Giveaway of the day for November 17, 2008 is mgLaunch. ***Warning: May contain Trojan!
[rssless]————————-
I scanned mgLaunch.zip before upzipping it. Kaspersky picked up a trojan!
This may be a false positive, but it may not be. I am not willing to take the risk and I suggest you do not either.
I tried posting this warning in comments for this giveaway but the moderator did not let it go through…=/
————————-
Someone reported that Avira also picked this up as a trojan. I also put this file thru virustotal.com and virusscanner.jotti.org. Virustotal.com is continually getting stuck for me, but jotti.org worked (see results below).
I think Bubby’s comment is very appropriate on this program explaining about why this program might be picked up as a trojan:
There will be reports of a possible Trojan from Kaspersky and A-Squared. All the other main AV Products will find nothing. With this software I fully expect something “unusual” to be detected simply by the nature of what this software does.
Any software that has a function that operates globally across all programs (regardless of what the active program is) has cause to be flagged as “suspicious”. A keylogger operates using a similar technique to implement a global “Hot Key” that has a function regardless what program is running (kind of like “Prt Scr”).
An example of a Global HotKey might be used to capture a window or screen – perhaps being able to hit F12 when playing a game – and capturing a screenshot using another program. The Game only gets to see the filtered keypress’ after another program (with a global keyboard hook) checks for the F12 keypress.
This application sets up a global mouse hook – no matter what application is running at the time – all mouse movement has to be directed through mgLaunch to detect when a gesture command has been made.
The fact a program has code to intercept and watch mouse movement – is most likely why AntiVirus and AntiSpyware software might alert you that they *think* the software might have a trojan installed. Normally you don’t want one program being able to take control and affect other programs.
It is all about knowing what is being detected – and what you know about the software – and asking is this unusual, or the sort of thing I would expect – given the software I am installing.
My biggest difficulty with these programs – I’m a keyboard junkie – and often forget the gestures. For me it is easier and faster to just do stuff using the keyboard (and perhaps the keyboard accelerator type programs we have seen offered before).
I would just like to dispute one thing with Buby (in italics above). Would it not make sense for a virus “developer” to hide a virus behind a program that you would “expect” to be picked up by antivirus? I know if I was creating a virus to infect someone, I would not stick it behind some screensaver or game download. I would use something exactly like this software, which monitors activity, or launches programs, or something to that effect so I could fool people into thinking that is what the program is supposed to do.
Anyway, I downloaded the version of this software from download.com and Kaspersky also picked it up as a trojan. So chances are, this is a false positive.
But I am not going to take the risk – especially considering that cannot even find an official website or contact infor (besides email) for this software developer. Just their mouse gesture website.
——————–
Virusscanner.jotti.org results:
Scanner results
|
|
Scan taken on 17 Nov 2008 17:42:52 (GMT) | |
A-Squared |
Found nothing
|
AntiVir |
Found TR/Zlob.CA.24
|
ArcaVir |
Found nothing
|
Avast |
Found nothing
|
AVG Antivirus |
Found nothing
|
BitDefender |
Found nothing
|
ClamAV |
Found nothing
|
CPsecure |
Found BackDoor.W32.SdBot.czl
|
Dr.Web |
Found nothing
|
F-Prot Antivirus |
Found nothing
|
F-Secure Anti-Virus |
Found nothing
|
G DATA |
Found nothing
|
Ikarus |
Found nothing
|
Kaspersky Anti-Virus |
Found Backdoor.Win32.Bifrose.aesv
|
NOD32 |
Found nothing
|
Norman Virus Control |
Found nothing
|
Panda Antivirus |
Found nothing
|
Sophos Antivirus |
Found nothing
|
VirusBuster |
Found Trojan.DR.Zlob.CJS
|
VBA32 |
Found Backdoor.Win32.Bifrose.aesv
|
[/rssless]