I just did a Virus Total scan of this file found at:
hxxp://www.eolsoft.com/freeware/winmail_opener/
Virus Total Reports 1 detection of the Backdoor.Blackhole.2005 Trojan
Avast has not picked this up yet.
Jack
I just did a Virus Total scan of this file found at:
hxxp://www.eolsoft.com/freeware/winmail_opener/
Virus Total Reports 1 detection of the Backdoor.Blackhole.2005 Trojan
Avast has not picked this up yet.
Jack
What makes you think this was malware to have sent it to VT ?
A detection rate of 1/41 is usually indicative of an FP, so I wouldn’t expect avast to pick it up along with the other 39 scanners.
First I know nothing about this program - Given the name of the program winmail_opener and what it is likely to do make a connection and collect email it might well be considered by some lessor AV to be a backdoor, etc. because of what it does.
Winmail Opener is a small and simple utility that allows you to view and extract contents of TNEF-encoded messages (infamous winmail.dat). That means if you receive winmail.dat on your e-mail, with Winmail Opener you can view the rich text message contents and attachments embedded into this file.
I too think that 1/40 something detections is a false positive. I did send it to Avast just to be sure. WOT gave it a green light as well, but after I saw that one detection, there was a user who commented on the WOT scorecard, that SpyBot Search and Destroy detected malware when he tried to uninstall the file. Here is his comment:
http://www.mywot.com/en/scorecard/eolsoft.com
I know that SBS&D’s detections are old, but I still want to take whatever something finds to help the community.
So I thought as long as Virus Total did pick up something in this users’ defense, I did send the file to Avast to check it out. Yes, it is probably a FP, but better safe than sorry. Back Door Trojans are scary anyway, by their nature.
I don’t hold a great deal of store in unsupported comments, e.g. exactly what was found (the file detected, location, etc.) and add that the fact it is so old.
You could upload to http://anubis.iseclab.org/?action=home analysis exactly what binaries (executable files) do. But even then without details on the other suspicion by S&D I still doubt it will reveal that much.
Just a heads up,
No viruses were found, but Avast DOES Sandbox WinMail Opener, so take both of those factors into consideration. The Windat file that I had would not open anyway even with the program, so I am having the sender convert the file to another format. (I don’t use Windows Mail or Outlook.)
The main point is that when I sent the program file to the Virus Lab, it is now being sandboxed. However, the “Trojan” being picked up by Virus Total sure seems to be a false positive.
Jack