mgLaunch ***May contain Trojan!

Giveaway of the day for November 17, 2008 is mgLaunch. ***Warning: May contain Trojan!
[rssless]————————-
I scanned mgLaunch.zip before upzipping it. Kaspersky picked up a trojan!

This may be a false positive, but it may not be. I am not willing to take the risk and I suggest you do not either.

I tried posting this warning in comments for this giveaway but the moderator did not let it go through…=/

————————-

Someone reported that Avira also picked this up as a trojan. I also put this file thru virustotal.com and virusscanner.jotti.org. Virustotal.com is continually getting stuck for me, but jotti.org worked (see results below).

I think Bubby’s comment is very appropriate on this program explaining about why this program might be picked up as a trojan:

There will be reports of a possible Trojan from Kaspersky and A-Squared. All the other main AV Products will find nothing. With this software I fully expect something “unusual” to be detected simply by the nature of what this software does.

Any software that has a function that operates globally across all programs (regardless of what the active program is) has cause to be flagged as “suspicious”. A keylogger operates using a similar technique to implement a global “Hot Key” that has a function regardless what program is running (kind of like “Prt Scr”).

An example of a Global HotKey might be used to capture a window or screen – perhaps being able to hit F12 when playing a game – and capturing a screenshot using another program. The Game only gets to see the filtered keypress’ after another program (with a global keyboard hook) checks for the F12 keypress.

This application sets up a global mouse hook – no matter what application is running at the time – all mouse movement has to be directed through mgLaunch to detect when a gesture command has been made.

The fact a program has code to intercept and watch mouse movement – is most likely why AntiVirus and AntiSpyware software might alert you that they *think* the software might have a trojan installed. Normally you don’t want one program being able to take control and affect other programs.

It is all about knowing what is being detected – and what you know about the software – and asking is this unusual, or the sort of thing I would expect – given the software I am installing.

My biggest difficulty with these programs – I’m a keyboard junkie – and often forget the gestures. For me it is easier and faster to just do stuff using the keyboard (and perhaps the keyboard accelerator type programs we have seen offered before).

I would just like to dispute one thing with Buby (in italics above). Would it not make sense for a virus “developer” to hide a virus behind a program that you would “expect” to be picked up by antivirus? I know if I was creating a virus to infect someone, I would not stick it behind some screensaver or game download. I would use something exactly like this software, which monitors activity, or launches programs, or something to that effect so I could fool people into thinking that is what the program is supposed to do.

Anyway, I downloaded the version of this software from download.com and Kaspersky also picked it up as a trojan. So chances are, this is a false positive.

But I am not going to take the risk – especially considering that cannot even find an official website or contact infor (besides email) for this software developer. Just their mouse gesture website.

——————–

Virusscanner.jotti.org results:

Scanner results
Scan taken on 17 Nov 2008 17:42:52 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Zlob.CA.24
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found BackDoor.W32.SdBot.czl
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Backdoor.Win32.Bifrose.aesv
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found Trojan.DR.Zlob.CJS
VBA32
Found Backdoor.Win32.Bifrose.aesv

[/rssless]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

4 comments

  1. Ashraf
    Author/

    Secret2008,

    Please read my full article before posting. There is no need for you to post Bubby’s comment – if you look above I already posted about it. I also explained that this is most likely a false positive.

    And just for your reference, trojans dont ‘dmg’ your computer. Those are viruses. Trojans are used to steal private information and/or use your computer for spam.

  2. secret2008

    Virus?
    I even use it today and I haven’t seen anything damaged! It’s a false positive.

    Quote from BuBBy on GAOTD:

    “There will be reports of a possible Trojan from Kaspersky and A-Squared. All the other main AV Products will find nothing. With this software I fully expect something “unusual” to be detected simply by the nature of what this software does.

    Any software that has a function that operates globally across all programs (regardless of what the active program is) has cause to be flagged as “suspicious”. A keylogger operates using a similar technique to implement a global “Hot Key” that has a function regardless what program is running (kind of like “Prt Scr”).

    An example of a Global HotKey might be used to capture a window or screen – perhaps being able to hit F12 when playing a game – and capturing a screenshot using another program. The Game only gets to see the filtered keypress’ after another program (with a global keyboard hook) checks for the F12 keypress.

    This application sets up a global mouse hook – no matter what application is running at the time – all mouse movement has to be directed through mgLaunch to detect when a gesture command has been made.

    The fact a program has code to intercept and watch mouse movement – is most likely why AntiVirus and AntiSpyware software might alert you that they *think* the software might have a trojan installed. Normally you don’t want one program being able to take control and affect other programs.

    It is all about knowing what is being detected – and what you know about the software – and asking is this unusual, or the sort of thing I would expect – given the software I am installing.

    My biggest difficulty with these programs – I’m a keyboard junkie – and often forget the gestures. For me it is easier and faster to just do stuff using the keyboard (and perhaps the keyboard accelerator type programs we have seen offered before).”