WARNING Infected GRE CD

[DaveNF2G]

The CD I received with a new GRE PSR-800 was infected with a virus.

Infected file: EZScanCD.exe|[Armadillo]

Threat: Win32:MalOb-CA[Cryp]

The infected file is the autorun menu for the programs on the CD and does not show the "|[Armadillo]" as part of its filename in Windows Explorer. The only way to detect the infection is to scan the CD. People might not be inclined to do so on a commercial CD received from a reputable company, but somebody has managed to victimize GRE.

[drgensel]

There have been alerts before as well.

PSR-800 installation virus?

[W9GC]

It's a false positive.

[DaveNF2G]

No, it is not.

If you install the EZScan software from the infected CD, your computer will be infected. I know because I ASSumed it was false and went ahead anyway. My laptop lost its ability to communicate via USB or Ethernet, applications that could be used to repair the damage would not start, and various drivers were disabled or removed randomly on subsequent bootups. I very nearly had to reinstall Windows XP before I got the mess cleaned up, after several hours of work.

[n8zcc]

I gave the GRE CD to our IT people, a group that manages PC security for a fortune 500 company. They came back and told me CD is fine, no viruses.

Stop the spread of misinformation, there is no virus in the GRE CD. If you experienced issues after installing the GRE software, I would look else where.

[rdale]

Dave, what AV software have you that alert?

[radiomanNJ1]

OMG the sky is falling. If he says it is so and everyone else says no they have got to be wrong.

I think it has to do with GRE not wanting business and a bad reputation with customers !!!

[NHdave]

Quote:

Originally Posted by rdale

Dave, what AV software have you that alert?

I'm gonna take a wild guess before he answers... Avast.

[loumaag]

Okay, this is silly (not the OP, the reaction).

Folks, if there are any more snarky comments made, I will just issue infractions. No warnings. If you know the OP is wrong, just move on, if you think he is right and have nothing to really add, just move on.

[DaveNF2G]

I would like the geniuses who swear the virus alert is false to explain the chaos that was invoked on my laptop after I used it.

[t0xPro-197]

there allways the possablty a hacker could acess certain programs that have backdoors or some butthead at main store or facorty infected it themself it has happend but not often just hope nomore go thru that sorry too hear about that its why i mainly run linux

[rdale]

Quote:

Originally Posted by DaveNF2G

I would like the geniuses who swear the virus alert is false to explain the chaos that was invoked on my laptop after I used it.

Dave - what AV software?

[thebigphish]

this is precisely why I have a VM that i clone for software installs, and if something bangs it up...I close the window.

[rafdav]

a blessing. I use it to see if some software has hidden virus or other bad news.

[MarkWestin]

"False Positives" can be just as damaging as a real virus (or malware). About four years ago, the anti-virus program that I was using suddenly decided that I had two files in the Windows System32 directory that were "infected" and quarantined and deleted them all by itself. Within about two minutes the two files which were part of Windows were needed by the operating system and the machine crashed. When restarted the machine refused to start up because the files were "damaged or missing". Luckily, I was able to put the drive in another machine and replace the missing files from a backup. Needless to say as soon as I started the machine again I uninstalled the anti-virus software (which I won't identify) and installed another vendor's anti-virus software. By the way, I have seen false positives on many different anti-virus and anti-malware programs. One of the programs that I use will upload a copy of what it thinks is malware to the company for analysis. Several times after a few days it has politely asked if I want to restore the program which had been quarantined.

Mark

[rdale]

Dave's symptoms don't match what that malware is known for doing, so I think Mark has it right.

Time for a new anti-virus package.

[Skooter92]

Just scanned the CD copy I have for the 800; it was burned for me by a recent recipient so should be fairly current, plus my archived copies (Disclaimer: I don't have any GRE scanners, but I have friends who ask me from time to time if I can can take a look at theirs or program them). I use AVG as my security software, which seems to not be too trigger happy. I found the same file present. My friend has not reported any issues with his installation on his machine. I didn't feel up to trying to install from the CD I have and risk any of my machines. I'm not faulting GRE, but two reported incidences means that there is a possibility of a corrupted batch of CD's. That is all Dave is trying to get across, not that there is some sort of conspiracy. I even scan my Moto software hard copies prior to installation; I am not paranoid, just prudent. If you cannot reproduce it on your copy, then assume your copy is not affected and go ahead and use it. But scanning ANY installation CD is ALWAYS a good idea; I even scan files I download from CNET. Doesn't cost me anything extra but the time, and the potential for avoiding harm outweighs any inconvenience. Don't be haters 'cause the brother's sounding the alarm; Dave did it to alert to the possibility of an issue. 'Nuff said.

[t0xPro-197]

i wasnt i just know that like with any tech bizz when they fire someone who does that stuff or hes mad ect he can build currpt stuff burn it too a cd or many cds its how alot of pc get infected and that cause botnets too be built i avg too awsume software only AV ill use on windows but ima linuxman at heart i just hope they get thing fixed forem i hate seeing this kinda stuff its sad thought but happends alot ;/

[DaveNF2G]

To those who attributed positive motives to my original posting, I say 'thank you.' You are correct. I am a happy GRE (and Uniden and Radio Shack) customer with no axe to grind against any of those companies. I am not Chicken Little. I still have the CD and if anyone nearby would like to scan it themselves, we can meet over coffee or something so you can see that the alert was genuine.

As to whether or not my choice of AV software is problematic, I would be more concerned about virus scanners that failed to identify threats, even if said threats were remote.

Right after a Moderator warned about snarky comments, I made one of my own ("geniuses") and for that I apologize. I plead incompetence due to illness (severe head cold) at the time.

[mikey60]

Quote:

Originally Posted by DaveNF2G

The CD I received with a new GRE PSR-800 was infected with a virus.

Infected file: EZScanCD.exe|[Armadillo]

Threat: Win32:MalOb-CA[Cryp]

The infected file is the autorun menu for the programs on the CD and does not show the "|[Armadillo]" as part of its filename in Windows Explorer. The only way to detect the infection is to scan the CD. People might not be inclined to do so on a commercial CD received from a reputable company, but somebody has managed to victimize GRE.

Armadillo is a software protection system. I use it with my PSREdit software to handle the licensing control on the software. It will also encrypt the program code as part of it's protection.

What sometimes happens is a malware author will create a malware program and protect it using Armadillo. Some of the AntiVirus programs that are out there then see the Armadillo signatures and include them in their signature data files. When that happens, any software that uses the Armadillo package to protect their software are likely to be detected as the malware, even though no malware exists.

I've had this happen on a couple of occasions with my PSREdit software, where I can say with 100% certainty there is no malware. Since the listing above shows Armadillo, I'd say it's likely that this is a false positive on the anti-virus software you're using, which will probably be corrected in the near future with any updates that are applied to the signature files.

Mike