Backdoor in VCDImager dll?

[newkster]

Anyone else seeing this? I just downloaded the latest virus definitions from Symantec and NAV is claiming that cygz.dll in the VCDImager 0.7.12 package is infected with the Backdoor.Egghead trojan. I'm assuming that NAV is mistaken; I've been using this VCDImager package (cygz.dll is also in 0.7.11) for several months with no strange firewall activity, and none of the directories or registry entries that this trojan is supposed to create are on my system.

Just wondering if anyone else is having this problem.

[Brute666]

Yeah. I've been using NAV and it just d/l'ed the newest definitions. I left my computer and came back 15 minutes later to a scrambled blue screen. I ran a NAV scan just to be safe and NAV found the backdoor.egghead.virus in my cygz.dll. It couldn't repair the file so I deleted it and tried re-installing VCDEasy. NAV caught a temp file on the install and tried deleting it again. I'm assuming NAV is crazy. I've been using VCDEasy for months without NAV ever finding anything in my weekly scan. Why the sudden interest incygz.dll now?

Now With More Evil,
Brute666

[Nerk01]

NAV hit me up with this as well, it's pissing me off cuz I want to get some stuff burning but can't create the CUE/bin file to do so.

[newkster]

yeah, I'm pretty sure it's a false positive. According to http://securityresponse.symantec.com/avcenter/venc/data/backdoor.egghead.html this trojan is supposed to copy files to %systemroot%\System32\Vchost and modify the registry. There's no such directory on my system, and most of the registry keys they mention are either not present or have different values.

I already posted a note to both Symantec and bug-vcdimager@gnu.org about this. In the mean time I've added cygz.dll to my exclusions list in NAV, and I'll keep a close eye on my firewall log, just in case.

[Brute666]

I read about the symptons also and I'm going to ignore the problem for now. It's only supposed to affect WinNT/2K/XP and I'm using Win98SE... so I should be okay. (fingers crossed) I didn't find any registry keys or the folders mentioned. Hopefully this will be resolved soon. I've got a lot of VCD's to make!

Now With More Evil,
Brute666

[newkster]

Good news! Symantec issued a new set of virus definitions this morning that no longer detect a trojan in that DLL. You might need to force an update to NAV to get the new definitions. I removed cygz.dll from my exclusions list and it seems to be working fine now.

[vitualis]

There is no virus.

NAV is in error and this is fixed with the newer definitions.

Regards.