Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

FPSC Classic Product Chat / :::::Helix Downloads BackDoor.Generic8.BMU Trojan Alert!:::::

Author
Message
Seth Black
FPSC Reloaded TGC Backer
19
Years of Service
User Offline
Joined: 22nd Feb 2005
Location: Pittsburgh, PA
Posted: 14th Aug 2007 22:46
Link
Greetings,

While doing a general upkeep, my anti-virus software discovered that a rather oldie that was offered by Nighthawk actually has a backdoor program residing within it: BackDoor.Generic8.BMU

This is the first that I've seen of this alert regarding this file and trojan. Perhaps it was set on a timer, and just recently went active.

At this time, the trojans have been removed from my system, and I am not aware of any residual effects or any "easter egg" files being spawned. If this changes, I will keep the forum advised.

The first downloaded file in question is hxa_fs_p1.exe. Offered as Helix Addons Free Stuff - Pack #1

http://www.prismatoid.de/fpscreator/modules/newbb/viewtopic.php?topic_id=655&forum=3

I also had another file named Helix Animated Water.exe, in my folders. I believe that I may have renamed this for easier identification myself.

I do not have further information as to the original name of the file, and was not able to find a link to this download on the boards.

A backdoor attack leaves your computer potentially wide open to an all out attack, compromising your computer system, and all of your sensitive private and financial information.

If you've downloaded Helix Animated Water or Helix Addons Free Stuff - Pack #1 from this forum, please take the time to consider deleting it from your computer immediately, as this is a severe security threat.

Thanks,

Seth Black

"...I'm sorry, could you repeat your question a little louder? I'm a trifle deaf in this ear."

- Willie Wonka
Back to top
Profile PM
Duplex
User Banned
Posted: 14th Aug 2007 23:03
Link
Wow, Thanks for this, I'll run my virus scan now and delete it.

[url=www.x-games.mdhost.info]X-Games[/url]
[url=fps-files.com]FPS-Files[/url]
Back to top
Profile
xplosys
18
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 14th Aug 2007 23:18
Link
Quote: "The first downloaded file in question is hxa_fs_p1.exe. Offered as Helix Addons Free Stuff - Pack #1"


I also had this file in my download folder, but couldn't remember what it was or where I got it. AVG picked it up as a virus a day or two ago and quarantined it. No problem.

I think the recent detection is probably more so due to a recent upgrade in definitions rather than any type of dormant activity, but I could be wrong. I've just seen it happen before, where some file or exe I've been using for a while is suddenly picked up as viral.

I assume no malice and go with the updated definitions theory where something that meets some or all of a defined criteria is classified as viral, whether it is or not.

Best.

I'm sorry, my answers are limited. You must ask the right question.

Back to top
Profile PM
TGPEG
17
Years of Service
User Offline
Joined: 28th Dec 2006
Location: Bristol, United Kingdom
Posted: 15th Aug 2007 01:03
Link
Good old Mr McAffee hasn't picked that up yet. Time to rattle his cage.

Your signature has been stolen. If you ever want to see it again, come to the cemetery and bring £500,000, oh, and can you get us some cake?
http://www.fpsinsane.co.nr/
Back to top
Profile PM
butyouman
18
Years of Service
User Offline
Joined: 7th May 2006
Location:
Posted: 15th Aug 2007 04:27
Link
Apparently Nighthawk has a virus on his pc because their has never been an incident like this with him befor thx for that hope is hasnt done anything bad to any1s pc yet

Slipknot Rules
Back to top
Profile PM Email
Shadow Blade
17
Years of Service
User Offline
Joined: 31st Oct 2006
Location: United Kingdom
Posted: 15th Aug 2007 10:09
Link
Thanks I had the water one so I deleted it.

-Shadow

Shadow Blade - Darkness is rising -
Back to top
Profile PM Website
Seth Black
FPSC Reloaded TGC Backer
19
Years of Service
User Offline
Joined: 22nd Feb 2005
Location: Pittsburgh, PA
Posted: 15th Aug 2007 18:24
Link
:::::Bump:::::

One last chance for folks to see this, before it gets buried.

"...I'm sorry, could you repeat your question a little louder? I'm a trifle deaf in this ear."

- Willie Wonka
Back to top
Profile PM
Airslide
19
Years of Service
User Offline
Joined: 18th Oct 2004
Location: California
Posted: 15th Aug 2007 20:08
Link
I guess its good I never downloaded 'em. I tend not to download things, which is sometimes foolish of me, but I guess it pays off here.


Vote today and play the games!
Back to top
Profile PM Email
Nighthawk
18
Years of Service
User Offline
Joined: 12th Apr 2006
Location: Germany
Posted: 15th Aug 2007 21:02 Edited at: 15th Aug 2007 21:19
Link


I want to clear things up!

