Main Area and Open Discussion > General Software Discussion

A Trojan in "Captain.exe" ?!

(1/3) > >>

beslam:
Hello,
I analyzed Captain.exe with VirusTotal ( www.virustotal.com ) with 40+ different antivirus and I got as a result that a trojan named "Trojan.Win32.Swisyn.spa" infect Captain.exe  :huh:
Can everyone tell me anything about this, please ?!
Thanx.

mouser:
two questions:

1) where is captain.exe from and what is it?
2) can you give us the url virustotal gives you where it displays its report so we can see?

beslam:
1/ I doawnloaded captain.exe from https://www.donationcoder.com/Software/Skrommel/index.html#Captain

2/ The adress of the report of virustotal :
http://www.virustotal.com/analisis/20cd04699b934cef1c674de4b24d8115a7a1655c932be4fd0b0d3a53f9f25b1d-1268877433

mouser:
ok, thank you.


* this is almost certainly a false positive, triggered not too unfrequently on compiled scripts written in the autohotkey language.  there is no virus or trojan.  it's a false alarm.
* you can download the source .ahk file from that same page and run it without it being compiled at all, if you are wary.
* usually we see only 1 stupid antivirus program flagging a compiled ahk as dangerous.. this time its a ton of them.. i suspect that it's because skrommel has build these so long ago.  it's DEEPLY troubling and fills me with anger at these antivirus companies for being so damn stupid and lazy to do this.  i simply can't express how irresponsible it is for them to generically flag programs as viruses just because they were compiled with a certain packaging program.  but i've ranted against this for so long in so many posts i'm just exhausted from it.
* i will try to get skrommel to rebuild his ahks so these alerts stop.

mouser:
follow up:
we need to fix skrommels compiled ahks and remove the upx right away, if there are this many antivirus tools falsely flagging these, this just confirms that the antivirus companies have effectively made it impossible to ever use UPX to pack anything again.  i feel horribly for UPX because this is deeply unfair to them, but as i said in this post, it is simply impossible to use UPX without getting massively and repeatedly flagged improperly as being a trojan -- there is no other solution at this point but to absolutely forbid the use of upx on any program uploaded to DC.

anyone associated with UPX who wants my help fighting the antivirus companies to get them to stop this outrageous (and perhaps legally liable for damages) behavior, just ask.  but until they do stop, we have no choice but to outlaw the use of upx on any dc related software, immediately.  the damage to the site is just too high.

Navigation

[0] Message Index

[#] Next page