Is the Acelogix website compromized?

[ben55]

3 Successive tried and DL'ing from your website Avast has pegged and prevented the DL of AU

Screenshot here trojan = win32-ircb ot DGY [trj]

[ben55]

On further review Avira also sees this trojan (irc bot) embedded on your website download links - all of the regular AU utility links are compromised. They are not False Positives. You might want to address this and fix them ASAP.

[hari]

We will check the issue and contact Avira if needed.

Note, that the setup files of AU are digitally signed, so they can't be compromized.

We use NSIS installer (a popular installer used by WinAmp) which can also be used by any trojan program. So some antivirus tools can think ours is a trojan too. We will check it ASAP.

[hari]

hi

A quick note ; we tried the online scan of Avast but it says it is clean.
http:// onlinescan. avast. com/

[ben55]

Hi Hari, I will try to clarify further and see if it's just Avast .. but it does appear that regardless of where I try to download AU Avast flags a trojan.

[ben55]

By the way - Avast still flags it regardless of the host.

[ben55]

Here's another example of what avast is currently flagging on another website. Same thing happens when I try to download on the acelogix site. here's another screenshot

[siliconman01]

Here is a VirusTotal scan of Aufull.exe which I just downloaded from the AceLogix website. It looks like Avast is the only AV detecting anything. Probably a False Positive.

Antivirus Version Last Update Result
AhnLab-V3 2008.8.6.0 2008.08.05 -
AntiVir 7.8.1.15 2008.08.05 -
Authentium 5.1.0.4 2008.08.05 -
Avast 4.8.1195.0 2008.08.05 Win32:IRCBot-DGY
AVG 8.0.0.156 2008.08.05 -
BitDefender 7.2 2008.08.05 -
CAT-QuickHeal 9.50 2008.08.05 -
ClamAV 0.93.1 2008.08.05 -
DrWeb 4.44.0.09170 2008.08.05 -
eSafe 7.0.17.0 2008.08.05 -
eTrust-Vet 31.6.6011 2008.08.05 -
Ewido 4.0 2008.08.05 -
F-Prot 4.4.4.56 2008.08.04 -
F-Secure 7.60.13501.0 2008.08.05 -
Fortinet 3.14.0.0 2008.08.05 -
GData 2.0.7306.1023 2008.08.05 -
Ikarus T3.1.1.34.0 2008.08.05 -
K7AntiVirus 7.10.404 2008.08.05 -
Kaspersky 7.0.0.125 2008.08.05 -
McAfee 5354 2008.08.05 -
Microsoft 1.3807 2008.08.05 -
NOD32v2 3329 2008.08.05 -
Norman 5.80.02 2008.08.05 -
Panda 9.0.0.4 2008.08.05 Suspicious file
PCTools 4.4.2.0 2008.08.05 -
Prevx1 V2 2008.08.05 -
Rising 20.56.12.00 2008.08.05 -
Sophos 4.31.0 2008.08.05 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.05 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.05 -
VBA32 3.12.8.2 2008.08.05 -
ViRobot 2008.8.5.1324 2008.08.05 -
VirusBuster 4.5.11.0 2008.08.05 -
Webwasher-Gateway 6.6.2 2008.08.05 -
Additional information
File size: 4067704 bytes
MD5...: 18e6df4f42497016c8a3793319d515f8
SHA1..: 485dace1a28ade82a2804d7028e07f9a3091071e
SHA256: b867eb68c23a605de9eccdddc331967edbfdcf65b6cce1ba502d923af4e2dce8
SHA512: a10feac2fdc51d297346ef0622dddcdb65640f812f20a85609d1cde3934392b6
ae30660bbffee120fc3653f7b68942104f97a29f6dc844866bf7576130ecd4f5

[ben55]

Yes, this is why I revised a few of my posts - i'm scanning with Avira right now again just to be sure that nothing is there. Previously I had Avira on this machine (testing) and it also flagged AU just like Avast except Avast caught it real time on during the http download whereas Avira flagged it (along with the FP on superantispyware and spyware blaster) in a regular full system scan.

[siliconman01]

I have the latest Avira Premium Security Suite on my system and it is set to the highest security settings. It is not flagging any downloads from Acelogix.

[ben55]

Yeah I have Avira premium back on this machine and no flags - so Hari may want to email/contact avast and see what's up.

[hari]

Can you please check again ? We uploaded new version of AU (with the FireFox3 fix). Sometimes these small changes can help.

[ben55]

Yes Hari I will tomorrow after getting back from work try again with Avast and let you know.