3   20130430 AntiVir   20130430 Antiy-AVL   20130430 Avast   20130430 AVG   20130430 BitDefender   20130430 ByteHero   20130425 CAT-QuickHeal   20130430 ClamAV   20130430 Commtouch   20130430 Comodo   20130430 DrWeb   20130430 Emsisoft   20130430 eSafe   20130423 ESET-NOD32   20130430 F-Prot   20130430 F-Secure   20130430 Fortinet   20130430 GData   20130430 Ikarus   20130430 Jiangmin   20130430 K7AntiVirus   20130430 K7GW   20130430 Kaspersky   20130430 Kingsoft   20130422 Malwarebytes   20130430 McAfee   20130430 McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20130430 Microsoft   20130430 MicroWorld-eScan   20130430 NANO-Antivirus   20130430 Norman   20130430 nProtect   20130430 Panda   20130430 PCTools   20130430 Sophos   20130430 SUPERAntiSpyware   20130430 Symantec   20130430 TheHacker   20130430 TotalDefense   20130430 TrendMicro   20130430 TrendMicro-HouseCall   20130430 VBA32   20130430 VIPRE   20130430 ViRobot   20130430

 
Jotti's malware scan

Filename:     RogueKiller.exe
Status:     
Scan finished. 1 out of 22 scanners reported malware.
Scan taken on:      Tue 30 Apr 2013 22:47:32 (CET) Permalink

Additional info
File size:     816128 bytes
Filetype:     PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5:     1cd51ae9bceac9f0cee159821a1817b8
SHA1:     2937f79b72c7bcf74966ee7359b46bcd21b38898
Packer (Avast):     UPX
Packer (Drweb):     UPX, BINARYRES
Packer (Kaspersky):     UPX

Scanners
[ArcaVir] 2013-04-30                                        Found nothing
[Frisk F-Prot Antivirus] 2013-04-30                  Found nothing
[Avast! antivirus] 2013-04-30                           Found nothing
[F-Secure Anti-Virus] 2013-04-30                    Found nothing
[Grisoft AVG Anti-Virus] 2013-04-30                Found nothing
[G DATA]2013-04-30                                       Found nothing
[Avira AntiVir] 2013-04-30                               Found nothing
[Ikarus] 2013-04-30                                         Found nothing
[Softwin BitDefender] 2013-04-30                   Found nothing
[Kaspersky Anti-Virus] 2013-04-30                 Found nothing
[ClamAV]2013-04-30                                      PUA.Win32.Packer.Upx-28
[Panda Antivirus] 2013-04-30                         Found nothing
[CPsecure]2013-04-28                                   Found nothing
[Quick Heal] 2013-04-30                                Found nothing
[Dr.Web] 2013-04-30                                      Found nothing
[Sophos] 2013-04-30                                      Found nothing
[MicroWorld eScan]2013-04-30                      Found nothing
[Trend Micro Antivirus] 2013-04-29                 Found nothing
[ESET] 2013-04-30                                         Found nothing
[VirusBlokAda VBA32] 2013-04-30                  Found nothing
[Fortinet] 2013-04-30                                     Found nothing
[VirusBuster] 2013-04-30                                Found nothing

Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2012 Jotti <jotti@jotti.org>

 

 
 
 
 
 



 


#4 signal-vol

signal-vol
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 30 April 2013 - 08:37 PM

So much for copying from VirusTotal. Below is via Notepad++

 

 

VirusTotal

 

SHA256:         48ef0b014188d44411c32617ce62840e8ee86367dd75c3a9a6094e20e882da9e

File name:        RogueKiller

Detection ratio:           1 / 46

Analysis date:             2013-05-01 00:47:12 UTC ( 0 minutes ago )

 

 

Antivirus                  Result                                         Update

Agnitum                                                                      20130430

AhnLab-V3                                                                 20130430

AntiVir                                                                        20130430

Antiy-AVL                                                                 20130430

Avast                                                                           20130501

AVG                                                                           20130430

BitDefender                                                                20130501

ByteHero                                                                    20130430

CAT-QuickHeal                                                          20130430

ClamAV                                                                      20130430

Commtouch                                                                20130501

