CG 7.2e Virus Alert

[beachknight]

just downloaded CG 7.2e.exe [588KB] from:

http://www.chessgenius.com/pc/index.html

My antivirus program alerted me this file
has a trojan in it.

Just deleted the file.

Best,

[swami]

Which anti virus program do you use? some programs like Zone alarm gives false alert. I have Avast installed. I had Kaspersky and Avg as well, both are really good. It maybe a virus, but you'd have have to install atleast two anti virus programs for better reliability.

[beachknight]

just looked at the version:
avg version 8.0.156

best,

[swami]

Avg, now that's really a good anti virus program, Can't believe there's a virus file in Chessgenius site... you should contact them, Richard Lang often replies to users mails personally, I had sent him an email enquiring about the Chessgenius for Mobile and CG and Uci. I got the replies promptly.

[beachknight]

Perhaps, there is an infection in my comp.

I'll make a full scan, before contacting CG
site.

best,

[Jim Ablett]

Read here >
http://64.68.157.89/forum/viewtopic.php ... ght=genius

Jim.

[beachknight]

Thank you, Jim.

I understand some av progs find
this file suspicious, and some not.

It appears that I downloaded the file
two months ago. AVG does not give
a trojan alert in the meantime. AVG
found both files, ie the one that I
got today and the former one,
threatful this time.

Latest signature files that I downloaded
today should be declared as guilty.

Best,

[opraus]

Been using AVG for years. Highly recommended.

Thanks for the heads-up though, these nasties are everywhere! But they live and breathe among the unsuspecting and unprotected computers. The more of us who use and update anti-malware, the fewer places they have to live and breed. Own your machine. http://www.debog.com

[Philippe]

You can use virustotal.com & virusscan.jotti.org, both of them scan one file.

Analyse from virustotal.com

9/36 (25%)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.13.0 2008.08.14 -
AntiVir 7.8.1.19 2008.08.14 -
Authentium 5.1.0.4 2008.08.14 -
Avast 4.8.1195.0 2008.08.14 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.08.14 Generic10.BHJM
BitDefender 7.2 2008.08.14 -
CAT-QuickHeal 9.50 2008.08.14 Trojan.KillWin.gv
ClamAV 0.93.1 2008.08.14 -
DrWeb 4.44.0.09170 2008.08.14 -
eSafe 7.0.17.0 2008.08.14 -
eTrust-Vet 31.6.6032 2008.08.14 -
Ewido 4.0 2008.08.14 -
F-Prot 4.4.4.56 2008.08.14 -
F-Secure 7.60.13501.0 2008.08.14 Trojan.Win32.KillWin.gv
Fortinet 3.14.0.0 2008.08.14 W32/KillWin.GV!tr
GData 2.0.7306.1023 2008.08.14 Trojan.Win32.KillWin.gv
Ikarus T3.1.1.34.0 2008.08.14 Trojan.Win32.KillWin.gv
K7AntiVirus 7.10.413 2008.08.13 -
Kaspersky 7.0.0.125 2008.08.14 Trojan.Win32.KillWin.gv
McAfee 5360 2008.08.13 -
Microsoft 1.3807 2008.08.14 -
NOD32v2 3355 2008.08.14 -
Norman 5.80.02 2008.08.14 -
Panda 9.0.0.4 2008.08.14 -
PCTools 4.4.2.0 2008.08.14 -
Prevx1 V2 2008.08.14 -
Rising 20.57.32.00 2008.08.14 -
Sophos 4.32.0 2008.08.14 -
Sunbelt 3.1.1542.1 2008.08.13 -
Symantec 10 2008.08.14 -
TheHacker 6.3.0.3.046 2008.08.13 -
TrendMicro 8.700.0.1004 2008.08.14 -
VBA32 3.12.8.3 2008.08.14 Trojan.Win32.KillWin.gv
ViRobot 2008.8.14.1337 2008.08.14 -
VirusBuster 4.5.11.0 2008.08.14 -
Webwasher-Gateway 6.6.2 2008.08.14 -
Information additionnelle
File size: 601212 bytes
MD5...: 0023a05fb74b4f5ea0d611158b4ae41d
SHA1..: d1d30b4b617c8755e4c962683b41da9c661772b3
SHA256: f34f9e911e7c3ab640259825f0270a9de70cbbc34c5b0f920de05d0763304f63
SHA512: 70f3349276c3cca350f7ec4becefb99444d9cf749a1501fa340df60fcc2e851c<br>6b9f7ac835cc9cebb138e34cef46e34c6b1d8ac19afba0f836efc1b577ebe086
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401226<br>timedatestamp.....: 0x4433860b (Wed Apr 05 08:55:39 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xc91 0xe00 5.93 a5bbbda512505c3ab0b7633e6ac24dfb<br>.rdata 0x2000 0x78 0x200 0.70 31524bf2854a21fd40eb6e35cd741fc7<br>.data 0x3000 0x504 0x400 3.13 2a80a1888bb5580ffa798b0a50878e80<br>.idata 0x4000 0x2b0 0x400 3.45 8bd8bd34f33336021297385b99cf9514<br>.reloc 0x5000 0x12c 0x200 3.29 1a426261ccd8cb5b525d7a9d1a26c2e0<br>.gentee 0x6000 0x14edb 0x15000 8.00 cecc568e33d20e9f594ac42a062bda58<br>.rsrc 0x1b000 0x4000 0x3800 6.74 fc4c377ba2544aa9674ae1033a0d3699<br><br>( 2 imports ) <br>&gt; KERNEL32.dll: lstrlenA, ExitProcess, lstrcatA, lstrcpyA, RemoveDirectoryA, DeleteFileA, FreeLibrary, CloseHandle, GetProcAddress, LoadLibraryA, WriteFile, CreateFileA, CreateDirectoryA, lstrcmpA, GetFileAttributesA, GetTempPathA, GetModuleHandleA, GetFileSize, GetLastError, CreateMutexA, GetModuleFileNameA, VirtualAlloc, VirtualFree<br>&gt;
USER32.dll: wsprintfA, MessageBoxA<br><br>( 0 exports ) <br>

FRom virusscan.jotti

ChessGenius_PC.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 0023a05fb74b4f5ea0d611158b4ae41d

Scan taken on 14 Aug 2008 16:57:35 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Trojan-gen {Other}
AVG Antivirus
Found Generic10.BHJM
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.KillWin.gv
Fortinet
Found nothing
Ikarus
Found Trojan.Win32.KillWin.gv
Kaspersky Anti-Virus
Found Trojan.Win32.KillWin.gv
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan.Win32.KillWin.gv

[beachknight]

Thanks, Phil,

I suspected an infection on my comp.
Perhaps that could be the case for
CG side.

Best,