| Autor |
Nachricht |
Katherine
Anmeldedatum: 15.05.2012
Beiträge: 4
|
 Verfasst am:
Di Mai 15, 2012 22:51 |
  |
when I installed the MyPhoneExplorerer software on my computer, Norton 360 reported that it blocked trojan.ADH.2 associated with the installmanager.exe file.
you might want to look into that. The following is the threat report from Norton:
Full Path: c:\users\user\appdata\local\temp\nstf22d.tmp\installmanager.exe
Threat: Trojan.ADH.2
____________________________
____________________________
On computers as of 5/15/2012 at 4:39:21 PM
Last Used 5/15/2012 at 4:39:21 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
http://www.westsafetodl.com/nsi/nsis-2.46/MyPhoneExplorer_v2_5185.exe Downloaded File installmanager.exe
Threat name:
Trojan.ADH.2 from
westsafetodl.com
____________________________
File Actions
File: c:\users\user\appdata\local\temp\nstf22d.tmp\installmanager.exe
Blocked
____________________________
File Thumbprint - SHA:
d4081f96ac4e7b855153b0149e650a9ad8a4216c2f80c66ac5b90398dc4a4a6b
____________________________
File Thumbprint - MD5:
f3d01ee2c3b0103a9d13dcfc15e81aad
____________________________
I just noticed a second threat message also appeared in Norton 360 pertaining to this:
Full Path: c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\ctvf8j08\myphoneexplorer_v2_5185[1].exe
Threat: Trojan.ADH.2
____________________________
____________________________
On computers as of 5/15/2012 at 4:39:19 PM
Last Used 5/15/2012 at 4:39:19 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
http://www.westsafetodl.com/nsi/nsis-2.46/MyPhoneExplorer_v2_5185.exe Downloaded File myphoneexplorer_v2_5185[1].exe
Threat name:
Trojan.ADH.2 from
westsafetodl.com
____________________________
File Actions
File: c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\ctvf8j08\myphoneexplorer_v2_5185[1].exe
Blocked
____________________________
File Thumbprint - SHA:
d4081f96ac4e7b855153b0149e650a9ad8a4216c2f80c66ac5b90398dc4a4a6b
____________________________
File Thumbprint - MD5:
f3d01ee2c3b0103a9d13dcfc15e81aad
____________________________
Also note: I scanned the file with Norton BEFORE I installed it, and it came up okay. It was only after I tried to install it that the message came up. |
|
|
  |
|
Reff
Anmeldedatum: 16.05.2012
Beiträge: 5
|
| Verfasst am:
Mi Mai 16, 2012 01:53 |
|
I also had this problem today 15May2012 |
|
|
|
|
taparoles
Anmeldedatum: 01.12.2011
Beiträge: 48
|
| Verfasst am:
Mi Mai 16, 2012 16:20 |
|
Reff, do you also use Norton 360 ?
Katherine and Reff, where did you download MyPhoneExplorer from ?
-If you downloaded it from westsafetodl.com, which is a well known malicious site, then I guess it's not a surprise.
You can easily test westsafetodl.com with various methods, for example enter it in this one :
http://global.sitesafety.trendmicro.com/
-If you downloaded MyPhoneExplorer from the official site (fjsoft.at), that would be a big problem for everyone :
It seems (from your logs) that the download from westsafetodl.com was automatically issued by the installmanager, which would imply that it's written in MyPhoneExplorer itself.
As this would have serious implications, I hope that's not the case. |
|
|
|
|
Katherine
Anmeldedatum: 15.05.2012
Beiträge: 4
|
| Verfasst am:
Mi Mai 16, 2012 16:28 |
|
I downloaded it from fjsoft.at site.
I went directly to the download page and clicked the download link near the top of the page. It says it downloaded from project2.project66.de
You may want to check your download file to see if it's been hacked or tampered with. |
|
|
|
|
Reff
Anmeldedatum: 16.05.2012
Beiträge: 5
|
| Verfasst am:
Mi Mai 16, 2012 17:33 |
|
I use Norton Internet Security. I went to your site and then followed links to a download. I believe that typed MyPhoneExplorer into Google. It took me to your sitefjsoft.at. I then clicked download and then clicked the image on the right. I have looked in my Firefox download folder and it says MyPhoneExplorer_Setup_1.8.2.exe 4.5MB - fjsoft.at
I checked with norton when I received the warning and it seems it can be a false alarm. It said it had quarantined the trojan. The application seems to be running OK. I do have a problem for which I will raise another forum entry. |
|
|
|
|
taparoles
Anmeldedatum: 01.12.2011
Beiträge: 48
|
| Verfasst am:
Mi Mai 16, 2012 17:35 |
|
| Katherine hat Folgendes geschrieben: | | You may want to check your download file to see if it's been hacked or tampered with. |
I don't work here, I'm just a user.
