Spyware, Viruses, & Security forum

General discussion

Trojan from Download.com...

by skizz / August 21, 2006 1:25 PM PDT

does Download.com have a reporting site for apps?? i download a game to try out and mu NAV went off on it. heres the one http://www.download.com/America-s-Greatest-Solitaire/3000-10186_4-10331104.html?tag=tab_pub, i downloaded and went to run it and NAV popped up with NetSpy Trojan Horse being block coming from the "C:\Program Files\Infogames\AGsolitare\agsolitare.exe" file. i was glad when they went to the no spyware policy there but i think a few are trying to sneak some in.

Discussion is locked
Flag
Permalink
You are posting a reply to: Trojan from Download.com...
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Trojan from Download.com...
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Track this discussion
Thread display: Collapse / Expand
17 total posts
Collapse -
Skizz.. in regard to Norton and the Netspy Trojan...
by Carol~ Moderator / August 21, 2006 3:24 PM PDT

I can only offer what I read at the below website dealing with the two. You didn't mention which Firewall you use. If it's their's read on:

http://www.northernhillssoftware.com/EN/Information/firewall_npf2004.htm

Scroll down to the middle of the page where you first the the window, which says ''Security Alert - Attempt to Connect to Netspy Trojan''. Underneath the box you'll see:

'This is one of the ''limitations'' of firewall programs. They have to make assumptions about programs based on ports being used. Pocket Genealogist does not contain the ''Netspy Trojan horse'' (If you go to the Alert Assistant, it even acknowledges that it MAY be the Netspy Trojan horse although the above screen seems to indicate a certainty that it is the Trojan horse) I recommend changing the port used by Pocket Genealogist. Then further on from there.

Granted, this is for a different software, but it may give you a clue as to how and why. Perhaps, Marianna can elaborate further on it. Or possibly another member, who is familiar with it. If you downloaded the game and know it was reliable, it may explain how Norton chooses to deal with it. I'm not really able to. Nor do I have their firewall. It may help, until she gets here.

Carol

(What's weirder yet, is a thread at Lockergnome's Forum, where they say it occurs when the fax service in enabled!!!)

Flag
Permalink
This was helpful (0)
Collapse -
Error: "Rule Default Block Netspy Trojan Horse Matched" when
by Marianna Schmudlach / August 21, 2006 4:16 PM PDT

I found this:

Situation:
When you start the computer, you see a notice from the Alert Tracker that says "Rule Default Block Netspy Trojan Horse Matched" or you see a Security Alert that says the following:

"High Risk, Attempt to connect to local computer using the Netspy Trojan horse blocked.
Program: C:\Windows\Explorer.exe
Protocol: TCP (inbound)
Remote Address: 127.0.0.1 : 1035
Local Address: All local network adapters: 1024"

You computer has Norton Internet Security or Norton Personal Firewall installed.

Is the above your situation?

Solution:
This problem typically occurs on computers that run Windows XP when the program Fax Service is enabled.

The Remote Address of 127.0.0.1 indicates that the attempt to access your computer is being made by a program on your computer, and not by a Trojan Horse program. Blocking this communication prevents the local program from functioning correctly.

To resolve the problem, disable the NIS or NPF rule for the Netspy Trojan Horse.

To disable the Netspy Trojan Horse rule

Open NIS or NPF.
Click Personal Firewall, and then click Configure.
Click the Advanced Tab.
Click Trojan Horse Rules.
Click the entry "Default Block Netspy Trojan horse."
Uncheck the rule.

Note: Unchecking the "Default Block Netspy Trojan horse" rule does not create a security hole. NIS will alert you when a real Trojan tries to access your computer.

Click OK, and then OK again.


Have a look here:

http://tinyurl.com/3gl6e

Flag
Permalink
This was helpful (0)
Collapse -
If it is the download itself that contained malware....
by Marianna Schmudlach / August 21, 2006 4:26 PM PDT

...you can inform the download.com team by clicking here and then selecting "Cnet download.com" and "Adware, spyware, and viruses" as the category. Be sure to provide all specifics, including what scanner found malware, the name of the malware, file names, etc.

Flag
Permalink
This was helpful (0)
Collapse -
fire wall
by skizz / August 21, 2006 11:05 PM PDT

I have WinXP SP2, I run NAV 2006 with it's fire wall and windows fire wall, heres a copy from my alerts folder.
8/21/2006 9:50:18 PM,Rule "Default Block Netspy Trojan horse" blocked communication.,"Rule ""Default Block Netspy Trojan horse"" blocked communication. Local address: All local network adapters(1024). Process name is ""C:\Program Files\Infogrames\AGSolitaire\agsolitaire.exe"

Flag
Permalink
This was helpful (0)
Collapse -
To be SURE, it is the program......
by Marianna Schmudlach / August 22, 2006 1:25 AM PDT
In reply to: fire wall
Flag
Permalink
This was helpful (0)
Collapse -
using virus total to check it....
by skizz / August 22, 2006 3:12 AM PDT

when i download to desktop and scan it with nortons and ewido and it finds nothing, it only does it when you install, then run the game, is when it shows an alert for NETSPY trojan horse in the exe. file for the game. when i shut down the game and scan, nothing is ever found. then restart the game same alert.

Flag
Permalink
This was helpful (0)
Collapse -
What did "virus total" find in the file you uploaded?
by Marianna Schmudlach / August 22, 2006 4:27 AM PDT

did it find anything?

