Topic: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?  (Read 7433 times)

0 Members and 2 Guests are viewing this topic.

Offline njareg

  • Lt. Junior Grade
  • *
  • Posts: 31
Hello everyone,

I've recently installed a virus scanner called The Shield 2008 which also is essentially the Kaspersky engine. Much to my surprise it is reporting that the SFC3 Patch v534B is infected with the following: Virus.Win32.Gpcode.ak

Now I know what most of you are thinking and no I didn't just fall off the turnip truck yesterday :) I've downloaded several copies of the patch from various different websites, the scanner is finding this virus in every copy I download. I have run two different virus scanners on this (Symantec, Trend Micro) and they find nothing. I personally have been using this patch for some time and have not witnessed and strange behaviour on my system. 

For convenience I've included the description of the virus below. Has anyone else seen/experienced this?

http://www.threatlevel.com/
Virus.Win32.Gpcode.ak
Virus.Win32.Gpcode.ak
06.05.08 14:37 GMT

Status : moderate risk
Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode — Virus.Win32.Gpcode.ak.

The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:
Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com

Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

We recommend that all Internet users enable maximum protection from malicious code and network attacks on their computers and refrain from executing suspicious programs received from untrustworthy sources.

Detection of Virus.Win32.Gpcode.ak was added to Shield Deluxe signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.


Offline Greenvalv

  • Trekkie at large.....
  • Lt.
  • *
  • Posts: 688
  • Sfc3files Dept Site Admin

Offline njareg

  • Lt. Junior Grade
  • *
  • Posts: 31
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #2 on: June 07, 2008, 10:54:53 pm »
Hi Greenvalv,

You bet I tried that and about 8 others, it seems every one I tried this same virus was detected.  So I'm not sure what to think here, the Sheild Deluxe 2008 here says it's a new strain and no other popular virus scanners find anything wrong. So I'm not sure if this scanner is simply raising a false alarm or if it indeed has found something the others I've used are missing. Below is a link to the virus scanners home page in case anyone wanted to give it a look over.

http://www.pcsecurityshield.com/

Offline FCM_SFHQ_XC

  • There is life outside of Windows..
  • Administrator
  • Lt. Commander
  • *
  • Posts: 2267
  • Gender: Male
  • Starbase Atlantis [X-refit]
    • 9th Fleet
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #3 on: June 07, 2008, 11:58:10 pm »
I believe it is a false positive, as well though it would not affect you unless you encrypt files a lot on XP Pro or Vista Ultimate.
You might want to still contact them about their scanner reading a the SFC3 patch with that particular virus so they can check their coding of their scanner and rectify it.
Starfleet Headquarters out.

Fleet Commodore, XenoCorp, ISC Fleet.

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #4 on: June 08, 2008, 01:00:05 am »
It is a false Positive.. I send all my installers that came back reporting as Infected to Grisoft (AVG) since their new Virus Scanner reports infected.

What is happening is at the time I made the installer, I used Install Creator Pro Trial Version, which has an advertisement included in the last page of the installer for people to go to the Install Creator web site if they wanted to get a copy.. It wasn't until Dec. 2007 that I bought a fully licensed Version of the program.

Doing tests on my end, the Full Installer reports no Infection, however the Trail Version does, AVG stated it is a False Positive and that they would correct the problem when they had the time available..

You may want to send it to Kapersky or your AV company and have them verify that it is indeed a false positive.
 
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Offline njareg

  • Lt. Junior Grade
  • *
  • Posts: 31
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #5 on: June 08, 2008, 09:59:22 pm »
Hey everyone thanks for all the input on this. I agree and believe it's a false positive.

Ravok

  • Guest
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #6 on: June 08, 2008, 10:06:35 pm »
 Im getting ready to up grade my virus protection. What should I do if I get the same results????

 Please explain in depth Im computer illiterate. :-[ :)


 Thanks !!

Offline Pestalence_XC

  • "The Terminator"
  • Commander
  • *
  • Posts: 2636
  • Gender: Male
  • "The Terminator" Pestalence_XC, Xenocorp
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #7 on: June 09, 2008, 12:57:53 am »
Basically if you upgrade virus scanner versions, it will usually give you a pop up stating to remove infection, put in virus vault, or ignore. just select ignore.

If you are concerned it may be infected, send to your AV company and have them check it out in full, you should receive back a response within 24 to 48 hours letting you know that it is clean.
"You still don't get it, do you?......That's what he does. That's all he does! You can't stop him! It can't be bargained with. It can't be reasoned with. It doesn't feel pity, or remorse, or fear. And it absolutely will not stop, ever, until you are dead!"

Member :
Xenocorp / Dynaverse.net Moderator & Beta Test Team
SFC 4 Project QA Coordinator
Taldren Beta Test Team
14 Degrees East Beta Test Team
Activision Visioneers SFC 3 Beta Test Team

Ravok

  • Guest
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #8 on: June 09, 2008, 01:47:36 am »
Basically if you upgrade virus scanner versions, it will usually give you a pop up stating to remove infection, put in virus vault, or ignore. just select ignore.

If you are concerned it may be infected, send to your AV company and have them check it out in full, you should receive back a response within 24 to 48 hours letting you know that it is clean.


 Thanks again!!!  Pestalence I really can't tank you enough, for all the help you give. I truly do appreciate it!!!! :) :) :) :thumbsup: :thumbsup: :thumbsup:

Offline Age

  • D.Net VIP
  • Commander
  • *
  • Posts: 2690
  • Gender: Male
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #9 on: June 09, 2008, 04:10:39 pm »
I always trust his work no matter what an AV scanner says I know Pestalence wouldn't put anything on your system.I get this with AVG8.0 as well I just ignore it.On the topic look what I saw on your google ads.

Quote
Virus and Trojan Remover
Download Free Trojan & Virus Scan Recommended and Used By The Experts
www.pctools.comK-aspersky Anti-Virus 7.0
2008 Award Winning Anti-Virus Software.

Ravok

  • Guest
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #10 on: June 09, 2008, 04:29:49 pm »
I always trust his work no matter what an AV scanner says I know Pestalence wouldn't put anything on your system.I get this with AVG8.0 as well I just ignore it.On the topic look what I saw on your google ads.

Quote
Virus and Trojan Remover
Download Free Trojan & Virus Scan Recommended and Used By The Experts
www.pctools.comK-aspersky Anti-Virus 7.0
2008 Award Winning Anti-Virus Software.

 Age Its not Pestilence I am worried about, sombody could hacked the server etc.

 And quite honestly, it ticks me off you would even insinuate it!!!! >:( >:( >:(

Offline Age

  • D.Net VIP
  • Commander
  • *
  • Posts: 2690
  • Gender: Male
Re: SFC 3 Patch v534 Revision B (v534_b) - Infected with Virus?
« Reply #11 on: June 09, 2008, 04:38:56 pm »
I always trust his work no matter what an AV scanner says I know Pestalence wouldn't put anything on your system.I get this with AVG8.0 as well I just ignore it.On the topic look what I saw on your google ads.

Quote
Virus and Trojan Remover
Download Free Trojan & Virus Scan Recommended and Used By The Experts
www.pctools.comK-aspersky Anti-Virus 7.0
2008 Award Winning Anti-Virus Software.

 Age Its not Pestilence I am worried about, sombody could hacked the server etc.

 And quite honestly, it ticks me off you would even insinuate it!!!! >:( >:( >:(
I aways do my downloading for trusted sites such as this one or Startrek-Gamers.I am not insinuating it.