I hope the author of MyPhoneExplorer (FJ) will shed some light here.
| Katherine hat Folgendes geschrieben: |
I went directly to the download page and clicked the download link near the top of the page. It says it downloaded from project2.project66.de
|
It could be a false positive, but westsafetodl.com has a really bad reputation, I don't understand why FJ would use it. |
|
|
|
|
Katherine
Anmeldedatum: 15.05.2012
Beiträge: 4
|
| Verfasst am:
Mi Mai 16, 2012 21:09 |
|
| taparoles hat Folgendes geschrieben: | | Katherine hat Folgendes geschrieben: | | You may want to check your download file to see if it's been hacked or tampered with. |
I don't work here, I'm just a user.
I hope the author of MyPhoneExplorer (FJ) will shed some light here. |
Okay, well, I guess FJ has been hacked or tampered with.
| taparoles hat Folgendes geschrieben: | | Katherine hat Folgendes geschrieben: |
I went directly to the download page and clicked the download link near the top of the page. It says it downloaded from project2.project66.de
|
It could be a false positive, but westsafetodl.com has a really bad reputation, I don't understand why FJ would use it. |
Best as I can tell, the original software download didn't download from westsafetodl.com. It downloaded from project66.de. Now I don't know if there is a connection between the two. I'm thinking that the setup file was hacked to download a virus infected program/file from westsafetodl.com during the installation process.
FJSoft does say on their website that they just got a new hosting company that volunteered to host the software download--and it does display the Project66 logo on the page as the download site. Maybe the project66 site security is not what it should be, or maybe the hosting people had a motive to want to host it--like adding extra lines of code to the hosted software downloads. Who knows?
Why do people spread viruses and trojans...? The world is f'd up. |
|
|
|
|
Katherine
Anmeldedatum: 15.05.2012
Beiträge: 4
|
| Verfasst am:
Do Mai 17, 2012 03:56 |
|
FYI, I was looking at the files again, and at my post here, and I noticed that I didn't mention that the file I downloaded, and what is showing in my list of downloaded files is:
MyPhoneExplorer_Setup_1.8.2.exe
This is the file I downloaded and installed.
The file path/link for the download shows as:
http://download2.project66.de/MyPhoneExplorer_Setup_1.8.2.exe
The name of this file and the file path in the Norton 360 report do not match, so the file I downloaded must have some code in it to download the trojan file(s) during installation, and that would explain why the virus scan did not pick up the trojan when I scanned the setup file before I installed it. |
|
|
|
|
taparoles
Anmeldedatum: 01.12.2011
Beiträge: 48
|
| Verfasst am:
Fr Mai 18, 2012 11:03 |
|
| Katherine hat Folgendes geschrieben: |
Why do people spread viruses and trojans...? The world is f'd up. |
Some smartphones are full of confidential informations (credit card number or ID, passwords, social security number, etc...).
People can make money out of these informations, so instead of getting a useful job, they steal from us (until one of those thief's street address is known...). |
|
|
|
|
FJ
Site Admin
Anmeldedatum: 15.02.2006
Beiträge: 31906
Wohnort: Tirol
|
| Verfasst am:
So Mai 20, 2012 23:45 |
|
My site was not hacked and the setup was also not changed in the last weeks. But this antivirus issue is new. The file InstallManager.exe is downloaded during the setup process. It is the promotion screen which is a help to finance the development of MyPhoneExplorer. I don't think its a Trojan cause i trust in my promotion partner. The AV-Issues for these promotion screens get more and more common. It seems the AV-Producers try to flag as much as possible files to create a good feeling for the user ("Oh thanks god, Norton protected my PC"). In fact the promotion screen does read the country where you live to give a better advertising, but this is done with all other browser promotion too.
But anyway - such AV issues are not good for the trust in FJSoft and MyPhoneExplorer. I did send a clear statement to my promotion partner and i hope they will fix this issue asap. |
_________________
Ich bitte um Verständnis daß ich aufgrund des hohen Aufkommens im Forum und meines zeitlichen Rahmens nichtmehr jeden Thread im Forum persönlich lesen bzw. beantworten kann.
Bitte benutzt auch die Forum-Suche bzw. die FAQ |
|
  |
|
|
|
