PDA

View Full Version : Trojan-Proxy.Ranky

cloudforest
July 27th, 2007, 10:09 AM
Hello.

A scan by Spybot-S&D and Norton Antivirus did NOT detect any problems, but Spyware Doctor detected the following threat:

Trojan-Proxy.Ranky
Threat Level: High
File: C:\Program Files\Common Files\Acronis\CDRecord\readcd.exe
Description:
Trojan-Proxy.Ranky is a Proxy Trojan which is designed to listen on a specified TCP port for incoming requests. It contacts a remote site to report the infection and then serves as an HTTP proxy, allowing attackers the ability to route HTTP traffic through the infected computer.

OS: Windows XP SP2

Spyware Doctor version details:
Spyware Doctor version 5.0.1.205
Database Version: 5.07800
Intelli-Signatures: 644,556

Acronis Partition Expert version info:
Acronis Partition Expert 2003 (Build 277)

C:\Program Files\Common Files\Acronis\CDRecord\readcd.exe: size is 48,640 bytes
(C: is an NTFS drive)

I believe this is a legitimate file used by Acronis Partition Expert. Is this a false positive or is the file really infected?

I would appreciate any info. Thank you.
Menorcaman
July 27th, 2007, 12:08 PM
Hmm, that file sounds a bit iffy to me. I don't have Acronis Partition Expert installed but do have Acronis True Image 9.0 Build 3677, Acronis Disk Director Suite 10.0 Build 2160 & Acronis Drive Cleanser 6.0 Build 691.

My cdread.exe file is version 2.01-12 at 129 KB (132,608 bytes). I also use Spyware Doctor 5.0.1.205 with the same Database version and Intelli-Signatures as you. This gives my cdread.exe file a clean bill of health.

Regards

Menorcaman
cloudforest
July 27th, 2007, 05:42 PM
{QUOTE-> Hmm, that file sounds a bit iffy to me. I don't have Acronis Partition Expert installed but do have Acronis True Image 9.0 Build 3677, Acronis Disk Director Suite 10.0 Build 2160 & Acronis Drive Cleanser 6.0 Build 691.

My cdread.exe file is version 2.01-12 at 129 KB (132,608 bytes). I also use Spyware Doctor 5.0.1.205 with the same Database version and Intelli-Signatures as you. This gives my cdread.exe file a clean bill of health.
<-QUOTE}


Thanks for the response.

Acronis Partition Expert is the old name. That product is now bundled with Acronis Disk Director Suite, so the "readcd.exe" file you have on your computer is a newer version, and the file I have is the older version.

If somebody has the same version of Acronis Partition Expert that I do, it would solve my problem.