Trojan?

Support and feedback for UniUploader
UniUploader requires microsoft .net runtimes!

Trojan?

Postby Sheepy_Daz » Fri Apr 27, 2007 7:01 pm

Hey guys.
I installed uniuploader the other day an have been using it for about 5 days now.
This morning i decided to clean my computer up an when i run my spyware scanner it detected the Settings.ini file which is created off uniuploader.
Here is the link for what trojan its ment to be.

Is this right?

Cheers for you time
Sheepy
Sheepy_Daz
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Wed Mar 14, 2007 10:38 pm

Trojan?

Postby MattM » Fri Apr 27, 2007 7:33 pm

Perhaps it is right. Just delete the whole UU folder and reinstall.
MattM
UA/UU Developer
UA/UU Developer
Gimpy Developer
Gimpy Developer
 
Posts: 886
Joined: Tue Jul 04, 2006 9:53 pm
Location: USA

Re: Trojan?

Postby Pops » Sun Apr 29, 2007 10:09 pm

I'm obviously an amatuer coder, but, how would reinstalling NOT make this come back? If it came from UU, wouldn't reinstalling it, make it again?

Thats another thing, I am the website administrator, I have gotten the guild to accept this roster and such, despite all the keyloggers, and whatnot goin around about stealing keys,now, there could possibly be a trojan involved?

This is a great community, and the developers to the addons have done a fantastic job, but this make me EXTREMELY nervous, exposing 300+ people to a possible trojan.

First off, which program caught it?

Where was this UU downloaded from that has the supposed trojan?

Has anybody else discovered this? Where exactly on your computer was it, so we can all check?

I want to be sure before yelling " The sky is falling"..
Thx and sorry if i'm causing a mountain of a molehill.
Last edited by Pops on Sun Apr 29, 2007 10:14 pm, edited 2 times in total.
Pops
WR.net Apprentice
WR.net Apprentice
 
Posts: 14
Joined: Tue Mar 27, 2007 9:55 pm

Trojan?

Postby MattM » Mon Apr 30, 2007 12:20 am

well, you can trust me to compile clean programs for you.

That said, the only way to make sure you have a clean copy is to compile the program using http://msdn.microsoft.com/vstudio/express/ and the source code in the download section.
MattM
UA/UU Developer
UA/UU Developer
Gimpy Developer
Gimpy Developer
 
Posts: 886
Joined: Tue Jul 04, 2006 9:53 pm
Location: USA

Re: Trojan?

Postby Pops » Mon Apr 30, 2007 12:25 am

I only get the mods/addons from THIS site, fearing suhc things.. I already asked about security before introducing this to my group. I felt comfortable with the responses and information I gathered from this and other sites about wowroster. I apologize if my post makes it look like I'm accusing anyone here of wrong doing. That is not my intentions. I have seen no proof of that.

I am, however curious, as to how he got it. If it is going to be posted on this forum, I would like to hear the whole story. For peace of mind, and the knowledge of awareness.
Last edited by Pops on Mon Apr 30, 2007 6:27 am, edited 2 times in total.
Pops
WR.net Apprentice
WR.net Apprentice
 
Posts: 14
Joined: Tue Mar 27, 2007 9:55 pm

Trojan?

Postby bbj911 » Mon Apr 30, 2007 5:00 pm

Virusses mainly work by attaching themselves to other "regularly" used programs. Uninstalling and reinstalling would normally get rid of this kind of virus. Problem is, they dont only infect one file, they infect many, and some of them detect this attempted removal and infect something else.

Then there are false alarms, and i think this is what youre looking at. There is no way a setting.ini file can contain a virus as its NOT an executable file and nothing inside it gets executed. Chances are its a false alarm.
Last edited by bbj911 on Mon Apr 30, 2007 5:01 pm, edited 1 time in total.
User avatar
bbj911
WR.net Apprentice
WR.net Apprentice
 
Posts: 61
Joined: Mon Oct 23, 2006 6:47 pm

Re: Trojan?

Postby Pops » Mon Apr 30, 2007 11:32 pm

Yeah, i'm more interested as to where it came from or what other downloads/factors were involved.

I am constantly looking for the keylogger attacks, they seem to come in waves. I just like to inform my group of what is happening.
Pops
WR.net Apprentice
WR.net Apprentice
 
Posts: 14
Joined: Tue Mar 27, 2007 9:55 pm

Trojan?

Postby MattM » Mon Apr 30, 2007 11:45 pm

we had a similar thread last year about a false positive AVG was throwing
MattM
UA/UU Developer
UA/UU Developer
Gimpy Developer
Gimpy Developer
 
Posts: 886
Joined: Tue Jul 04, 2006 9:53 pm
Location: USA

Trojan?

Postby Sheepy_Daz » Fri May 25, 2007 12:28 am

Hey guys sorry i didnt post sooner i been away for a bit.
the so called trojan come from the Settings.ini file which is made my UU.
Here is a screenie of how it comes up in the program

I looked through the settings.ini file an cant see anything dodgy but im still a little bit jubious
Last edited by Sheepy_Daz on Fri May 25, 2007 12:38 am, edited 1 time in total.
Sheepy_Daz
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Wed Mar 14, 2007 10:38 pm

Trojan?

Postby bbj911 » Fri May 25, 2007 7:44 pm

do u run you UU from your desktop folder?

