Possible Infected Docklet
Friday, April 3, 2009 by Gammeldansk | Discussion: WinCustomize Talk
I recently downloaded a mail checking docklet from the ObjectDock Gallery (Docklets section). When I unzipped it, my McAfee Security Centre popped up to inform me that it had detected and safely removed the Banker Trojan. This may or may not have been a coincidence, so I dont think I should name the Docklet here. Perhaps the Moderators might look at all the Mail Checking Docklets in the Gallery (there's not that many) to see what they might find.
Reply #3 Friday, April 3, 2009 5:40 PM
Thanks Hankers and Zubaz for such a quick response. I took the PM route.
Reply #4 Friday, April 3, 2009 6:25 PM
Reply #5 Friday, April 3, 2009 7:05 PM
Hi Zubaz. I'm using McAfee Virus Scan 13.3.117 updated today (its a component of McAfee Security Centre preinstalled on my system). I did another download of the docklet in question and ran a scan on the ZIP with the same result - PWS Banker Trojan detected and quarantined. I can understand an antivirus program reporting a false alarm, but why be so specific about the alleged infection's name.
Reply #6 Friday, April 3, 2009 7:11 PM
Typically any false-positive confuses a clean file with a specific signature....as is most likely the case here.
My AV shows it as clean [Bitdefender] and it's about as up-to-date as any AV ....it checks for sig updates every hour....eg..
last check 04/04/2009 9.26.24
last update 04/04/2009 8.28.18 [I'm in Australia]...
Reply #7 Friday, April 3, 2009 7:24 PM
Guess its a false alarm then. But to be on the safe side I think I'll stick with my Windows Sidebar Mail Notifier - its never failed me. Many thanks for your help Zubaz, Hankers and Jafo.
Reply #8 Friday, April 3, 2009 7:44 PM
Just in case you want to be sure... you can upload the file to VirusTotal http://www.virustotal.com/ . It will get scanned with all the top industry antivirus engines and you can see the results ... It's a very good way to know if it's false positive or not.
Reply #9 Friday, April 3, 2009 7:46 PM
My apologies to the author of the docklet in question. The problem was highlighted in good faith and turned out to be a quirk in the way different AVs report their findings.
Reply #10 Friday, April 3, 2009 7:56 PM
I did not know that. (Saved for future referance) [e digicons]:karma:[/e]
Reply #11 Friday, April 3, 2009 7:57 PM
Thank you for posting your concern. It's always best to check these things out.
Reply #12 Friday, April 3, 2009 7:57 PM
Better to be safe than sorry. No harm done.
My AV (AVG) came up blank too. But then I looked at teh age of teh docklet, the number of downloads, the lack of any other reports of virus activity in the comments and figured it was ok.
Reply #13 Saturday, April 4, 2009 9:00 AM
Over the years there's been a few uploads here that have raised alarms.....but almost all are found prior to being made public.
As you see there's bound to be the odd one or three that slip through....though they are usually found later due to a signature revision/update.
Commonly they are compression algorithms that are often found also in/with virii...so the alarm[s] go off.
It's always best to let us know if one does....so it can be rechecked and pulled from public if needed....so thanks again, Gammeldansk ....
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
Reply #1 Friday, April 3, 2009 5:04 PM
You can always PM a moderator with the name of the docklet rather than have to hunt-and peck through the list.
Check the lower part of the page for PM links - https://forums.wincustomize.com/user/1121551