Comodo                                                                      20130430

DrWeb                                                                        20130501

Emsisoft                                                                      20130501

eSafe                                                                           20130423

ESET-NOD32                                                            20130430

F-Prot                                                                          20130501

F-Secure                                                                      20130501

Fortinet                                                                       20130501

GData                                                                                     20130501

Ikarus                                                                          20130501

Jiangmin                                                                      20130430

K7AntiVirus                                                               20130430

K7GW                                                                        20130430

Kaspersky                                                                   20130430

Kingsoft                                                                      20130422

Malwarebytes                                                              20130501

McAfee                                                                       20130501

McAfee-GW-Edition                                                  20130430

Microsoft                                                                    20130501

MicroWorld-eScan                                                      20130501

NANO-Antivirus                                                        20130430

Norman                                                                       20130430

nProtect                                                                       20130430

Panda                                                                          20130430

PCTools                                                                      20130430

Sophos                                                                        20130501

SUPERAntiSpyware                                                  20130501

Symantec                                                                    20130501

TheHacker                                                                   20130430

TotalDefense                                                               20130501

TrendMicro                                                                 20130501

TrendMicro-HouseCall           TROJ_GEN.F47V0319          20130501

VBA32                                                                       20130430

VIPRE                                                                        20130501

ViRobot                                                                      20130430

 

Blog | Twitter | contact@virustotal.com | Google groups | ToS | Privacy policy

 

 

 

 

 

 

 

VirusTotal

 

SHA256:         dee73e429468ede4f4f918ad62116bab690e82f8228c610ca75e86de88495cfa

File name:        RogueKillerX64

Detection ratio:           1 / 46

Analysis date:             2013-05-01 00:58:25 UTC ( 1 minute ago )

 

 

Antivirus                                 Result                                                                          Update

Agnitum                                                                                                                                  20130430

AhnLab-V3                                                                                                                             20130430

AntiVir                                                                                                                                    20130430

Antiy-AVL                                                                                                                             20130430

Avast                                                                                                                                       20130501

AVG                                                                                                                                       20130430

BitDefender                                                                                                                            20130501

ByteHero                                                                                                                                20130424

CAT-QuickHeal                                                                                                                      20130430

ClamAV                                                                                                                                  20130430

Commtouch                                                                                                                            20130501

Comodo                                                                                                                                  20130430

DrWeb                                                                                                                                    20130501

Emsisoft                                                                                                                                  20130501

eSafe                                                                                                                                       20130423

ESET-NOD32                                                                                                                        20130430

F-Prot                                                                                                                                      20130501

F-Secure                                                                                                                                  20130501

Fortinet                                                                                                                                   20130501

GData                                                                                                                                                 20130501

Ikarus                                                                                                                                      20130501

Jiangmin                                                                                                                                  20130430

K7AntiVirus                                                                                                                           20130430

K7GW                                                                                                                                    20130430

Kaspersky                                                                                                                               20130430

Kingsoft                                                                                                                                  20130422

Malwarebytes                                                                                                                          20130501

McAfee                                                                                                                                   20130501

McAfee-GW-Edition              Heuristic.BehavesLike.Win32.Suspicious-BAY.G               20130430

Microsoft                                                                                                                                20130501

MicroWorld-eScan                                                                                                                  20130501

NANO-Antivirus                                                                                                                    20130501

Norman                                                                                                                                   20130430

nProtect                                                                                                                                   20130430

Panda                                                                                                                                      20130430

PCTools                                                                                                                                  20130430

Sophos                                                                                                                                    20130501

SUPERAntiSpyware                                                                                                              20130501

Symantec                                                                                                                                20130501

TheHacker                                                                                                                               20130430

TotalDefense                                                                                                                           20130501

TrendMicro                                                                                                                             20130501

TrendMicro-HouseCall                                                                                                           20130501

VBA32                                                                                                                                   20130430

VIPRE                                                                                                                                    20130501

ViRobot                                                                                                                                  20130430

 

Blog | Twitter | contact@virustotal.com | Google groups | ToS | Privacy policy



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:13 AM

Posted 01 May 2013 - 12:54 PM

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users