Jump to content

PFCSetup1.0.223.exe - trojan ???


rider3000

Recommended Posts

Hi,

i good some speed problems and i checked this site:

http://www.utorrent.com/testport.php?port=12345

And there i found this link to this page:

http://anonym.to/?https://portforward.com/store/pfconfig.cgi

where i could download this file:

"PFCSetup1.0.223.exe"

i checked this file with:

http://www.virustotal.com and http://virusscan.jotti.org

and found some trojans in this file:

Trojan.Win32.Shutdowner.baw; DLOADER.Trojan; Trojan/Shutdowner.afn

Can someone confirm that?

I don't think these are "false positive" results. I know "false positive" results. Often 1 or 2 scanners mark a file as "Suspicious". But in this case i got 4 hits. And they are named as "Trojan.Win32.Shutdowner.baw".

I also checked the qtorrent.exe and its clean. No official software are marke "Suspicious". This is the first one. So... yeah. Lets talk about that!

Link to comment
Share on other sites

First thing is that http://www.utorrent.com/testport.php doesn't link to there, the only link on that page is to http://www.portforward.com/english/applications/port_forwarding/Utor/Utorindex.htm which is a page where you select your router and it will give instructions on how to forward a port on it.

Secondly their configuration utility for making port forward rules (which I believe that is) has nothing to do with utorrent, and is actually a link on pf.com's website.

Thirdly, due to the nature of that app, it is possible that AV applications will label it as a trojan/virus. ^_^

Link to comment
Share on other sites

First. True. utorrent link to "tesport" and they link to "portforward". And maybe utorrent doesn't have anytrrhing to do with that. Thats why i postet it here. I want to let utorrent know that they are linking to a software (a view clicks) where scanners ...ähm... found trojan. (sorry for my bad english).

Second: Say: "it's the nature of that app that some scanners label it trojan/virus" is simple "bullshit" (sorry. i hope i don't break any forum rules). I normaly read things like that on "pirate bay" where trojan-programmers wrote that kind of shit in the comments... and some users believe them. Of course. It could happen that some scanners even recognize an WinXP Ap ass virus. I know that. But the labled the trojaner!. And it got more than 2 hits. A little aplication have to be clean. 100%.

I hope the utorrent-guys take this seriously.... and maybe link to some other guides...

Link to comment
Share on other sites

Well PFconfig is useless software anyway. I would never pay for something I could do myself. ;) I mean the settings on any consumer grade router aren't THAT involved.

Now when you get to enterprise Cisco IOS class hardware, that's a different story :D

Many programs are labelled suspicious / trojan due to specific calls they make. Several times I remember the unpacked uT EXE being labelled a trojan since it called several URL functions (for auto update and the various downloader parts)... but now when it gets flagged it's due to being UPX packed.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...