To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Contrary to the previous article posted here yesterday, it appears that the “new version” of WoAI’s installer is, in fact, a fake file that potentially contains malware components (i.e. software designed to attack or compromise your computer).
0 Responses
WARNING! This file is infected by “Trojan.MSIL.ND3”!!!
Please, remove it!!!
OK, so it’s passed Avsim’s AV scan, it’s passed my AV scan… I think you might like to look at the possibility that you have got a false positive there. That’s not even a “real” assigned malware name, it’s a generic heuristic one.
ok, well noted. I will re-check this issue. Thanks
Well,
my antivirus (AVAST) put the file in quarentine too indicating infection by trojan Win32:Kryptyk-GQX [Trj]
Deleted by now. Ver.2.4 is working ok!
Edited by Ian P 10:30, 24/01/12
I just downloaded and checked it with AVAST (version 6.0.1367, defs 120123-1) on this notebook and that reported it as clear when downloading and opening the zipfile.
When you attempt to run the executable, it is at that point that the “trojan” seems to be reported. However the name reported for the “trojan” does not seem to be consistent, thus implying that while it is probably infected with malware, it is quite probably a “tweaked” version of existing code or entirely new code. None of the names I’ve been provided with have come up with any direct hits on either Google, nor the AV companies’ sites.
I’ve removed the links from the article above and stickied it. Sorry.
What is the world coming too. Who on earth would bother to attack a tiny freeware product?
It’s not a false positive, but a real Trojan. It managed to switch off my “View Hidden Files” option, and installed a registry item and an .exe file. I don’t know what it might have tried to do to my computer, but fortunately Malwarebytes found it and quarantined it.
Even when I reset “view hidden files” my search of my whole HD failed to find the .exe file, so somehow the author managed to find a way to hide it, although MalwareBytes did find it.
Neither Microsoft Essentials nor Avast Anti-virus full edition detected it.
I think it is important to remove this Trojan.
You’re a bit late to the party, David, sorry.
As the article states and I corrected yesterday, the file has been pulled from Avsim’s library when the malware’s presence was confirmed – although the AV companies don’t seem to have decided what to call it yet, as everyones’ AV is calling it something different. However the malware only showed up once the exe file was run (Avast did detect it on others’ PCs – have you checked your software version?) rather than when downloading or just opening the zip file.
Simmerhead: It’s a very popular freeware file. 607 downloads when I last looked, potentially a thousand plus by the time it was pulled. Depending on what the payload of the malware was, that’s a nice little haul of compromised PCs and/or stolen account details – although tiny compared to that of some of the malware put inside “cracked” software.