[sioban]

In fact I've contacted Sunbelt, I'll tell you what they think about that if you're interested.
I'm just frightened that some people have built an ISO with the virus on it...
But if I'm right, it looks like I was unliky as the build was corrected somewhat fast.

@bengt : no problem, I'm trying to be constructive (hum I wonder if this sentence is correct in english )

[rdsok]

I think it is clear that the file that was uploaded for testing is infected.... what is not clear is if it actually came direct from Sunbelt that way or not. I know I had several versions that I was able to test but none of my versions were downloaded on the 24th... but all were the same size and tested clean.

What Sunbelt said would certainly apply to the guessing that is currently going on and I don't know why that hasn't already been posted if it was available.

[sioban]

One thing I've noticed when trying to run the virus Sandboxed and when reading the ThreatExpert/Anubis/CWSandbox report.
It seems it does not spread the infection if the file SBTE.dll is missing (it's a dll you can find if you extract VipreRescue.exe).

[rdsok]

While it may be of interest to some how the malware that infected the version you had on your system ( and I am sure it is certainly of interest to many users that may study the effects of a particular version of a malware ) .... That is not what is important here...

What is important is if the file distributed by Sunbelt that day was infected or not... or was the source of the infection something else.

The difference that the answer to that question makes can be enormous if it did actually come from them or not. Without information on what Sunbelt's reply to this actually is... this thread is meaningless.

So in very simple and direct words... What was in the reply that Sunbelt gave you in the email?


Without an answer to what the email contained... this thread is nothing more than conjecture and/or wild a$$ guesses that can only be categorized as someones wild conspiracy theory based only on some anomalous situation that happened on one computer.

[bengt]

ref #27

[sioban]

They are investigating.
As soon as I have more informations about what they have to say, I'll post it there.

Sorry for the disturbance.

[sioban]

I've just received their answer :

Quote

Hello Jerome,

I apologize for the inconveniences.

This is something

Quote

NFQ: VipreRescueScanner.exe infected

that has been fixed in the latest definitions for the Vipre Rescue Tool. If you download the latest version of Vipre Rescue you will see that it is not infected.

If you have more questions or need further assistance please feel free to contact me.

Thank you,

"Sean Donnelly"
Tier I Consumer Technical Support

SUNBELT SOFTWARE
Email: [email protected]
Phone: +1 (877) 673-1153
Fax: 1-727-562-5199
Web: http://www.sunbelt-software.com
Physical Address:
33 N. Garden Ave.
Suite 1200
Clearwater, Fl 33755
United States

As you can see they admit that VipreRescueScanner.Exe was infected.

[bengt]

sioban, on May 2 2009, 11:19 AM, said:

As you can see they admit that VipreRescueScanner.Exe was infected.

yes, and as several has stated here it was an old file and they say it has been fixed, so it was never a ubcd4win problem

[sioban]

I've never said it was a UBCD4Win problem, and will not.
And I agree it's a not so old file that has been corrected since
But to be able to know if it has been corrected, we must accept that it has been infected, which it was not the case from you (and others) until Sunbelt admitted it !

What I've thought when posting here, it's to warm people like me who have updated their Vipre plugin with this infected file that they might be at risk
Imagine that some might have an ISO with that file and use it on several computer to disinfect friend computers ?
Maybe I'm wrong but I think some may be interested knowing that their file is maybe infected and they need to rebuild their ISO !
It's just a matter of being lucky or not...
To help those, I've found another thread talking about that problem, they're saying that 5106 and 5107 versions contains the virus.

If you think that I was wrong alerting about that, maybe you should rethink about your priorities.

Of course some users of VipreRescue which are not users of UBCD4Win are also at risk but I can't inform them but other mean that informing Sunbelt (which should have made some statement about the urge of updating the scanner on their website).

This post has been edited by sioban: 02 May 2009 - 06:13 AM

[rdsok]

Thanks for posting their response.

[sioban]

rdsok, on May 2 2009, 01:45 PM, said:

Thanks for posting their response.

you're welcome

[NDJeff]

rdsok, on May 2 2009, 01:45 PM, said:

Thanks for posting their response.

Seconded from me, I should have known that Avira was correct in detecting something - they are known for having a very low rate of false positives. Sorry I didn't read your whole series of posts first before posting. I haven't done anything with the one I downloaded at home yet, I'm debating whether to just delete it or if I want to stick it in a VM just to see what happens.

[sioban]

Nothing much happens in a VM, it seems it detect it

[the.it.dude]

sioban, on Apr 29 2009, 10:57 AM, said:

Hi !

I would like to inform you that I think that the VipreRescueScanner.exe I've downloaded recently through the plugin of UBCD4WIN is infected by the virus W32.Almanahe.b!inf

This is the virustotal report : http://www.virustota...d6a00821525ec47

I say so because the virus was first seen by my AV some days ago (24/04/2009) but I've tested the iso today and my pc is now full of it

FYI:

I just updated the plugin today (May 29, 2009) and my Symantec AV detected (and supposedly cleaned) the same virus.

This is scaring me off from using Vipre.

[sioban]

Ouch !!!

Are you able to extract VipreRescueScanner.exe from the .exe archives and give it to me ??

Thanks