Contrary to the previous article posted here yesterday, it appears that the “new version” of WoAI’s installer is, in fact, a fake file that potentially contains malware components (i.e. software designed to attack or compromise your computer).
The file has now been removed from Avsim and news of the fake release has been posted at the WoAI forums this morning (24/01/12).
0 Responses
WARNING! This file is infected by “Trojan.MSIL.ND3”!!!
Please, remove it!!!
OK, so it’s passed Avsim’s AV scan, it’s passed my AV scan… I think you might like to look at the possibility that you have got a false positive there. That’s not even a “real” assigned malware name, it’s a generic heuristic one.
ok, well noted. I will re-check this issue. Thanks
Well,
my antivirus (AVAST) put the file in quarentine too indicating infection by trojan Win32:Kryptyk-GQX [Trj]
Deleted by now. Ver.2.4 is working ok!
Edited by Ian P 10:30, 24/01/12
I just downloaded and checked it with AVAST (version 6.0.1367, defs 120123-1) on this notebook and that reported it as clear when downloading and opening the zipfile.
When you attempt to run the executable, it is at that point that the “trojan” seems to be reported. However the name reported for the “trojan” does not seem to be consistent, thus implying that while it is probably infected with malware, it is quite probably a “tweaked” version of existing code or entirely new code. None of the names I’ve been provided with have come up with any direct hits on either Google, nor the AV companies’ sites.
I’ve removed the links from the article above and stickied it. Sorry.
What is the world coming too. Who on earth would bother to attack a tiny freeware product?
It’s not a false positive, but a real Trojan. It managed to switch off my “View Hidden Files” option, and installed a registry item and an .exe file. I don’t know what it might have tried to do to my computer, but fortunately Malwarebytes found it and quarantined it.
Even when I reset “view hidden files” my search of my whole HD failed to find the .exe file, so somehow the author managed to find a way to hide it, although MalwareBytes did find it.
Neither Microsoft Essentials nor Avast Anti-virus full edition detected it.
I think it is important to remove this Trojan.
You’re a bit late to the party, David, sorry.
As the article states and I corrected yesterday, the file has been pulled from Avsim’s library when the malware’s presence was confirmed – although the AV companies don’t seem to have decided what to call it yet, as everyones’ AV is calling it something different. However the malware only showed up once the exe file was run (Avast did detect it on others’ PCs – have you checked your software version?) rather than when downloading or just opening the zip file.
Simmerhead: It’s a very popular freeware file. 607 downloads when I last looked, potentially a thousand plus by the time it was pulled. Depending on what the payload of the malware was, that’s a nice little haul of compromised PCs and/or stolen account details – although tiny compared to that of some of the malware put inside “cracked” software.