RSDL Foliage 1.0 - Infected by Trojan Horse

[adam3544]

Hi,
I've purchased and downloaded the Foliage package.
I've ESET NOD32 installed under Windows XP Pro SP3.
Unfortunately NOD32 quarantined and deleted some part of the package and informed
me about the potential threat by Win32/Kryptic C Trojan.
Very bad. How can I resolve this problem.

Adam

[Easilyconfused]

Well first off I would contact the publisher and ask them.

Secondly I would double check with one of the online checking services that scans the files against multiple anti-virus products. We have seen many reports that turned out to be false positives but people are convinced there is a problem because their anti-virus product says so.

Lastly, before making public announcements about a "problem" or "infection" be very sure that it is a real problem

[TheTazman]

I have just purchased this also this very second its downloaded 62%.

I will check on my mcaffee and report back.

[TheTazman]

Well mcafee says its clean.

[iceman2117]

hi, ...

My protection say NO VIRUS.
possibly a software license protection?

greets ice

[keber]

Make a full scan of your computer, it is not only foliage pack, that it is infected.
Your computer was infected before dowloading foliage pack.

[Acorncomputer]

Hi

Just to say that my copy has no infection either.

[Basherz]

There is no infection in this pack, but some AV's don't like .rpk's. Also as keber implies, check your own machine before lighting the fuse.

[AndyM77]

There is no infection in this pack, but some AV's don't like .rpk's. Also as keber implies, check your own machine before lighting the fuse.

Indeed, I don't own the pack but am 99.99999% certain that software from a reputable company would not contain any virus / malware.

I use AVG free on my day to day PC (none on my gaming pc), and sometimes AVG will release a new Virus Signature that marks previously safe .exe files as infected. Once reported to AVG, the next Virus Signature then says that there is nothing wrong with the file even though the previous Signature said that there was.

This is I believe in part due to the way that some .exe files are protected via DRM schemes.

AV software whilst valuable at times isn't ever 100% trustworthy, in fact "I" believe that some AV manufacturers make up false threats on occasion to keep users paranoid and therefore pay for new yearly AV updates when the truth of the matter is that unless you're doing something dodgy then you're not likely to get a virus with a fully patched OS and with a smidge of common sense when opening files / etc...

If in doubt, submit the file to the AV company (if they have a scheme via the software), keep the file in Quarantine until you download a new Virus Signature (usually a daily or weekly update) and then see if the AV software flags it up again. If it does then get worried, if it doesn't then it's simply a false positive.

[adam3544]

Meantime, I've de-activated my NOD32 and installed the package.
I'll make a full computer scan tonight.
Thanks for your input.

Adam

[NeutronIC]

It's highly unlikely that it does have a virus, more than likely it's just got exactly the right sequence of bytes to make it look like one of the virii - virus detection is still quite simple.

What I would do however is talk to RSDL about getting a copy of the file off to your AV vendor for them to verify and exclude it.

Matt.

[adam3544]

It's highly unlikely that it does have a virus, more than likely it's just got exactly the right sequence of bytes to make it look like one of the virii - virus detection is still quite simple.

What I would do however is talk to RSDL about getting a copy of the file off to your AV vendor for them to verify and exclude it.

Matt.

I'm in contact with the vendor who ask me about exact log of events as by NOD32 (which I sent them) and reply me as follows:

"Dear Adam Witkowski,

This shows that NOD32 is detecting the entire .exe not just a DLL file.

Have you tried to run your security software after you have installed the product? Does it come up with the same .exe detected?"

Well, I did run the whole computer scan and nothing found connected with RDSL software.

Adam