False positive

C:\Program Files\Winamp\winampa.exe - Win32/TrojanDropper.Agent.DGO virus
C:\Program Files\Winamp Remote\bin\OrbTray.exe - Win32/TrojanDropper.Agent.DGO virus

Winampa and Winamp remote I installed to allow myself to access my music from my wii etc. I never got this BEFORE I installed the winamp remote to allow access from my wii.

 

Re: Fale positive

Hi!

I have got Winamp too and my ESS didn't detect the trojan. Test that files on www.virustotal.com and tell us results.

Scan Log
Version of virus signature database: 2758 (20071231)
Date: 31. 12. 2007 Time: 13:52:50
Scanned disks, folders and files: C:\Program Files\Winamp\
Number of scanned objects: 54
Number of threats found: 0
Time of completion: 13:52:51 Total scanning time: 1 sec (00:00:01)

 

Re: Fale positive

Our policy concerning the posting of those results.

Policy Regarding the Posting of Jotti/Virus Total Results

Bubba

 

Re: Fale positive

I would generally ask you if you use the latest version but Winamp Remote is from the latest . I don't use Winamp but I just installed the latest Pro version from their site , got no alert from NOD32 . I use the latest signature 2758.

 

Re: Fale positive

To my best knoledge, this is a new dropper for Virtumonde that comes with a file infector. NOD32 should be able to clean infected files.

 

Re: Fale positive

Virtumonde/Vundo infected by Virut? I've been seeing this lately.

 

Re: Fale positive

Marcos didn't mention Virut.

 

Re: Fale positive

I know, but Virut is the most common file infector nowadays and it's infecting trojan downloaders/droppers.

 

Hmm, someone has got similar problem.

http://www.viry.cz/forum/viewtopic.php?t=51516


I have got the sample and I will try to run it.

 

If it's actually the dropper in question, it should drop Virtumonde along with another file that is responsible for infecting files run at startup, if I remember well.