UBCD4Win Forums: VipreRescueScanner Infected by W32.Almanahe.B!inf - UBCD4Win Forums

Jump to content

  • (4 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • You cannot start a new topic
  • You cannot reply to this topic

VipreRescueScanner Infected by W32.Almanahe.B!inf

#31 User is offline   sioban Icon

  • Member
  • PipPip
    • Group: Members
    • Posts: 40
    • Joined: 24-April 09

    Posted 30 April 2009 - 03:34 PM

    In fact I've contacted Sunbelt, I'll tell you what they think about that if you're interested.
    I'm just frightened that some people have built an ISO with the virus on it...
    But if I'm right, it looks like I was unliky as the build was corrected somewhat fast.

    @bengt : no problem, I'm trying to be constructive ;)(hum I wonder if this sentence is correct in english :D)
    0

    #32 User is offline   rdsok Icon

    • rdsok
    • PipPipPipPipPipPipPipPip
      • Group: Admin
      • Posts: 6,041
      • Joined: 02-October 05
      • Gender:Male
      • Location:Norman, Ok. USA

      Posted 30 April 2009 - 04:49 PM

      I think it is clear that the file that was uploaded for testing is infected.... what is not clear is if it actually came direct from Sunbelt that way or not. I know I had several versions that I was able to test but none of my versions were downloaded on the 24th... but all were the same size and tested clean.

      What Sunbelt said would certainly apply to the guessing that is currently going on and I don't know why that hasn't already been posted if it was available.
      Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
      0

      #33 User is offline   sioban Icon

      • Member
      • PipPip
        • Group: Members
        • Posts: 40
        • Joined: 24-April 09

        Posted 01 May 2009 - 02:00 AM

        One thing I've noticed when trying to run the virus Sandboxed and when reading the ThreatExpert/Anubis/CWSandbox report.
        It seems it does not spread the infection if the file SBTE.dll is missing (it's a dll you can find if you extract VipreRescue.exe).
        0

        #34 User is offline   rdsok Icon

        • rdsok
        • PipPipPipPipPipPipPipPip
          • Group: Admin
          • Posts: 6,041
          • Joined: 02-October 05
          • Gender:Male
          • Location:Norman, Ok. USA

          Posted 01 May 2009 - 02:37 AM

          While it may be of interest to some how the malware that infected the version you had on your system ( and I am sure it is certainly of interest to many users that may study the effects of a particular version of a malware ) .... That is not what is important here...

          What is important is if the file distributed by Sunbelt that day was infected or not... or was the source of the infection something else.

          The difference that the answer to that question makes can be enormous if it did actually come from them or not. Without information on what Sunbelt's reply to this actually is... this thread is meaningless.

          So in very simple and direct words... What was in the reply that Sunbelt gave you in the email?


          Without an answer to what the email contained... this thread is nothing more than conjecture and/or wild a$$ guesses that can only be categorized as someones wild conspiracy theory based only on some anomalous situation that happened on one computer.
          Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
          0

          #35 User is offline   bengt Icon

          • Skeptic
          • PipPipPipPipPipPip
            • Group: Donator/Beta Tester
            • Posts: 1,262
            • Joined: 16-December 05
            • Gender:Male
            • Location:Bork, bork, bork

            Posted 01 May 2009 - 02:44 AM

            ref #27 :boxing:
            0

            #36 User is offline   sioban Icon

            • Member
            • PipPip
              • Group: Members
              • Posts: 40
              • Joined: 24-April 09

              Posted 01 May 2009 - 02:26 PM

              They are investigating.
              As soon as I have more informations about what they have to say, I'll post it there.

              Sorry for the disturbance.
              0

              #37 User is offline   sioban Icon

              • Member
              • PipPip
                • Group: Members
                • Posts: 40
                • Joined: 24-April 09

                Posted 02 May 2009 - 04:19 AM

                I've just received their answer :

                Quote

                Hello Jerome,

                I apologize for the inconveniences.

                This is something

                Quote

                NFQ: VipreRescueScanner.exe infected
                that has been fixed in the latest definitions for the Vipre Rescue Tool. If you download the latest version of Vipre Rescue you will see that it is not infected.

                If you have more questions or need further assistance please feel free to contact me.

