Possible Trojan Virus for DVD43 Driver Agent

vbimport

#1

Beware of the following website.
http://www.runscanner.net/filelibrary/dvd43.sys.html

Driver Agent for DVD43 came up positive for a Trojan virus. Just thought I’d let everyone know. Somewhere I had read led you to believe that the new DVD43 would not work without the driver so that had to be installed with the newest version of DVD43. It stated the old versions had the driver and the new ones don’t

Check it out for yourselves. with caution!


#2

snagel,

Which AV application did you use to scan the file?
Did you double-check the file by uploading to the VirusTotal site?
I am [B]not[/B] saying you are incorrect, but would have been thoughtful if you had posted a bit more information on the apps you used.


#3

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found BackDoor.W32.Delf.aow
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
AhnLab-V3 2008.10.3.2 2008.10.03 -
AntiVir 7.8.1.34 2008.10.03 -
Authentium 5.1.0.4 2008.10.03 -
Avast 4.8.1248.0 2008.10.03 -
AVG 8.0.0.161 2008.10.03 -
BitDefender 7.2 2008.10.03 -
CAT-QuickHeal 9.50 2008.10.03 -
ClamAV 0.93.1 2008.10.02 -
DrWeb 4.44.0.09170 2008.10.03 -
eSafe 7.0.17.0 2008.10.02 Suspicious File
eTrust-Vet 31.6.6127 2008.10.03 -
Ewido 4.0 2008.10.03 -
F-Prot 4.4.4.56 2008.10.03 -
F-Secure 8.0.14332.0 2008.10.03 -
Fortinet 3.113.0.0 2008.10.03 -
GData 19 2008.10.03 -
Ikarus T3.1.1.34.0 2008.10.03 -
K7AntiVirus 7.10.483 2008.10.03 -
Kaspersky 7.0.0.125 2008.10.03 -
McAfee 5397 2008.10.02 -
Microsoft 1.4005 2008.10.03 -
NOD32 3493 2008.10.03 -
Norman 5.80.02 2008.10.03 -
Panda 9.0.0.4 2008.10.03 Suspicious file
PCTools 4.4.2.0 2008.10.03 -
Prevx1 V2 2008.10.03 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.03 -
Sophos 4.34.0 2008.10.03 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.03 -
TheHacker 6.3.1.0.099 2008.10.03 -
TrendMicro 8.700.0.1004 2008.10.03 -
VBA32 3.12.8.6 2008.10.02 -
ViRobot 2008.10.3.1405 2008.10.03 -
VirusBuster 4.5.11.0 2008.10.03 -


#4

Nice list Chewy,
so after examining the results, what’s your verdict on this file?:slight_smile:


#5

I am just a beginning malware expert, and that’s after working on the field for a year

Scanners look for suspicious behavior, many programs load drivers deep in the kernel or early in the boot process

So do rootkits

The installer is not malware, but like sonic filter drivers, packet writting software, game protections, drive emulation, that does not make it safe. Any time you fool windows or mess too deep there’s a chance of hosing something.


#6

[quote=uSerKey;2136205]snagel,

Which AV application did you use to scan the file?
Did you double-check the file by uploading to the VirusTotal site?
I am [B]not[/B] saying you are incorrect, but would have been thoughtful if you had posted a bit more information on the apps you used.[/quote]

uSerKey, I posted this about 5 days after finding it. I use AVG Professionsal, AVG AntiSpware, Malwarebytes Antimalware, SuperAntiSpyware, Adaware 2008, Spybot Search and Destroy, and Spyware blaster.

When I found the problem it did give the the option to heal it. I said yes and it completely removed it from my USB device. Which is a Seagate Palm Drive.

I still have the item in Quarantine and have just left it right there. I will double check and then let everyone know exactly which program identified it.

I did not know where to send it to. I am glad you mentioned Virus Total, because I had totally forgot where I could send it. That is the reason that I posted this and the link where I got it from so that someone who knew where to send it could check it out further.

I am sorry that I did not check it out further but will try and do a lot better next time I find something of this nature.

I will double check the program and the exact indication that I received and report back.

snagel


#7

snagel,

I am sorry that I did not check it out further but will try and do a lot better next time I find something of this nature.

This is something that a good many members should consider. :flower:
I often hit the “Submit Reply” button a bit too quickly and leave out useful information about the issue in my post.:bigsmile:


#8

O.k. here it is as was promised the information was taken straight from the AVG Professional Virus vault information:

Virus name Trojan horse SHeur.CIKZ
date of detection 9/12/08

file name: driveragent_492.exe
file size: 434.69KB

Dated on the 12 September 08. I initially didn’t think it was that long since reporting to CDFreaks. However I hope that it helps.