Jetico Personal Firewall Have Virus

Discussion in 'ESET Smart Security' started by proactivelover, Jan 3, 2008.

Thread Status:
Not open for further replies.
  1. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    today i download Jetico Personal Firewall for my friend he use eav and want a firewall
    i have install essv621 so i double click the setup and this happened
    i deny the setup.exe and scan it on virustotal 10 antivirus detect it as W32/Tibs
    please anyone explain this
     

    Attached Files:

    • ess.jpg
      ess.jpg
      File size:
      110.4 KB
      Views:
      7
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Jetico 1 or 2?
    F-Prot has a FP (unknown format or compression method) with v1 (MD5: 1f4932867be2337c9bf19542f9ec0a5d) Probably it has problems unpacking the version of Armadillo used by Jetico.
    v2 (MD5: d405e54a1d3773b5b2ed031718855c52) isn't flagged at Virustotal.
    EDIT: I didn't see your screenshot. So, the problem is with v2 during the installation process.
     
    Last edited: Jan 3, 2008
  3. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    Did you download it from the Jetico website? A VirusTotal scan of the file from there returns 0/32 (and EAV finds nothing wrong with the file).
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    no it's not from Jetico website a friend of mine email me
    i also download it from Jetico website nothing found
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Perhaps you could ask your friend where the file came from ?

    If one is to believe what can be found about the IP showing in your pic(88.255.90.227), your friend is possibly assisting you in being took by a scam.

    Consumer Financial Group 419 Scam Operation ran from China San Bernardino California
    JeticoScam.GIF

    Bubba
     
    Last edited: Jan 3, 2008
  6. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows

    If I take a look up at 88.255.90.227..

    It's comes from Turkey Istanbul / Telekom Turk


    Is this the origin of Jetico??
     
  7. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    but ess did not detect the malaware
     
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    If you haven't already, then I suggest you send the sample to Eset. I'd also caution about installing software that you are not sure where it came from and it's legitimacy.

    Bubba
     
  9. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i have sent to eset support
    and one thing more is eset detect MS-DOS BATCH FILE ?
     
  10. stueycaster

    stueycaster Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    293
    Location:
    Indianapolis
    I have IP Address Lookup on my Google home page. Here's what it found.

    IP : 88.255.90.227 Neighborhood
    Host : ?
    Country : Turkey



    Address information
    Please wait...
    Related IP addresses
    Please wait...
    IP owner info (Whois)


    OrgName: RIPE Network Coordination Centre
    OrgID: RIPE
    Address: P.O. Box 10096
    City: Amsterdam
    StateProv:
    PostalCode: 1001EB
    Country: NL

    ReferralServer: whois://whois.ripe.net:43

    NetRange: 88.0.0.0 - 88.255.255.255
    CIDR: 88.0.0.0/8
    NetName: 88-RIPE
    NetHandle: NET-88-0-0-0-1
    Parent:
    NetType: Allocated to RIPE NCC
    NameServer: NS-PRI.RIPE.NET
    NameServer: NS3.NIC.FR
    NameServer: SEC1.APNIC.NET
    NameServer: SEC3.APNIC.NET
    NameServer: SUNIC.SUNET.SE
    NameServer: TINNIE.ARIN.NET
    NameServer: NS.LACNIC.NET
    Comment: These addresses have been further assigned to users in
    Comment: the RIPE NCC region. Contact information can be found in
    Comment: the RIPE database at http://www.ripe.net/whois
    RegDate: 2004-04-01
    Updated: 2004-04-06

    # ARIN WHOIS database, last updated 2008-01-03 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.



    Deferred to specific whois server: whois.ripe.net...


    % This is the RIPE Whois query server #1.
    % The objects are in RPSL format.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/db/copyright.html

    % Note: This output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '88.255.90.0 - 88.255.90.255'

    inetnum: 88.255.90.0 - 88.255.90.255
    netname: AbdAllah_Internet
    descr: AbdAllah Internet Hizmetleri
    descr: Etnografya Muze mevkii Kirazlik Mh. No:32 Rize
    country: tr
    admin-c: MAG87-RIPE
    tech-c: MAG87-RIPE
    status: assigned pa
    mnt-by: as9121-mnt
    source: RIPE # Filtered

    person: Mahmod AbdAllah el Gashmi
    address: AbdAllah Internet Hizmetleri
    e-mail: ipadmin@ahlen.biz
    phone: +90 543 3767728
    remarks: ------------------------------------------------------
    remarks: Routing and peering issues: ipadmin@ahlen.biz
    remarks: SPAM and Network security issues: abuse@ahlen.biz
    remarks: Customer support: ipadmin@ahlen.biz
    remarks: General information: ipadmin@ahlen.biz
    remarks: ------------------------------------------------------
    nic-hdl: MAG87-RIPE
    mnt-by: sistem-net-mnt
    source: RIPE # Filtered

    % Information related to '88.255.0.0/16AS9121'

    route: 88.255.0.0/16
    descr: TurkTelekom
    origin: AS9121
    mnt-by: AS9121-MNT
    source: RIPE # Filtered


    Domain owner info (Whois / Abuse)
    Please wait...
    Conversions (IPv4 / IPv6)
    Please wait...
    Ping
    Please wait...





    Site Info | Site Map | Help | Accessibility | Disclaimer | Credits | Privacy | Add to my favorites
    © 2008 IP-Lookup.net - All rights reserved

    Why would Bubba get different info on this?
     
Thread Status:
Not open for further replies.