Trojan TR/Dldr.Bafis.2 found in ratDVD 0.7.1235

vbimport

#1

Today I scanned my PC with AntiVir (http://www.free-av.de). It found the following in the folder with ratDVD 0.7.1235:

C:\Program Files\ratDVD\imdbquery
imdbexport.dll
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
C:\Program Files\ratDVD\XEB
BD5GNS.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
FCFolder.dll
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
FCZip.dll
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
TRLDRP6.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
xebdec.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
xebdmp.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
xebdmx.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
XEBFCL.AX
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
xebmpg.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
xebmux.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
XEBRPK.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
XEBTCD.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2
XEBTCI.ax
[FUND!] Ist das Trojanische Pferd TR/Dldr.Bafis.2

The trojan was found ONLY in the ratDVD directory. Somebody who still has ratDVD 0.7.1235 check it, please. And please check the new version as well, because now I’m afraid to download it.


#2

same here!!! During installation AntiVir beeped a lot and always came up with trojans. Please confirm or deny!!!

Best regards, Johannes.


#3

Same here.
After updating Antivir XP yesterday it says Trojan
TR/Dldr.Bafis.2 found.

I am using ratDVD 0.7.1239.

I tried to find some informations about TR/Dldr.Bafis.2
on the internet but google couldn’t find anything.
Even Antivir does not provide any kind of infos about
this Trojan at its website.
:confused:


#4

It would be great if someone with other antivirus software (but with the latest bases) checks it. I checked my PC again with RootkitRevealer (http://www.sysinternals.com) and it found a whole bunch of infested files in the System Volume Information folder, which, by the way, were all a system restore backup of ratDVD. The files were “Visible in Windows API, but not in MFT or directory index.” - so RootkitRevealer.


#5

Say I am having the same problem, but my avast home anti virus v4.6 with latest updates is going nuts saying I have W32 worm Kelvir-Z in all the various files and filters for ratdvd v 0.7139, yet scans by A2(last update 31st july 2005), adaware SE and spybot 1.4 are showing nothing adverse. I will update A2 again and rerun checks


#6

Strange to say, but AntiVir XP reports a diffrent trojan after the last virus signature update.

03.08.2005,16:53:59 [INIT]  AntiVirService Version: 6.31.00.01  AVE Version 6.31.1.0  VDF Version: 6.31.1.53
03.08.2005,16:53:59 [INIT]  Der AVGuard Dienst wurde erfolgreich gestartet!
03.08.2005,16:55:10 [WARNUNG]  Ist das Trojanische Pferd TR/Dldr.IstBar.LC.A!
  C:\PROGRAMME\RATDVD\XEBENCODER.EXE

I have tried 2 other Anti-Virus programs:

[ul]
[li]Grisoft AVG Anti-Virus (Free Edition) Program version 7.0.338 Virus base 267.9.9/62
[/li][li]Softwin BitDefender (Free Edition) Virendefinitionen 198060
[/li][/ul]
Neither have found anything!

Call me paranoid, maybe somone is trying to discredit ratDVD. :eek:

p.s. AntiVir XP seems to be known in Germany only.


#7

Hm, I’m not trying to discredit ratDVD!!! My reslts are true. Maybe there’s an error and it is gone after the next AntiVir update, but if it continues…
Has some1 yet contacet AntiVir? I’m downloading the latest definitions at the moment.


#8

this is the second case in a road of dvd program false virus identifcation
http://club.cdfreaks.com/showthread.php?t=144776
conclusion : antivir and avast suck and have something against dvd ripping/copy softwares


#9

well, they haven’t had before, this is the first time I got this message, and I reinstalled ratDVD a lot of times…


#10

— german ------------------------------------------------------------
Johannes, da hast Du mich falsch verstanden.

Ich hatte dieselben Fehlermeldungen bei AntiVir wie Du.
Nach dem Update von AntiVir wurde nur ein anderer Trojaner (IstBar) gemeldet.
(Bei http://vil.nai.com/ ist IstBar übrigens nur Adware und kein Trojaner.)

Ich meinte nicht, dass Du oder jemand anderes aus dem Forum versucht
ratDVD zu diskreditieren. Ich denke eher dass die Filmindustrie ein vitales
Interesse daran hat, dass solche Programme wie ratDVD kein Erfolg werden.

— english -------------------------------------------------------------
JohannesHahn, I think you have misunderstood me.

I have had the same error messages you had.
But AntiVir reported a different trojan (IstBar) after updating it.
(According to http://vil.nai.com/ IstBar is Adware not a trojan.)


#11

probably got it in definition updates
i still think its a not a couincidence that both antivir/avast detected 2 seperate dvd ripping/copying programs as virus they just have something against em i suggest youll change to a better & more reliable antivirus , kaspersky & nod32 are currently the best but arent free , anyway if you wanna keep antivir then disable its resident protection and install ratdvd and then add the “detected” files to antivir exclusion list and enable the resident protection , anyway you can zip and upload the “detected” files to http://virusscan.jotti.org or http://www.virustotal.com it will scan em with about a dozen diffrent antiviruses youll see there will barly any that will detect it as a virus


#12

Thanks Phil, just did that:

virusscan.jotti.org:


AntiVir          Found nothing
ArcaVir          Found nothing
Avast            Found nothing
AVG Antivirus    Found nothing
BitDefender      Found nothing
ClamAV 	         Found nothing
Dr.Web 	         Found nothing
F-Prot Antivirus Found nothing 
Fortinet 	 Found W32/Startpage.DU-dr
Kaspersky Anti-Virus  Found nothing
NOD32            Found nothing
Norman Virus Control  Found nothing
UNA              Found nothing
VBA32            Found nothing

(Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)


#13

OK, let’s assume that the Germans have something against ratDVD. But somewhere was said that ratDVD doesn’t work with protected DVDs. I didn’t try it out, because it doesn’t work on my PC at all now (I managed to convert only one or two music videos and then it started asking for some SID), but the fact is: the Germans are only against software that cracks copy protection. If this is the case with ratDVD, then I was misinformed and it can really be a conspiracy against ratDVD. Or it could be a simple false positive as well.
And one more question: has anyone succeed in trying to reach that DVD database in ratDVD menu?


#14

Problem seems to have vanished into thin air …

Just updated AntiVir again – and with new virus
definition (6.31.1.55) there is no trojan found. :smiley:

I believe it has been a false positive.