New beta4 contains a trojan

Forum to report beta release bugs and discuss the latest beta releases with other users.
• If reporting a beta release bug, be sure read the bug reporting guidelines first.
Forum rules
IMPORTANT : Be sure to read the NewsLeecher forums policy before posting.
Lebowski
Posts: 25
Joined: Thu Nov 30, 2006 4:52 am

New beta4 contains a trojan

Post by Lebowski »

Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files\NewsLeecher\newsLeecher.exe.

Thanks!

CaptainRizla
Posts: 3
Joined: Fri Jun 26, 2009 4:49 pm

Re: New beta4 contains a trojan

Post by CaptainRizla »

Lebowski wrote:Virus or unwanted program 'TR/Crypt.TPM.Gen [trojan]'
detected in file 'C:\Program Files\NewsLeecher\newsLeecher.exe.

Thanks!
Same here. Detected with Avira. Please respond so that we know if it is a false positive or not.

5 hours for a response is pretty unreasonable.

Warlord711
Posts: 13
Joined: Wed Apr 20, 2005 12:03 pm

Post by Warlord711 »

Got the same message. Avira reports the newleecher.exe as a Trojan.

Warlord711
Posts: 13
Joined: Wed Apr 20, 2005 12:03 pm

Post by Warlord711 »

Checked with Virustotal:
File newsLeecher.exe received on 2009.06.26 12:50:19 (UTC)
Current status: finished
Result: 5/41 (12.20%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.26 -
AhnLab-V3 5.0.0.2 2009.06.26 -
AntiVir 7.9.0.196 2009.06.26 TR/Crypt.TPM.Gen
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.25 -
Avast 4.8.1335.0 2009.06.25 -
AVG 8.5.0.339 2009.06.26 -
BitDefender 7.2 2009.06.26 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.26 -
Comodo 1433 2009.06.26 -
DrWeb 5.0.0.12182 2009.06.26 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6581 2009.06.26 -
F-Prot 4.4.4.56 2009.06.25 -
F-Secure 8.0.14470.0 2009.06.26 -
Fortinet 3.117.0.0 2009.06.26 -
GData 19 2009.06.26 -
Ikarus T3.1.1.64.0 2009.06.26 -
Jiangmin 11.0.706 2009.06.26 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.26 -
McAfee 5657 2009.06.25 -
McAfee+Artemis 5657 2009.06.25 -
McAfee-GW-Edition 6.7.6 2009.06.26 Trojan.Crypt.TPM.Gen
Microsoft 1.4803 2009.06.26 -
NOD32 4192 2009.06.26 a variant of Win32/Packed.Themida
Norman 6.01.09 2009.06.25 -
nProtect 2009.1.8.0 2009.06.26 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.26 -
Rising 21.35.43.00 2009.06.26 Packer.Win32.Mian007.a
Sophos 4.43.0 2009.06.26 Sus/ComPack-C
Sunbelt 3.2.1858.2 2009.06.25 -
Symantec 1.4.4.12 2009.06.26 -
TheHacker 6.3.4.3.354 2009.06.25 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.26 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.25 -
Additional information
File size: 4172288 bytes
MD5 : e1bec50be2bd931570a16c56001badc5
SHA1 : 49efffa27450eac5003480f540ae92f89b19f6a2
SHA256: f537a9f34d1a8dd3bdafd6073831eea5189ac7c11e8671431f9b408d25254865
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xA06000
timedatestamp.....: 0x4A44AA66 (Fri Jun 26 13:00:54 2009)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x429000 0x1AD200 7.98 dd89920e7de8dbd79de2b782d30f6d8f
.rsrc 0x42A000 0x2E7000 0xF5C00 7.89 47ca4240956cd5c24c56aac3c6161393
.idata 0x711000 0x1000 0x200 0.69 0b917db6b9d9519d139303f5ef41723e
0x712000 0x19D000 0x200 0.26 84039f620ec23f5800c69f2990b20d23
zndhrxvm 0x8AF000 0x157000 0x156400 7.90 46fac1785c082fa6ec455e5911d52a6c
pgddrlzw 0xA06000 0x1000 0x400 7.11 c980cb8410b1da6013101c0010ed99c4

( 1 imports )

> kernel32.dll: CreateThread

( 0 exports )
TrID : File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:B9ncO0w0oEpqEtF8QrT2fQybWCaOjxpZA9g0ze6sPDKRJ6zZB8GvY0GWEBtWa9h3:r0PtqmqzJjxnA9hWKerhvYg3AAcl/SrI
PEiD : -
RDS : NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



JMark
Posts: 265
Joined: Fri Mar 16, 2007 4:14 pm

Post by JMark »

Kaspersky 8.0.0.1016 db 6/26/09 5:11:00 am: No threats detected..