There is no Virus or Trojan Horse in the setup files

the Launcher and/or the Setup programs are written in "AutoHotKey" (http://www.autohotkey.com)

i often recognised scripts were threatened as viruses or trojan horses
some times ago this script-language was used by someone to write malware


but believe me or not, these files weren't infected by any viruses

update your scanners or use others

i personally use a Multi-User License of Kaspersky Internet Security 7.0


when we began distributing our commercial modelpack, Hubdule (Admin of the German Forum) said the setup would be infected by a virus
i wondered and checked it again
Hubdule used an old version of AntiVir (German product)


upload these setups to sites like VirusTotal, where you can check files with many scanners


i've never distributed malware with our products and i'll never do it


but what scanner did you use?

the Name "Generic" in it seemed me to be from a trojan-kit or something like this
so... it must be a heuristic detection (these are not very safe)


this is a false detection

someone of the mods should download it and check it with various scanners


@ Mods: please clear things up after you checked it and please write it in the first post in this thread or something like this
thank you


Nighthawk

P.S. these packs were online a long time - no one said anything
i always recieved positive feedback

if you google "BackDoor.Generic8.BMU" you find nothing, with "BackDoor.Generic8" there's just one entry (AVG Antivirus)

please install a better software than AVG, Avast or AntiVir
i never recommend software like Norton Antivirus and McAfee, by the way

My System: Intel Xeon 3060 @ 2,4 GHz, Asus Commando, 2GB DDR2-800 RAM, Thermaltake Shark Black, Sapphire Radeon HD2900XT, BenQ FP71E+
-- Helix Head Developer --
Back to top
Profile PM Email Website
Dark Goblin
18
Years of Service
User Offline
Joined: 19th May 2006
Location:
Posted: 15th Aug 2007 21:23
Link
there is no virus inside!-.-

delete your virus scanners and buy kaspersky or any other commercial program and you will see that there is no virus!

omg that there are still progs that find an AutoHotkey exe as an virus!-.-

so there is no virus and there wont be one!

I'm from Germany so don't say something about my English! Otherwise i will be a bit angry!^^
Back to top
Profile PM Email
xplosys
18
Years of Service
User Offline
Joined: 5th Jan 2006
Playing: FPSC Multiplayer Games
Posted: 15th Aug 2007 21:27
Link
Nighthawk,

As I said above and you state as well, the file has been out for some time and was also on my computer for a while and was never picked up as a virus. Only a very recent update to virus definitions picked up something as being virus like activity.

This is not uncommon and I have seen it before with other scripts and executables. No harm, no foul as far as I'm concerned.

Best.

I'm sorry, my answers are limited. You must ask the right question.

Back to top
Profile PM
Nighthawk
18
Years of Service
User Offline
Joined: 12th Apr 2006
Location: Germany
Posted: 15th Aug 2007 21:30 Edited at: 15th Aug 2007 21:42
Link
i remember compiled AutoHotKey-Scripts are compressed with UPX
often, EXEs packed with UPX are falsely identified as malware
often UPX itself is identified as a virus, again: false

i can publish the sourcecode of the setups
(now you think i could have changed things, so: wait)

you could compile the files again with the same version i compiled them some time ago, compare file sizes, hashes and so on

EDIT:

thank you, xplosys

My System: Intel Xeon 3060 @ 2,4 GHz, Asus Commando, 2GB DDR2-800 RAM, Thermaltake Shark Black, Sapphire Radeon HD2900XT, BenQ FP71E+
-- Helix Head Developer --
Back to top
Profile PM Email Website
Candle_
18
Years of Service
User Offline
Joined: 29th May 2006
Location: kindergarten
Posted: 15th Aug 2007 22:57
Link
Quote: "i remember compiled AutoHotKey-Scripts are compressed with UPX
often, EXEs packed with UPX are falsely identified as malware
often UPX itself is identified as a virus, again: false"

You are right there.

My Web site| ScreenSavers Are Fun click the link

Back to top
Profile PM Email Website
Nighthawk
18
Years of Service
User Offline
Joined: 12th Apr 2006
Location: Germany
Posted: 16th Aug 2007 13:46
Link
so... is now a Mod able to clear up things in the first post of this thread and/or lock (better delete) it?

My System: Intel Xeon 3060 @ 2,4 GHz, Asus Commando, 2GB DDR2-800 RAM, Thermaltake Shark Black, Sapphire Radeon HD2900XT, BenQ FP71E+
-- Helix Head Developer --
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-10-09 21:20:30
Your offset time is: 2024-10-09 21:20:30