Jump to content

Generic MinGW binary reported as "Trojan.Agent"


seebs

Recommended Posts

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.23.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

games :: GAMING [limited]

Protection: Enabled

3/23/2012 6:39:00 PM

fp

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 255607

Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\games\ncsoft\NCAccess.exe (Trojan.Agent) -> No action taken. [0a2761212636ba7cbd1f8c0b6b9551af]

C:\MinGW\msys\1.0\home\games\o.exe (Trojan.Agent) -> No action taken. [0928334f90cc20165b8147506c943ac6]

(end)

The reason this file is sitting around labeled "NCAccess.exe" is that ncsoft's developers are incompetent fools, and have a program which UAC-prompts for admin privileges which it does not actually need. So I wrote a small program, compiled it, and copied it in. Here is the complete source:

int main(void) { return 0; }

This works fine, and I know at least one other person who's done basically the same thing without difficulty. It wasn't detected prior to today, although I think I've only had it in place for about two weeks on this machine.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.