False positive?

Warlord711
Posts: 13
Joined: Wed Apr 20, 2005 12:03 pm

Post by Warlord711 »

Kaspersky isnt the best source to rely on.
I wait until further informations from newsleecher team.

rws
Posts: 30
Joined: Sat Nov 11, 2006 2:27 pm

Post by rws »

It's a false positive. It's the same thing that gets detected with pretty much every new release. If you notify your AV supplier, they'll update their definitions pretty quickly usually.

JMark
Posts: 265
Joined: Fri Mar 16, 2007 4:14 pm

Post by JMark »

Warlord711 wrote:Kaspersky isnt the best source to rely on.
I wait until further informations from newsleecher team.
To each his own. I've never been infected so I'll stick with what works for me and my clients.

Cheers

User avatar
Smudge
Site Admin
Posts: 10034
Joined: Tue Aug 17, 2004 1:42 am

Post by Smudge »

Just like all the previous reports, it is a false positive. It is due to the Themida protection system used within NewsLeecher being falsely flagged as a trojan. The company that makes it is working with the antivirus companies to get it fixed but it hasn't happened yet.

Sorry for the inconvenience.
Please be aware of and use the following pages...
Services Status Page : SuperSearch and Usenet Access server status, retention, server load, indexing time, etc.
Support Request Form : Use this if you have a problem with billing or account status. The forum is only for NewsLeecher application issues.

JMark
Posts: 265
Joined: Fri Mar 16, 2007 4:14 pm

Post by JMark »

Smudge wrote:Just like all the previous reports, it is a false positive. It is due to the Themida protection system used within NewsLeecher being falsely flagged as a trojan. The company that makes it is working with the antivirus companies to get it fixed but it hasn't happened yet.

Sorry for the inconvenience.
No worries. Kaspersky has yet to lead me astray!

Goattee
Posts: 2
Joined: Sat Jun 27, 2009 2:36 am

Post by Goattee »

Smudge wrote:Just like all the previous reports, it is a false positive.
Sorry for the inconvenience.
I am also getting alerts from AVG when installing and attempting to run beta 4.

I have been evaluating using beta 3 and it never generated any antivirus warnings or alerts either during installation or operation.

Worse yet-- as you know-- reverting to beta 3 means losing my entire setup. How about providing users with a configuration backup method so we can preserve that info before installing new betas?

User avatar
Smudge
Site Admin
Posts: 10034
Joined: Tue Aug 17, 2004 1:42 am

Post by Smudge »

Goattee wrote:I am also getting alerts from AVG when installing and attempting to run beta 4.
What version of AVG definition file are you using? The report from VirusTotal linked in the 4.0b4 thread says AVG isn't having a problem.

Goattee wrote:How about providing users with a configuration backup method so we can preserve that info before installing new betas?
You should always make a backup of your configuration files in case there are problems and you want to revert, especially with beta test versions. The release notes specifically says you should make a backup before installing.
Please be aware of and use the following pages...
Services Status Page : SuperSearch and Usenet Access server status, retention, server load, indexing time, etc.
Support Request Form : Use this if you have a problem with billing or account status. The forum is only for NewsLeecher application issues.

Goattee
Posts: 2
Joined: Sat Jun 27, 2009 2:36 am

Post by Goattee »

Smudge wrote:What version of AVG definition file are you using? The report from VirusTotal linked in the 4.0b4 thread says AVG isn't having a problem.
AVG Free v. 8.5.375
Virus Database Version: 270.12.93/2204

Smudge wrote:You should always make a backup of your configuration files in case there are problems and you want to revert, especially with beta test versions. The release notes specifically says you should make a backup before installing.
Thanks for pointing this out. I should have read carefully-- I was so excited to get the new beta while still evaluating that I skipped an important step.

myc8e
Posts: 1
Joined: Sat Nov 04, 2006 4:56 pm
Location: Middle of Nowhere, AZ

mcafee as well

Post by myc8e »

mcafee is also zapping it. frustrating
Illegible

highwaykind
Posts: 30
Joined: Fri Oct 01, 2004 7:27 pm

Post by highwaykind »

Installed beta 4 yesterday, no trouble, but AVG is throwing a hissy fit today (Trojan)

AVG free 8.5.347 (auto updates to the latest)

I'm off to look for the beta 3 download file...

Post Reply