C:\Program Files\Winamp\winampa.exe - Win32/TrojanDropper.Agent.DGO virus C:\Program Files\Winamp Remote\bin\OrbTray.exe - Win32/TrojanDropper.Agent.DGO virus Winampa and Winamp remote I installed to allow myself to access my music from my wii etc. I never got this BEFORE I installed the winamp remote to allow access from my wii.
Re: Fale positive Hi! I have got Winamp too and my ESS didn't detect the trojan. Test that files on www.virustotal.com and tell us results. Scan Log Version of virus signature database: 2758 (20071231) Date: 31. 12. 2007 Time: 13:52:50 Scanned disks, folders and files: C:\Program Files\Winamp\ Number of scanned objects: 54 Number of threats found: 0 Time of completion: 13:52:51 Total scanning time: 1 sec (00:00:01)
Re: Fale positive Our policy concerning the posting of those results. Policy Regarding the Posting of Jotti/Virus Total Results Bubba
Re: Fale positive I would generally ask you if you use the latest version but Winamp Remote is from the latest . I don't use Winamp but I just installed the latest Pro version from their site , got no alert from NOD32 . I use the latest signature 2758.
Re: Fale positive To my best knoledge, this is a new dropper for Virtumonde that comes with a file infector. NOD32 should be able to clean infected files.
Re: Fale positive I know, but Virut is the most common file infector nowadays and it's infecting trojan downloaders/droppers.
Hmm, someone has got similar problem. http://www.viry.cz/forum/viewtopic.php?t=51516 I have got the sample and I will try to run it.
If it's actually the dropper in question, it should drop Virtumonde along with another file that is responsible for infecting files run at startup, if I remember well.