Flag
Permalink
This was helpful (0)
Collapse -
sorry about the delay in response......
by skizz / August 22, 2006 1:49 PM PDT

here is what VirusTotal found, and by the way is a great site, thanks.
Antivirus Version Update Result
AntiVir 6.35.1.3 08.22.2006 no virus found
Authentium 4.93.8 08.22.2006 no virus found
Avast 4.7.844.0 08.21.2006 no virus found
AVG 386 08.22.2006 no virus found
BitDefender 7.2 08.23.2006 no virus found
CAT-QuickHeal 8.00 08.22.2006 no virus found
ClamAV devel-20060426 08.23.2006 no virus found
DrWeb 4.33 08.22.2006 no virus found
eTrust-InoculateIT 23.72.104 08.22.2006 no virus found
eTrust-Vet 30.3.3034 08.22.2006 no virus found
Ewido 4.0 08.22.2006 no virus found
Fortinet 2.77.0.0 08.23.2006 suspicious
F-Prot 3.16f 08.22.2006 no virus found
F-Prot4 4.2.1.29 08.22.2006 no virus found
Ikarus 0.2.65.0 08.22.2006 no virus found
Kaspersky 4.0.2.24 08.23.2006 no virus found
McAfee 4835 08.22.2006 no virus found
Microsoft 1.1560 08.23.2006 no virus found
NOD32v2 1.1720 08.22.2006 no virus found
Norman 5.90.23 08.22.2006 no virus found
Panda 9.0.0.4 08.22.2006 no virus found
Sophos 4.08.0 08.23.2006 no virus found
Symantec 8.0 08.23.2006 no virus found
TheHacker 5.9.8.197 08.21.2006 no virus found
UNA 1.83 08.22.2006 no virus found
VBA32 3.11.0 08.22.2006 no virus found
VirusBuster 4.3.7:9 08.22.2006 no virus found

also i installed on a different PC and had the same effects, install, run, play, NAV detects NETSPY Trojan Horse.

Flag
Permalink
This was helpful (0)
Collapse -
NO problem...
by Marianna Schmudlach / August 22, 2006 3:13 PM PDT

Well, I guess, the file is clean then. Even Symantec claims the file is clean.....

You could try Trojan Hunter to see if it also comes up clean:

TrojanHunter FREE trial version.
Download, install, update and then run it.

See this from Symantec.

"This problem typically occurs on computers that run Windows XP when the program Fax Service is enabled. Unchecking the "Default Block Netspy Trojan horse" rule in your firewall will fix it without creating a security hole."

http://service1.symantec.com/SUPPORT/nip.nsf/4a29389c214c78ea88256c75005f451a/713afacbd4135e0a88256c77007e526f?OpenDocument&src=bar_sch_nam

Flag
Permalink
This was helpful (0)
Collapse -
yes it seems clean....
by skizz / August 22, 2006 10:52 PM PDT
In reply to: NO problem...

but still seems odd for a game to need a trojan horse to install just to play it.

Flag
Permalink
This was helpful (0)
Collapse -
hmm... did you read Symantec's link ?
by Marianna Schmudlach / August 23, 2006 12:54 AM PDT
In reply to: yes it seems clean....

If you are NOT happy with Symantec's response, why don't you contact them?

Flag
Permalink
This was helpful (0)
Collapse -
i did read it...
by skizz / August 23, 2006 3:06 AM PDT

i don't have fax service enabled.

Flag
Permalink
This was helpful (0)
Collapse -
Only a "thought"...
by Marianna Schmudlach / August 23, 2006 4:07 AM PDT
In reply to: i did read it...

do you have NAV's Worm Blocker??

Flag
Permalink
This was helpful (0)
Collapse -
yes i have it...
by skizz / August 23, 2006 1:52 PM PDT
In reply to: Only a "thought"...

i have everything NAV 2006 has, on. sorry to keep beating on this though but when you click the game icon a web page comes up and thats when it alerts,the button for play now does not work even though it says you have the 30 minute trial, but the buy it now button works. i tried to save it to favorites and click on it,but it says can not display (ie7 beta 3).but anyway the game just seems hokey to me. sorry to bother ya, and thanks for the help keep up the good work.

Flag
Permalink
This was helpful (0)
Collapse -
Why not follow this.....
by Marianna Schmudlach / August 23, 2006 3:07 PM PDT
In reply to: yes i have it...

To disable the Netspy Trojan Horse rule

Open NIS or NPF.
Click Personal Firewall, and then click Configure.
Click the Advanced Tab.
Click Trojan Horse Rules.
Click the entry "Default Block Netspy Trojan horse."
Uncheck the rule.

--------------------------------------------------------------------------------
Note: Unchecking the "Default Block Netspy Trojan horse" rule does not create a security hole. NIS will alert you when a real Trojan tries to access your computer.
--------------------------------------------------------------------------------

Click OK, and then OK again.

http://service1.symantec.com/SUPPORT/nip.nsf/4a29389c214c78ea88256c75005f451a/713afacbd4135e0a88256c77007e526f?OpenDocument

Flag
Permalink
This was helpful (0)
Collapse -
it is something with the game...
by skizz / August 21, 2006 11:37 PM PDT

i decided to download again to see the exact effects, the download and install is easy, i put the shortcut on desktop, and when i click it to play the game is when the alert pops up, so i believe something in the game is trying to let it in, also my browser pops to full screen without my wanting. going to report it to see what they think.

Flag
Permalink
This was helpful (0)
Back to Spyware, Viruses, & Security forum 17 total posts
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

A slim, stylish 2-in-1 with some graphics muscle

Asus packed a lot of value -- and discrete graphics -- into the slim ZenBook Flip 14, making it fine choice for more performance and portability in a two-in-one design.