Trojan Horse Warning in DVD Slideshow GUI

1st May 2008 01:30 #1

Member

Hi, I downloaded DVD Slideshow GUI ver. 0.85A from here: http://download.videohelp.com/tin2tin/download.html

Everything installed, but when I clicked on import media I got the following message from Comodo BOclean anti Malware:

04/30/2008 21:07:00: IWRM-SOHANAD.SAB VARIANT STOPPED BY BOCLEAN!
Trojan horse was found in memory.
C:\PROGRAM FILES\DVD SLIDESHOW GUI\FILEDIALOG.EXE contained the trojan.
Active trojan horse WAS shut down. System safe.
Logged in user: Owner

I completely uninstalled using Revo Uninstaller, downloaded and installed again with same results.

Trying to import sound works fine. Is this possible? Do I ignore this and is this program safe? I desperately needs a program like this and though I struck gold with this, just 2 be confronted by a trojan!

Thanks

Bart

Quote

1st May 2008 13:26 #2

Baldrick

I'm a MEGA Super Moderator

I don't think it's a trojan. Test it with http://www.virustotal.com/ to see what other antivirus software says.

Quote

4th May 2008 10:23 #3

bhappy

Member

Thank you Baldrick, I followed your advise and here is the result. I am going to take a chance and asume these are false positives. What do you think?

Antivirus Version Last Update Result
AhnLab-V3 2008.5.3.0 2008.05.02 -
AntiVir 7.8.0.11 2008.05.02 -
Authentium 4.93.8 2008.05.02 -
Avast 4.8.1169.0 2008.05.04 -
AVG 7.5.0.516 2008.05.03 -
BitDefender 7.2 2008.05.04 -
CAT-QuickHeal 9.50 2008.05.03 -
ClamAV 0.92.1 2008.05.04 -
DrWeb 4.44.0.09170 2008.05.04 -
eSafe 7.0.15.0 2008.04.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5755 2008.05.03 -
Ewido 4.0 2008.05.04 -
F-Prot 4.4.2.54 2008.05.04 -
F-Secure 6.70.13260.0 2008.05.04 -
Fortinet 3.14.0.0 2008.05.04 -
Ikarus T3.1.1.26 2008.05.04 IM-Worm.Win32.Sohanad.cv
Kaspersky 7.0.0.125 2008.05.04 -
McAfee 5287 2008.05.02 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3072 2008.05.03 archive damaged
Norman 5.80.02 2008.05.02 -
Panda 9.0.0.4 2008.05.04 -
Prevx1 V2 2008.05.04 -
Rising 20.42.62.00 2008.05.04 -
Sophos 4.29.0 2008.05.04 -
Sunbelt 3.0.1097.0 2008.05.03 -
Symantec 10 2008.05.04 -
TheHacker 6.2.92.300 2008.05.03 Trojan/Downloader.AutoIt.co
VBA32 3.12.6.5 2008.05.03 -
VirusBuster 4.3.26:9 2008.05.03 -
Webwasher-Gateway 6.6.2 2008.05.04 -
Additional information
File size: 320363 bytes
MD5...: 6bd104e9ce70859bd07615881326229d
SHA1..: e789323769ed7c38c3058d9a0b7f4f6c4b348fa0
SHA256: 0d1020477b41c46f3c1ccb3ad89d7ca66f5b1d1262f654ad27 568666fd94544a
SHA512: f879096379a4de658e01924533cefa5065be627c1c6bf5891a cf955f16fe6c63
08bda87f366be87b1fe05650d5a93bae6aba7ebae4f9ac85db ceb93d6dc4bfab
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x49bad0
timedatestamp.....: 0x47493eaa (Sun Nov 25 09:21:46 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x64000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x65000 0x37000 0x36e00 7.92 0c927b8d47b210e61f255ca45a1ddb45
.rsrc 0x9c000 0x8000 0x7400 5.91 dbe94912dbf8b6d9fdae8bb16abb502c

( 13 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Remove
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )
packers: UPX
packers: PE_Patch.UPX, UPX