Possible Infected Docklet

from WinCustomize Forums

I recently downloaded a mail checking docklet from the ObjectDock Gallery (Docklets section). When I unzipped it, my McAfee Security Centre popped up to inform me that it had detected and safely removed the Banker Trojan. This may or may not have been a coincidence, so I dont think I should name the Docklet here. Perhaps the Moderators might look at all the Mail Checking Docklets in the Gallery (there's not that many) to see what they might find.

11,192 views 13 replies
Reply #1 from WinCustomize Forums Top

This may or may not have been a coincidence, so I dont think I should name the Docklet here.

You can always PM a moderator with the name of the docklet rather than have to hunt-and peck through the list.

 

Check the lower part of the page for PM links - https://forums.wincustomize.com/user/1121551

+2 Loading…
Reply #2 from WinCustomize Forums Top

Post the url.  Call it a warning until it's confirmed.

+1 Loading…
Object Desktop - Get all of our enhancement utilities in one suite
Reply #3 from WinCustomize Forums Top

Thanks Hankers and Zubaz for such a quick response. I took the PM route.

Reply #4 from WinCustomize Forums Top

Gammeldansk
What AV are you using?  AVG found nothing here.

Reply #5 from WinCustomize Forums Top

Hi Zubaz. I'm using McAfee Virus Scan 13.3.117 updated today (its a component of McAfee Security Centre preinstalled on my system). I did another download of the docklet in question and ran a scan on the ZIP with the same result - PWS Banker Trojan detected and quarantined. I can understand an antivirus program reporting a false alarm, but why be so specific about the alleged infection's name.

Reply #6 from WinCustomize Forums Top

I can understand an antivirus program reporting a false alarm, but why be so specific about the alleged infection's name.

Typically any false-positive confuses a clean file with a specific signature....as is most likely the case here.

My AV shows it as clean [Bitdefender] and it's about as up-to-date as any AV ....it checks for sig updates every hour....eg..

last check 04/04/2009 9.26.24

last update 04/04/2009 8.28.18  [I'm in Australia]...;)

Reply #7 from WinCustomize Forums Top

Guess its a false alarm then. But to be on the safe side I think I'll stick with my Windows Sidebar Mail Notifier - its never failed me. Many thanks for your help Zubaz, Hankers and Jafo.

Reply #8 from WinCustomize Forums Top

Just in case you want to be sure... you can upload the file to VirusTotal http://www.virustotal.com/ . It will get scanned with all the top industry antivirus engines and you can see the results ... It's a very good way to know if it's false positive or not.

Reply #9 from WinCustomize Forums Top

My apologies to the author of the docklet in question. The problem was highlighted in good faith and turned out to be a quirk in the way different AVs report their findings.

Reply #10 from WinCustomize Forums Top

Check the lower part of the page for PM links

I did not know that. (Saved for future referance)  :karma:  

Reply #11 from WinCustomize Forums Top

Thank you for posting your concern.  It's always best to check these things out.

Reply #12 from WinCustomize Forums Top

Better to be safe than sorry.  No harm done.

My AV (AVG) came up blank too.  But then I looked at teh age of teh docklet, the number of downloads, the lack of any other reports of virus activity in the comments and figured it was ok.

Reply #13 from WinCustomize Forums Top

Over the years there's been a few uploads here that have raised alarms.....but almost all are found prior to being made public.

As you see there's bound to be the odd one or three that slip through....though they are usually found later due to a signature revision/update.

Commonly they are compression algorithms that are often found also in/with virii...so the alarm[s] go off.

It's always best to let us know if one does....so it can be rechecked and pulled from public if needed....so thanks again, Gammeldansk ....;)