Move it to a folder of its own, and see if the warning moves with it.
User avatar
bbj911
WR.net Apprentice
WR.net Apprentice
 
Posts: 61
Joined: Mon Oct 23, 2006 6:47 pm

Trojan?

Postby Blueleaf » Wed May 30, 2007 10:02 pm

OK lets see here, for starters I don't see any way that the settings.ini file could be a trojan. It is a settings configuration file and on it's own doesn't access the internet or any active ports. If anything you spyware software is detecting the url string information contained within the file and is a false alarm. I run Norton 360, Spy Bot S&D, and AddAware. And have yet to see this warning as a problem. Odds are it is a conflict with you spyware software.
User avatar
Blueleaf
WR.net Apprentice
WR.net Apprentice
 
Posts: 50
Joined: Thu Apr 26, 2007 12:06 am
Location: Minot, ND

Trojan?

Postby tuigii » Wed Jun 27, 2007 9:20 am

Risk ?

I don't get it.

UniLoader: the source is viewable, and even rather well done.
One can build UniLoader by themselves if the need is there, but fear withholds one from installing or even using the executable.
Uniloader hassles with plain text files and images.
It sends them away from your system, coming from 3 places, it’s installation location, like \Program Files\UniLoader\...., \WoW\WTF\Account\LOGIN\SavedVariables\... and \WoW\Interface\AddOns\...

True is - some of those text files are actually scripting files, coded in LUA. LUA is being known as even more save then Java... Java is the language that every browser in the world 'just executes' when loaded – and we’re all still there, aren’t we?

A point of risk might be the fact that UniAdmin runs from a web server.
Now, how save is a web server?
So, one should break into Unidmin, add a false 'real Add On' which is actually 'dangerous code' - make UniAdmin swallow it (see it as valid Add On's) - have it send to UniLoader when it asks for it.
UniLoader will throw this file it in one of these 3 directories ONLY.
WoW won't do anything with it, except may be throwing an error like 'this ain't no LUA... – black box burk.".
And things stop there.
It will no be executed or even interpreted.

Exception to this rule: the person who finds an executable in these WoW directories (and only these), and because he (she) has to click on anything to 'ty it out' becomes a victim.
But: we all know that the good AntiVirus, or whatever tool that fits this name, would already have stopped the simple 'writing of this file' when it has been put there.

So, still, I don't get it.

I only see one point:
A couple of system interacts and exchange information on a nearly ‘magic’ way.
It runs nearly automatic, so, by nature, that’s suspected.
That’s ok.
The simple fact that we discus about it, brainstorming it, testing it, feedbacking the results, makes it sure.

Mattm - and others - you did a hell of a job !

Got one question: why isn’t this tool just included on my WoW CD’s on the first place?
Or even a smallest hint saying: “When you installed this game, drop by at www.wowroster.net”?! Because we all will, on the long run, if you are a warrior like me, or right away, if you’re a hard-gamer ^^

PS: pardon me, as said; I’m a warrior, so still having issues with Spirit and Intelligence ;-) but coding makes me eat, and I recognize quality when I see it.
Last edited by tuigii on Wed Jun 27, 2007 9:21 am, edited 1 time in total.
User avatar
tuigii
WR.net Master
WR.net Master
 
Posts: 891
Joined: Wed Dec 27, 2006 12:57 pm
Location: Somewhere in the South Ouest of France

Re: Trojan?

Postby ScratchMonkey » Tue Jul 03, 2007 3:10 am

Sheepy_Daz wrote:the so called trojan come from the Settings.ini file which is made my UU.
Here is a screenie of how it comes up in the program


I get a 404 on that screenshot. Did you spell the link correctly, and use the right upper/lower case?
User avatar
ScratchMonkey
WR.net Expert
WR.net Expert
 
Posts: 212
Joined: Wed Jul 05, 2006 4:32 pm
Location: San Pablo, CA

Trojan?

Postby Sheepy_Daz » Thu Aug 02, 2007 10:08 pm

Hey guys sorry to bump an old thread back up.
I moved the files from the desktop an used the installer to install UU an its not picking up the file as spyware anymore.
why would it pick it up on the desktop though?
Sheepy_Daz
WR.net Apprentice
WR.net Apprentice
 
Posts: 5
Joined: Wed Mar 14, 2007 10:38 pm

Trojan?

Postby Psoewish » Fri Sep 07, 2007 8:57 pm

First post here yay =)

Been browsing through the forums cause i'm having some issues here and this one caught my eye :P

Anyway, back on track. Sheepy I would guess that's because you have a virus in your desktop folder then. I remember having every image I opened from a certain folder making my NOD32 throwing me some virus error. I didn't really look into it anymore as I forgot about it and stuff (was still very noob at PC back then :P)

But then a few weeks later I decided to organize my images a bit and moved many out of that folder, renamed the original folder "random images" with the ones that didn't fit any other folder :)

But then every image didn't give me a warning anymrore, EXCEPT for the one in that particular folder ...

I suggest you deep scan you desktop with a GOOD antivirus (AVG, Kaspersky, NOD32, etc.) Please don't use Norton ^^
Psoewish
WR.net Apprentice
WR.net Apprentice
 
Posts: 7
Joined: Wed Sep 05, 2007 5:47 pm

Next

Return to UniUploader

Who is online

Users browsing this forum: No registered users and 0 guests

cron