                Thank you,

                "Sean Donnelly"
                Tier I Consumer Technical Support

                SUNBELT SOFTWARE
                Email: [email protected]
                Phone: +1 (877) 673-1153
                Fax: 1-727-562-5199
                Web: http://www.sunbelt-software.com
                Physical Address:
                33 N. Garden Ave.
                Suite 1200
                Clearwater, Fl 33755
                United States


                As you can see they admit that VipreRescueScanner.Exe was infected.
                0

                #38 User is offline   bengt Icon

                • Skeptic
                • PipPipPipPipPipPip
                  • Group: Donator/Beta Tester
                  • Posts: 1,262
                  • Joined: 16-December 05
                  • Gender:Male
                  • Location:Bork, bork, bork

                  Posted 02 May 2009 - 04:34 AM

                  View Postsioban, on May 2 2009, 11:19 AM, said:

                  As you can see they admit that VipreRescueScanner.Exe was infected.

                  yes, and as several has stated here it was an old file and they say it has been fixed, so it was never a ubcd4win problem
                  0

                  #39 User is offline   sioban Icon

                  • Member
                  • PipPip
                    • Group: Members
                    • Posts: 40
                    • Joined: 24-April 09

                    Posted 02 May 2009 - 05:56 AM

                    I've never said it was a UBCD4Win problem, and will not.
                    And I agree it's a not so old file that has been corrected since
                    But to be able to know if it has been corrected, we must accept that it has been infected, which it was not the case from you (and others) until Sunbelt admitted it !

                    What I've thought when posting here, it's to warm people like me who have updated their Vipre plugin with this infected file that they might be at risk
                    Imagine that some might have an ISO with that file and use it on several computer to disinfect friend computers ?
                    Maybe I'm wrong but I think some may be interested knowing that their file is maybe infected and they need to rebuild their ISO !
                    It's just a matter of being lucky or not...
                    To help those, I've found another thread talking about that problem, they're saying that 5106 and 5107 versions contains the virus.

                    If you think that I was wrong alerting about that, maybe you should rethink about your priorities.

                    Of course some users of VipreRescue which are not users of UBCD4Win are also at risk but I can't inform them but other mean that informing Sunbelt (which should have made some statement about the urge of updating the scanner on their website).

                    This post has been edited by sioban: 02 May 2009 - 06:13 AM

                    0

                    #40 User is offline   rdsok Icon

                    • rdsok
                    • PipPipPipPipPipPipPipPip
                      • Group: Admin
                      • Posts: 6,041
                      • Joined: 02-October 05
                      • Gender:Male
                      • Location:Norman, Ok. USA

                      Posted 02 May 2009 - 01:45 PM

                      Thanks for posting their response.
                      Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
                      0

                      #41 User is offline   sioban Icon

                      • Member
                      • PipPip
                        • Group: Members
                        • Posts: 40
                        • Joined: 24-April 09

                        Posted 02 May 2009 - 02:10 PM

                        View Postrdsok, on May 2 2009, 01:45 PM, said:

                        Thanks for posting their response.


                        you're welcome :)
                        0

                        #42 User is offline   NDJeff Icon

                        • Newbie
                        • Pip
                          • Group: Members
                          • Posts: 5
                          • Joined: 24-April 09

                          Posted 04 May 2009 - 01:12 PM

                          View Postrdsok, on May 2 2009, 01:45 PM, said:

                          Thanks for posting their response.

                          Seconded from me, I should have known that Avira was correct in detecting something - they are known for having a very low rate of false positives. Sorry I didn't read your whole series of posts first before posting. I haven't done anything with the one I downloaded at home yet, I'm debating whether to just delete it or if I want to stick it in a VM just to see what happens.
                          0

                          #43 User is offline   sioban Icon

                          • Member
                          • PipPip
                            • Group: Members
                            • Posts: 40
                            • Joined: 24-April 09

                            Posted 04 May 2009 - 01:24 PM

                            Nothing much happens in a VM, it seems it detect it
                            0

                            #44 User is offline   the.it.dude Icon

                            • Newbie
                            • Pip
                              • Group: Members
                              • Posts: 2
                              • Joined: 29-May 09

                              Post icon  Posted 29 May 2009 - 09:44 AM

                              View Postsioban, on Apr 29 2009, 10:57 AM, said:

                              Hi !

                              I would like to inform you that I think that the VipreRescueScanner.exe I've downloaded recently through the plugin of UBCD4WIN is infected by the virus W32.Almanahe.b!inf

                              This is the virustotal report : http://www.virustota...d6a00821525ec47

                              I say so because the virus was first seen by my AV some days ago (24/04/2009) but I've tested the iso today and my pc is now full of it :(


                              FYI:

                              I just updated the plugin today (May 29, 2009) and my Symantec AV detected (and supposedly cleaned) the same virus.

                              This is scaring me off from using Vipre.
                              0

                              #45 User is offline   sioban Icon

                              • Member
                              • PipPip
                                • Group: Members
                                • Posts: 40
                                • Joined: 24-April 09

                                Posted 29 May 2009 - 09:54 AM

                                Ouch !!!

                                Are you able to extract VipreRescueScanner.exe from the .exe archives and give it to me ??

                                Thanks
                                0

                                • (4 Pages)
                                • +
                                • 1
                                • 2
                                • 3
                                • 4
                                • You cannot start a new topic
                                • You cannot reply to this topic

                                1 User(s) are reading this topic
                                0 members, 1 guests, 0 anonymous users