Gigabyte files infected with trojan

andres101

Expert Member
Joined
May 14, 2004
Messages
2,124
I downloaded a BIOS upgrade (http://europe.giga-byte.com/FileList/BIOS/motherboard_bios_ga-k8n-sli_f9.exe) from the Gigabyte site that was infected with a trojan.

ClamWin report:
Code:
C:\Downloads\Drivers\Gigabyte K8N-SLI\motherboard_bios_ga-k8n-sli_f9.exe: Trojan.Agent-19508 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 430820
Engine version: 0.94
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 1.21 MB
Time: 3.285 sec (0 m 3 s)

Make sure you scan all your downloads, even if they are from a reputable source. If I extract the files manually from the sfx archive, CalmWin does not pick up any viruses.
 

Grimspoon

Executive Member
Joined
Nov 9, 2006
Messages
8,855
I downloaded a BIOS upgrade (http://europe.giga-byte.com/FileList/BIOS/motherboard_bios_ga-k8n-sli_f9.exe) from the Gigabyte site that was infected with a trojan.

ClamWin report:
Code:
C:\Downloads\Drivers\Gigabyte K8N-SLI\motherboard_bios_ga-k8n-sli_f9.exe: Trojan.Agent-19508 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 430820
Engine version: 0.94
Scanned directories: 0
Scanned files: 1
Infected files: 1

Data scanned: 1.21 MB
Time: 3.285 sec (0 m 3 s)

Make sure you scan all your downloads, even if they are from a reputable source. If I extract the files manually from the sfx archive, CalmWin does not pick up any viruses.

Thats very wierd, I wouldnt think you could get infected from a site like gigabyte....Sure your AV is not playing up? Mine somtimes goes mad, and there is no Trojan or virus.
 

PsyWulf

Honorary Master
Joined
Nov 22, 2006
Messages
11,140
2/36 scanners on Virscan.org found something suspicious.

Honestly I don't find it worrying at all if only clam and fortinet found suspicious file/s

http://virscan.org/report/053070dada5ec4c01caee63d1c352e73.html

File information
File Name : motherboard_bios_ga-k8n-sli_f9.exe
File Size : 566902 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0d021dc9df1bd883ad9706c4f12e74bb
SHA1 : a550979f7a2123f5bc67b26ae082adefacb8c4db

Scanner results
Scanner results : 6% Scanner(2/36) found malware!
Time : 2008/09/25 11:46:23 (SAST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.14 2008.09.24 2008-09-24
-
1.472
AhnLab V3 2008.09.25.01 2008.09.25 2008-09-25
-
0.930
AntiVir 7.8.1.34 7.0.6.209 2008-09-25
-
2.434
Arcavir 1.0.5 200809242042 2008-09-24
-
1.287
AVAST! 3.0.1 080924-1 2008-09-24
-
0.103
AVG 7.5.52.442 270.7.2/1690 2008-09-25
-
1.666
BitDefender 7.60825.1808663 7.21027 2008-09-25
-
3.257
CA (VET) 9.0.0.143 31.6.6105 2008-09-24
-
2.743
ClamAV 0.94 8329 2008-09-25
Trojan.Agent-19508
0.221
Comodo 2.11 2.0.0.657 2008-09-25
-
0.425
CP Secure 1.1.0.715 2008.09.25 2008-09-25
-
5.952
Dr.Web 4.44.0.9170 2008.09.25 2008-09-25
-
3.282
ewido 4.0.0.2 2008.09.24 2008-09-24
-
2.705
F-Prot 4.4.4.56 20080924 2008-09-24
-
1.076
F-Secure 5.51.6100 2008.09.25.01 2008-09-25
-
0.365
Fortinet 2.81-3.113 9.580 2008-09-23
Suspicious
0.364
Ikarus T3.1.01.34 2008.09.25.71526 2008-09-25
-
3.532
JiangMin 11.0.706 2008.09.24 2008-09-24
-
1.272
Kaspersky 5.5.10 2008.09.25 2008-09-25
-
0.065
KingSoft 2008.1.14.15 2008.9.25.17 2008-09-25
-
0.656
McAfee 5.3.00 5391 2008-09-24
-
2.032
Microsoft 1.3903 2008.09.24 2008-09-24
-
0.278
mks_vir 2.01 2008.09.25 2008-09-25
-
2.770
Norman 5.93.01 5.93.00 2008-09-18
-
5.593
nProtect 2008-09-25.00 2167424 2008-09-25
-
4.325
Panda 9.05.01 2008.09.24 2008-09-24
-
2.675
Quick Heal 9.50 2008.09.25 2008-09-25
-
2.082
Rising 20.0 20.63.32.00 2008-09-25
-
0.964
Sophos 2.78.0 4.33 2008-09-25
-
1.949
Sunbelt 3.1.1668.1 2256 2008-09-24
-
0.520
Symantec 1.3.0.24 20080924.003 2008-09-24
-
0.084
The Hacker 6.3.0.9 v00093 2008-09-24
-
0.422
Trend Micro 8.700-1004 5.566.02 2008-09-24
-
0.045
VBA32 3.12.8.6 20080924.1354 2008-09-24
-
1.420
ViRobot 20080925 2008.09.25 2008-09-25
-
0.415
VirusBuster 4.5.11.10 10.88.6/635732 2008-09-24
-
1.181
NOTICE: It may be false positive by some scanners when they found a malware, so you should judge it by yourself.
 

werner

Expert Member
Joined
Jun 27, 2005
Messages
3,396
it makes sense.
a windows exe with code to overwrite the bios (which it seems this exe file is)....if they are using heuristics then it really should pick it up as a virus.

then you should use your noggin and realise why it is happening.
 
Top