After the latest Vps database update, v534-1 , 23/8/05 ;Warez P2P a file sharing program, has been identified by avast! as having/being Win32:Trojan-gen.
I’ve noted a few threads discussing WAREZ P2P after doing a search.
The latest was dated 17 July 2005: http://forum.avast.com/index.php?topic=15082.0
Here’s my report of today:
*Report:-
Task ‘Simple user interface’ used
Started on Wednesday, August 24, 2005 12:25:19 PM
VPS: 0534-1, 23/08/2005
c:\Program Files\Warez P2P Client\Uninstall.exe [L] Win32:Trojan-gen. {Other} (0)
File was successfully moved to chest…
c:\Warez P2P\WarezP2P_DLC.exe [L] Win32:Trojan-gen. {Other} (0)
File was successfully moved to chest…
Infected files: 2
Total files: 4764
Total folders: 1110
Total size: 991.1 MB
1:39 PM 24/08/05
Moved to Chest and scanned.
I’ve always been scared of using such programs, as they have to pose a huge security risk. I have a son who uses them regularly. I took precautions like putting the downlod directories and shared folders into SpybotS&D directories folder and, At the moment he’s using LIMEWIRE .
The point I’m making is that I insisted my Son scan everything he downloaded with avast! , and scan the whole system regularly. As nothing has ever been detected over the last 6 months I’ve become fond of using WAREZ P2P ; and recently moved on to Limewire P2P .
It seems avast! since the latest VPS update has deemed WAREZ P2P as a Win32:Trojan-gen. {Other} (0) ???
I’m posting as a warning to P2P user’s as I know lots of people use these programs. I’m kind of concerned that I felt WAREZ was o.k. after many arguments with my son that it was too risky to use. ; as No AV scanners have reported “IT” in particular.
Now I’m wondering about LIMEWIRE P2P .
Warez has been detectected as in the report above on both My win98SE comp. , and my Son’s winXP SP2 system comp. TODAY only .
I note that it’s the warez program’s .EXE files which are deemed a virus, so my pre-cautions about the downloads were/are useless, but of course necessary. I also took the precaution of setting ZoneAlarm free, to not let these programs act as a server, so nobody was able to UPLOAD from our computer’s.
I’d be interested to here other’s thoughts on any of these matters.
Warez p2p has indeed unwanted things in it, so it should be detected. See here and here
And there are many more places that will tell you.
My advise:
Stay aways from p2p applications. Just buy the music/movies/applications you want. Don’t be a thief.
For many paid applications there is a free alternative.
Some examples:
MS Office > OpenOffice or Staroffice 5
PaintShop Pro/Adobe Photoshop > TheGimp or Irfanview
MS Outlook > Pegasus mail or Thunderbird
etc etc
You can add this file to 2 exclusions lists:
On-access. Left click a blue icon > Standard Shield provider settings > Customize > Advanced > Add it to the exclusion list.
On-demand. Right click a blue icon > Program settings > Exclusions (tab)
Uhmm, I’m confused.
Firstly , Eddy , the only things I or my son download are “legal”. By that I mean only Files from people and sites that " has obtained licenses to distribute ".
Plus a lot of unsigned artists offer their music freely , to get exposure , myself included.
Example : http://www.magnetmix.com/faq.shtml
I’m in no way sanctioning stealing of copyrighted material. Prince, in my Avatar, has fought too hard like, many Artist’s, to stop the theft of their material . I agree with you Eddy that P2P file sharing is not to be encouraged, when 80% of the world’s computer’s are filled with viruses , it’s just an invitation to spread them around. Eddy’s links suggest it’s not safe to run WAREZ, or any P2P programs .
So Tech are you saying this is a false positive? What exactly does Win32:Trojan-gen. {Other} (0) mean ? Sounds very unspecific . It’s been a long time since I’ve had a virus detected on my system. I’ve moved the “Infected” files to “The Chest” .
I was actually wondering why the files, a setup.exe ; and uninstall.exe has been recognised as a virus after 6 months , and now with the uninstaller in the chest I’m scared to restore it to delete the program ! ???
Not wanting to put words into Tech’s mouth, but I don’t believe he is saying it is a false positive, just that if you want to continue using it (your choice) adding it to the exclusions will stop the alerts.
Personally I would check it out at Jotti and if multiple scanners detect it I would choose a different p2p solution.
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner
Virus pattern files are continually updated and on occasion strings of code that identify some virus activity can also identify something else (correctly or not).
Personally I would check it out at Jotti and if multiple scanners detect it I would choose a different p2p solution.
Yeah everyone's right ! :)
http://www.spywareinfo.com/articles/p2p/
Says there that LIMEWIRE 4.9 is Spyware free , so I'll go with that , or my son will find he's got THIS when he get's back from school tomorrow ;)
One thing; I hadn't heard that guy yelling "there's a virus on your computer" for so long , it was quite a novelty ;D
Personally, Warez is off both systems as of 2 hours ago.
Thanks for your help guy's !
To my knowlege Warez p2p being a trojan could because it has spyware and/or adware in it and its detecting that. You could use the Ares network(thats the network Warez connects to) offical client http://www.aresgalaxy.org/ the Regular version used to have adware that you could opt out of installing in the past but its 100% clean now. On that spyware site it says that the lite version is clean, it says the same thing on http://www.slyck.com/ but it just removed the bundled software not that long ago.
I got a virus with this Warez P2P. It’s ads popping up when I’m surfing. So I started the antivirus and during the memory test it found virus in the internal software files. So Avast advised me to boot search for viruses. I did that and moved one infected file to chest
2005-12-18 13:22:28 Nico 2920 Sign of "Win32:Trojan-gen. {Other}" has been found in "c:\windows\system32\msapplg.exe" file.
It also found services.exe in C:\windows\services.exe I also moved this to chest.
So now when scanning is done I still have popup problems.