Hi malware fighters,
Is this download trojaned? hxtp://www.televisiontunes.com/download.php?f=Midsomer_Murders
Can anybody comment, the apparent trojan was in id.exe - I have avast made avast delete it,
Sign of “Win32:Fraudo [Trj]” has been found in “C:\Documents and Settings\Polonus\Mijn documenten\Downloads\id.exe[UPX]” file.
polonus
I doubt anyone can comment, especially since you deleted it.
I would have though you would have known better ;D not to delete but investigate.
Why didn’t you send it to Chest? ???
Someone’s hacked Polonus’ account! 
File, Midsomer_Murders.mp3, from website hxxp://www.televisiontunes.com/download.php?f=Midsomer_Murders appears to be clean.
VirusTotal Analysis
Avast displays the same virus warning when trying to download id.exe from grc.com.
Yes there are some legit files called this, but there are also some malicious files with this name, though it is a bit strange getting a detection on grc.com, but if it is a tool to check test security, it could well be tarred with the same brush as malicious use.
http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=id.exe
and
http://www.threatexpert.com/files/id.exe.html
Hi curb weight,
Good observation, I had this file on an USB stck and now avast flags this in the same manner, and I cannot longer use it.:
Trying to download it.
Sign of “Win32:Fraudo [Trj]” has been found in “http://www.grc.com/files/id.exe\[UPX]” file.
And trying to approach the version I had on my USB stick:
Sign of “Win32:Fraudo [Trj]” has been found in “K:\id.exe[UPX]” file.
I placed it in the chest and will forward it to avast.
I think they flagged it because of the UPX packer, which can be used for good and for bad.
Unmodified UPX packing is often detected and unpacked by anti-virus scanners.
So Gibson’s id.exe now comes in the realm of the risktools. I would rather say this is a FP, certainly as one has willingly and intentionally installed this.
I think if you downloaded it yourself knowing what you did, then avast should not flag it.
Come on avast give advanced users the possibility to set their “risk- or analyzing tools” free.
This file has been scanned already:
MD5: 0a8a2888c3d28476f6dfbb5b408c917b
First received: 2008.08.01 21:15:15 UTC
Datum: 2009.07.02 20:58:39 UTC [>9D]
Resultaat: 2/40
Permalink: analisis/774d5925a34ec12dc59e6e5a46a6ce01b40bfca331dc05ad88798cd8c91fb301-1246568319
Scanned it again now:
I know a lot of the big av go even further and especially MacAfee’s version for small firms does not allow anything that could be frowned upon or could be risky in the eye of the network admin or owner of the PC, they even would go as far as to “take your shoelaces from your boots” during a scan if that was a risktool. Protecting users against nasty present coming with a MP3 download is off course a good thing, but where can you discriminate between the good, the bad and the ugly. Throw away the baby with that bath water because there is so much abuse. One should also be able to exclude the legit version of this or have a chance to rename it,
polonus