PSW-Banker Trojan?

Post your questions and problem reports here

PSW-Banker Trojan?

Postby vbwyrde » Fri Dec 07, 2007 6:20 pm

Hi McAfee reports that our setup.exe as a PSW-Banker trojan in it as well as in the screensaver setup file that I created. It removed the setup.exe file so that I can not compile setups with the application now. Any clue as to what's going on with this? I'm pretty sure your not really stealing passwords, so the question is - what's going on with McAfee? Is it possible that someone else (cracker) infected your setup.exe on my machine? Any insight would be appreciated. Thank you.
vbwyrde
 
Posts: 2
Joined: Fri Dec 07, 2007 4:52 pm

Postby Karlis » Sat Dec 08, 2007 9:44 pm

Most likely it is another bug with McAfee. The McAfee anti-virus engine is pretty porrly designed, many developers often get false alarms.

What you should do is:
1) Remove/disable Mcafee or use another PC without McAfee installed to...
2) Create a sample setup file causing the problem
3) Send it to McAfee support and explain the problem with false alarm

I'd recommend to bug/annoy them a lot, so if they do not reply/correct the problem within a couple of days, bug them again. This is the only way to deal with them.
Karlis Blumentals
Blumentals Software
www.blumentals.net
User avatar
Karlis
Site Admin
 
Posts: 3598
Joined: Mon Jul 15, 2002 5:24 pm
Location: Riga, Latvia, Europe

Postby vbwyrde » Sat Dec 08, 2007 11:27 pm

Karlis wrote:Most likely it is another bug with McAfee. The McAfee anti-virus engine is pretty porrly designed, many developers often get false alarms.

What you should do is:
1) Remove/disable Mcafee or use another PC without McAfee installed to...
2) Create a sample setup file causing the problem
3) Send it to McAfee support and explain the problem with false alarm

I'd recommend to bug/annoy them a lot, so if they do not reply/correct the problem within a couple of days, bug them again. This is the only way to deal with them.


Unfortunately this does not resolve the issue very well. The problem is that any setup that is created by your program gets tagged by McAfee as having the Trojan in it. If this occurs for me, it will also occur for my customers who download the screensaver setup and also happen to use McAfee.

I hope I don't come across as contrary, but as your customer I rather expect you to go to bat with McAfee, not leave it to me to argue with them about it. For one thing, based on what would I be able to argue that there can not possibly be a Trojan in your software, considering I do not have the source code? The fact that you say so is hardly an argument that would make much sense. My suggestion is that you argue with McAfee about it, and let us know the results. I can wait a few days for them to fix their virus definition. As it is, I have removed your screensaver from my site to spare my clients the confusion of having to deal with this issue. I have notified them via the website that there is a possible Trojan in the application that developed the screensaver, and how to detect and remove it if it exists.

I realise you must find it frustrating that McAfee has again targetted your software - however, asking your customers to deal with it is not the best business practice, if I might say so. I suggest you contact McAfee and have the problem resolved and notify your customers via your website, and the forum. This would be the best way to build confidence in your company and products.

That said, I will say that I very much like the screensaver factory 4. So far it is the best one of its kind that I've found. So it would please me if I can use it going forward. I hope you can resolve the issue quickly.

Thank you.
vbwyrde
 
Posts: 2
Joined: Fri Dec 07, 2007 4:52 pm

Postby Karlis » Sun Dec 09, 2007 5:02 am

I'm afraid, you do not understand. We will contact McAfee, of course, it is by default, but we want *everybody* else to contact them as well. If we are the only person contacting them, they may dismiss our requests, but if they receive requests from multiple sources, they are more likely to resolve the problem quickly.

I have notified them via the website that there is a possible Trojan in the application that developed the screensaver, and how to detect and remove it if it exists.


This is completely false information. There can not be any trojan. Do you know what a "trojan" is?
Karlis Blumentals
Blumentals Software
www.blumentals.net
User avatar
Karlis
Site Admin
 
Posts: 3598
Joined: Mon Jul 15, 2002 5:24 pm
Location: Riga, Latvia, Europe

Postby Karlis » Sun Dec 09, 2007 5:28 am

Ok, here is an update. We tested Screensaver Factory 4 with McAfee VirusScan (the latest available from their website) and it did not detect any problems at all. Also other customers have not reported this, so it could be one of following:

1) Your McAfee VirusScan is malfunctioning and it is an isolated case
2) You were right and there is a virus in your particular PC
3) There is something unusual or specific about your screensaver file (please provide a download link, so that we can check) that causes the false alarm.
4) Your McAfee or Sreensaver Factory version is out of date (we tested current versions).
Karlis Blumentals
Blumentals Software
www.blumentals.net
User avatar
Karlis
Site Admin
 
Posts: 3598
Joined: Mon Jul 15, 2002 5:24 pm
Location: Riga, Latvia, Europe

Re: PSW-Banker Trojan?

