WARNING Infected GRE CD

Status
Not open for further replies.
D

DaveNF2G

Guest
The CD I received with a new GRE PSR-800 was infected with a virus.

Infected file: EZScanCD.exe|[Armadillo]

Threat: Win32:MalOb-CA[Cryp]

The infected file is the autorun menu for the programs on the CD and does not show the "|[Armadillo]" as part of its filename in Windows Explorer. The only way to detect the infection is to scan the CD. People might not be inclined to do so on a commercial CD received from a reputable company, but somebody has managed to victimize GRE.
 
D

DaveNF2G

Guest
No, it is not.

If you install the EZScan software from the infected CD, your computer will be infected. I know because I ASSumed it was false and went ahead anyway. My laptop lost its ability to communicate via USB or Ethernet, applications that could be used to repair the damage would not start, and various drivers were disabled or removed randomly on subsequent bootups. I very nearly had to reinstall Windows XP before I got the mess cleaned up, after several hours of work.
 

n8zcc

Member
Joined
Mar 2, 2004
Messages
197
Location
Oakland, Michigan
I gave the GRE CD to our IT people, a group that manages PC security for a fortune 500 company. They came back and told me CD is fine, no viruses.

Stop the spread of misinformation, there is no virus in the GRE CD. If you experienced issues after installing the GRE software, I would look else where.
 
Last edited by a moderator:

rdale

Completely Banned for the Greater Good
Premium Subscriber
Joined
Feb 3, 2001
Messages
11,380
Location
Lansing, MI
Dave, what AV software have you that alert?
 

radiomanNJ1

Member
Joined
Aug 16, 2008
Messages
789
Location
In the land of make believe
OMG the sky is falling. If he says it is so and everyone else says no they have got to be wrong.

I think it has to do with GRE not wanting business and a bad reputation with customers !!!
 

loumaag

Silent Key - Aug 2014
Joined
Oct 20, 2002
Messages
12,935
Location
Katy, TX
Okay, this is silly (not the OP, the reaction).

Folks, if there are any more snarky comments made, I will just issue infractions. No warnings. If you know the OP is wrong, just move on, if you think he is right and have nothing to really add, just move on.
 
D

DaveNF2G

Guest
I would like the geniuses who swear the virus alert is false to explain the chaos that was invoked on my laptop after I used it.
 

t0xPro-197

Member
Premium Subscriber
Joined
Feb 19, 2013
Messages
283
Location
Maggie valley North Carolina
there allways the possablty a hacker could acess certain programs that have backdoors or some butthead at main store or facorty infected it themself it has happend but not often just hope nomore go thru that sorry too hear about that its why i mainly run linux
 

a417

U+0000
Joined
Mar 14, 2004
Messages
4,650
this is precisely why I have a VM that i clone for software installs, and if something bangs it up...I close the window.
 

MarkWestin

Member
Joined
Apr 21, 2005
Messages
659
Location
Caribou, Maine
"False Positives" can be just as damaging as a real virus (or malware). About four years ago, the anti-virus program that I was using suddenly decided that I had two files in the Windows System32 directory that were "infected" and quarantined and deleted them all by itself. Within about two minutes the two files which were part of Windows were needed by the operating system and the machine crashed. When restarted the machine refused to start up because the files were "damaged or missing". Luckily, I was able to put the drive in another machine and replace the missing files from a backup. Needless to say as soon as I started the machine again I uninstalled the anti-virus software (which I won't identify) and installed another vendor's anti-virus software. By the way, I have seen false positives on many different anti-virus and anti-malware programs. One of the programs that I use will upload a copy of what it thinks is malware to the company for analysis. Several times after a few days it has politely asked if I want to restore the program which had been quarantined.

Mark
 

rdale

Completely Banned for the Greater Good
Premium Subscriber
Joined
Feb 3, 2001
Messages
11,380
Location
Lansing, MI
Dave's symptoms don't match what that malware is known for doing, so I think Mark has it right.

Time for a new anti-virus package.
 

Skooter92

Member
Premium Subscriber
Joined
Mar 8, 2004
Messages
72
Location
North of there, just below that place
Well......

Just scanned the CD copy I have for the 800; it was burned for me by a recent recipient so should be fairly current, plus my archived copies (Disclaimer: I don't have any GRE scanners, but I have friends who ask me from time to time if I can can take a look at theirs or program them). I use AVG as my security software, which seems to not be too trigger happy. I found the same file present. My friend has not reported any issues with his installation on his machine. I didn't feel up to trying to install from the CD I have and risk any of my machines. I'm not faulting GRE, but two reported incidences means that there is a possibility of a corrupted batch of CD's. That is all Dave is trying to get across, not that there is some sort of conspiracy. I even scan my Moto software hard copies prior to installation; I am not paranoid, just prudent. If you cannot reproduce it on your copy, then assume your copy is not affected and go ahead and use it. But scanning ANY installation CD is ALWAYS a good idea; I even scan files I download from CNET. Doesn't cost me anything extra but the time, and the potential for avoiding harm outweighs any inconvenience. Don't be haters 'cause the brother's sounding the alarm; Dave did it to alert to the possibility of an issue. 'Nuff said.
 

t0xPro-197

Member
Premium Subscriber
Joined
Feb 19, 2013
Messages
283
Location
Maggie valley North Carolina
i wasnt i just know that like with any tech bizz when they fire someone who does that stuff or hes mad ect he can build currpt stuff burn it too a cd or many cds its how alot of pc get infected and that cause botnets too be built i avg too awsume software only AV ill use on windows but ima linuxman at heart i just hope they get thing fixed forem i hate seeing this kinda stuff its sad thought but happends alot ;/
 
D

DaveNF2G

Guest
To those who attributed positive motives to my original posting, I say 'thank you.' You are correct. I am a happy GRE (and Uniden and Radio Shack) customer with no axe to grind against any of those companies. I am not Chicken Little. I still have the CD and if anyone nearby would like to scan it themselves, we can meet over coffee or something so you can see that the alert was genuine.

As to whether or not my choice of AV software is problematic, I would be more concerned about virus scanners that failed to identify threats, even if said threats were remote.

Right after a Moderator warned about snarky comments, I made one of my own ("geniuses") and for that I apologize. I plead incompetence due to illness (severe head cold) at the time. :)
 

mikey60

Member
Joined
Sep 15, 2003
Messages
3,543
Location
Oakland County Michigan
The CD I received with a new GRE PSR-800 was infected with a virus.

Infected file: EZScanCD.exe|[Armadillo]

Threat: Win32:MalOb-CA[Cryp]

The infected file is the autorun menu for the programs on the CD and does not show the "|[Armadillo]" as part of its filename in Windows Explorer. The only way to detect the infection is to scan the CD. People might not be inclined to do so on a commercial CD received from a reputable company, but somebody has managed to victimize GRE.

Armadillo is a software protection system. I use it with my PSREdit software to handle the licensing control on the software. It will also encrypt the program code as part of it's protection.

What sometimes happens is a malware author will create a malware program and protect it using Armadillo. Some of the AntiVirus programs that are out there then see the Armadillo signatures and include them in their signature data files. When that happens, any software that uses the Armadillo package to protect their software are likely to be detected as the malware, even though no malware exists.

I've had this happen on a couple of occasions with my PSREdit software, where I can say with 100% certainty there is no malware. Since the listing above shows Armadillo, I'd say it's likely that this is a false positive on the anti-virus software you're using, which will probably be corrected in the near future with any updates that are applied to the signature files.

Mike
 
Status
Not open for further replies.
Top