WinControl 1.33 - A Trojan?

Spybot-S&D found WinControl 1.33 during a scan yesterday. I had previously performed a full scan with NOD and it did not report this supposed Trojan (PestPatrol's definition). Before posting this I searched the forums for WinControl and found this thread which mentions WinControl but does not address whether or not it is a threat.

As I do not recall specifically allowing WinControl to be allowed I had Spybot delete the program. Should NOD be looking for WinControl?

 

That's strange. I have this trojan in my collection, and seems to me that NOD32 detects it ("Win32/WinControl.133 trojan")? Perhaps what you had was a "repacked" trojan? Or something with your NOD32 settings? Runtime packers, or other options, are not enabled?

 

Any chance somebody could point me to where I need to look for "runtime packers"? I did what I thought was a thorough setup a couple months ago but now I seem to be a bit adrift. Thanks.

 

Configure your NOD32 this way .
https://www.wilderssecurity.com/showthread.php?t=37509


See the attachments

 

See this also


Also note that NOD32 doesn't support all kind of packers so it can be detected as soon as it is unpacked

 

This is odd: I received an e-mail notification of a reply to this thread by "HiTech_boy" but I do not see his post. What he said was:

"Can you do something to help all NOD32 users . Open Spybot S&D
and restore the threat (if possible) then , when the threat is
active , find the files which Spybot S&D marks as malware and put
them in quarantine so they'll be submitted to ESET or manually
submit them to samples@eset.com

"Then , after you have submitted the malware , scan again with
the necessary security softwares and remove them to clean your PC.

"I am not from ESET but I can say thank you very much for your
gesture "

Maybe this post was deleted? Nonetheless, I am happy to help. I have recovered WinControl and am scanning again now.

 

Yes , I deleted it as soon as posted because I realized NOD32 already detects it . You can do it in addtion if you still think the things are wrong

 

Thx for the info, HTB. Runtime packers was checked in Scanner Setup.

 

Ok ,and does NOD detect them now ?

 

In case anyone is wondering where the specific posts for runtime packers are located within the excellent "Extra settings for NOD32 v2.5" thread, here they are:

For DMON - https://www.wilderssecurity.com/showpost.php?p=201891&postcount=24

For EMON - https://www.wilderssecurity.com/showpost.php?p=266607&postcount=32

 

This could be a possible False Positive and is being discussed in Spybot's Official False Positive Forum.

Here---> Iopus and Wincontrol

 

Very interesting. I'm now inclined to think that WinControl is a F/P. I shoulda checked there first but Spybot is usually very reliable...

 

Scan is complete and WinControl was not detected. Thanks again for all the help!

 

In the future that would be my suggestion or you could post about it in our privacy & other anti-malware software Forum. It does not take long for findings such as this to filter to many of the Security Forums and usually within the same day a thread is started.

The Spybot Team is very reliable and it is rare that they have true False Positives but they do respond within a reasonable amount of time.

Since this thread has progressed this far in the Nod Forum....I'll not move it to a more appropriate Forum. If an Eset Mod feels otherwise they have my blessings.

Bubba

 

I am not sure if it false positive but just in case and to make sure , please submit it to ESET samples@eset.com , or to Virus Total www.virustotal.com

 

They are all offline now

 

Well, here's the scan result. Almost all AV catch it.

 

Thanks for sharing

 

Concerning the Spybot scan....would you mind uploading or posting the scan results Please by opening Spybot and then select Mode\Advanced mode\Tools\View Report. Then place a check mark next to only the items you see in the pic below. Then select View previous report and then select the .txt file that represents the date of the scan regarding this possible FP. You can then choose Export to upload that SpybotSD.Report.txt or copy and paste that same info into a post here.

Thanks,
Bubba