Postby buzzcramp » Tue May 05, 2009 4:15 pm

I ran across this site due to my "Zone Alarm" program notifying me that I have a Trojan on my system and these are the related entries in my registry:


File: C:\Documents and Settings\davis\Local Settings\temp\bassmod.dll
RegistryKey: HKEY_CURRENT_USER\Software\Karlis Blumentals
RegistryKey: HKEY_CURRENT_USER\Software\Karlis Blumentals\Easy GIF Animator
RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe


I googled your name and came up with this post.. I decided to reply to let you know that these detectors are obviously having some sort of problem with your application. I'm not sure how aware you are of these issues now since this posting above is quite old, but thought I should inform you of what I had found regardless. I trust that you and/or your applications have no malicious intent, therefore it's quite an unfortunate situation. When I get home from work later I'm going to investigate these accusations further and contact Zone Alarm to find out what their side is of this obviously false positive. If you have any further information on this I'd appreciate it if you'd link me to where it's been discussed..

davis

EDIT: btw.. I am aware that bassmod.dll is likely a trojan, my questions surround the registry entries.
buzzcramp
 
Posts: 1
Joined: Tue May 05, 2009 4:06 pm

Re: PSW-Banker Trojan?

Postby Karlis » Sun May 10, 2009 4:47 pm

Of the listed, only these two are generated by our software:

RegistryKey: HKEY_CURRENT_USER\Software\Karlis Blumentals
RegistryKey: HKEY_CURRENT_USER\Software\Karlis Blumentals\Easy GIF Animator

And they are legitimate entries. I would appreciate if you would share any info regarding this that you can come across.
Karlis Blumentals
Blumentals Software
www.blumentals.net
User avatar
Karlis
Site Admin
 
Posts: 3598
Joined: Mon Jul 15, 2002 5:24 pm
Location: Riga, Latvia, Europe

Re: PSW-Banker Trojan?

Postby paolari » Fri Jun 05, 2009 8:39 am

Why do i keep getting a trojan virus when i visit my friends Myspace page? Everytime i visit my one friends myspace page my McAfee Anti-Virus tells me i just got JS/Spacestalk trojan. However, even though McAfee finds this virus it cant remove quarantine or delete it? Does anyone know what needs to be done to get rid of this trojan!?
Last edited by paolari on Sat Jun 06, 2009 8:42 am, edited 1 time in total.
paolari
 
Posts: 1
Joined: Sun May 31, 2009 9:41 am

Re: PSW-Banker Trojan?

Postby MikeyB » Fri Jun 05, 2009 9:54 am

paolari wrote:Why do i keep getting a trojan virus when i visit my friends Myspace page? Everytime i visit my one friends myspace page my McAfee Anti-Virus tells me i just got JS/Spacestalk trojan. However, even though McAfee finds this virus it cant remove quarantine or delete it? Does anyone know what needs to be done to get rid of this trojan!?


Not really sure this has anything to do with Screensaver Factory?

I would ask your friend to remove the dodgy code from his Myspage page.
User avatar
MikeyB
Top Contributor
 
Posts: 511
Joined: Fri Jun 09, 2006 10:38 am
Location: UK

Re: PSW-Banker Trojan?

Postby pukaleya » Thu Mar 24, 2011 11:47 am

How do I remove Renos trojan from my computer? Random ads keep popping up everywhere, despite the efforts of my Windows Security Essentials. I am trying to remove Renos trojan completely, so can anyone help out, if they can?
______________________________
Last edited by chrisjlocke on Thu Jun 02, 2011 12:00 pm, edited 2 times in total.
Reason: Signature removed
pukaleya
 
Posts: 1
Joined: Wed Mar 23, 2011 9:23 am

Re: PSW-Banker Trojan?

Postby Aivars » Thu Mar 24, 2011 3:55 pm

pukaleya wrote:How do I remove Renos trojan from my computer? Random ads keep popping up everywhere, despite the efforts of my Windows Security Essentials. I am trying to remove Renos trojan completely, so can anyone help out, if they can?


I don't know how this question fits here :)
But anyway, after a quick googling I found this: http://answers.yahoo.com/question/index ... 017AA3mSAp

I hope that helps :)
Blumentals Software Programmer
User avatar
Aivars
Blumentals Software Developer
 
Posts: 2453
Joined: Thu Aug 22, 2002 1:40 pm
Location: Latvia

Re: PSW-Banker Trojan?

Postby Aivars » Sat May 21, 2011 4:55 pm

parish4512 wrote:I realise you must find it frustrating that McAfee has again targeted your software - however, asking your customers to deal with it is not the best business practice, if I might say so. I suggest you contact McAfee and have the problem resolved and notify your customers via your website, and the forum. This would be the best way to build confidence in your company and products.


This is from 2007 and had you read the whole thread, you would see that we did contact McAffee. But thanks for your input.
Blumentals Software Programmer
User avatar
Aivars
Blumentals Software Developer
 
Posts: 2453
Joined: Thu Aug 22, 2002 1:40 pm
Location: Latvia

Re: PSW-Banker Trojan?

Postby kevinjose356 » Fri Jan 20, 2012 10:53 pm

Yeah I know its almost 4 years old thread but its still helpful for me & many more peoples, keep updated it !
kevinjose356
 
Posts: 1
Joined: Tue Dec 06, 2011 11:23 am

Re: PSW-Banker Trojan?

Postby flogger123 » Fri Mar 16, 2012 9:15 pm

It should be possible to whitelist this exe file so Mcafee could just ignore this. Security softwares always have false positives.
You're never a loser until you quit trying. Image
flogger123
 
Posts: 34
Joined: Sun Jan 22, 2012 8:52 pm


Return to Screensaver Factory Support

Who is online

Users browsing this forum: No registered users and 16 guests