Does VMware_ThinApp_4.0.3_169725.msi contain Trojan.Win32.Vapsup in it? [closed]
Posted
by Joe
on Super User
See other posts from Super User
or by Joe
Published on 2010-02-08T19:01:24Z
Indexed on
2010/04/10
18:23 UTC
Read the original article
Hit count: 458
Today I ran a full system scan using Online Armor++. It detected Trojans in the installer. I have had this installer on the computer for many months and I do not remember if I ever installed it on this PC or not. For some reason I unpacked the installer with 7zip though. I was probably going to attempt to make it portable. Anyway so I had the installer in a folder, and another folder next to it with all of the installers files unpacked. The VMwareVS.cab file that was extracted from the installer, also had its files extracted into another folder. This was all done many months ago. OA++ did not detect the installer itself as as Trojan VMwareVS.cab, but it did detect 4 of the files that I had unpacked as Trojans. Here are the details of what the scan detected on my PC today.
Note: I uploaded these files to VirusTotal....the Ikarus and A-squared engines(the engines from Online Armor++) are not detecting anything. But some of the other engines are detecting the same Trojan that OA++ detected(Trojan.Win32.Vapsup).
C:\Downloads\VMware_ThinApp_4.0.3_169725.msi [This file was not detected by the Virus Scan as infected]
CRC-32: 50189335
MD5: 9e32e3272d2637fb6e0759a604879e6f
SHA-1: 19ef5a6d586ddcc5b9222ba57b0f14159655f3f8
C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS.cab [This file was not detected by the Virus Scan as infected]
CRC-32: d3a9694a
MD5: ddc278a8fe0a25486277d9800e6af85a
SHA-1: 456b731c8b6fdb7a1d7bcff3d1fbe9df58ccc73a
Online Armor++ Virus Scan Results:
Detected Trojan.Win32.Vapsup.vee!A2
C:\Downloads\VMware_ThinApp_4.0.3_169725\Binary.ThinstallProcess
CRC-32: 4888b13c
MD5: 4884cb4622278c0835b9a5dcd2ae0473
SHA-1: ed879ae65147805dd69e1355c17df814b9d434ce
Detected Trojan.Win32.Vapsup.vef!A2
C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS\AppSync.exe
CRC-32: fd20b378
MD5: cbdcdd590f7ffc52b6ce68fa11f2bda4
SHA-1: aebf685e02d6693df9eaa92c67dc5746792b5ecf
Detected Trojan.Win32.Vapsup.veg!A2
C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS\logging.dll
CRC-32: 8adee5d5
MD5: 56ff9b83f58ba8eacb6e939aa4759bf0
SHA-1: b52fa38765a25fe6a2c4f60d76545a4dd64904eb
Detected Trojan.Win32.Vapsup.vek!A2
C:\Downloads\VMware_ThinApp_4.0.3_169725\VMwareVS\thinreg.exe
CRC-32: 423c5652
MD5: c436feff8d9096e7475c84a6bca6096c
SHA-1: 685b84af796132ce144aacd6ff23379e17ddf1a7
Are these files indeed infected by this Trojan, or is it just a false positive? Does anybody have the same version of the original installer, who could find out if the Checksums of the installer and unpacked files match? Should I be worried about whether this Trojan has spread and infected my machine?
Thanks in advance for any help!
© Super User or respective owner