2

What is the appropriate course of action if you believe a manufacturer's driver contains a trojan or virus, beyond just contacting them?

Details

After my computer-savvy girlfriend got her first (known) virus (a trojan in this case), I went through her download history to try and find the source. Everything checked out clean except for a driver that she recently downloaded from what we believe is the manufacturer's web site of her VisTablet (the bottom link is the one we believe to contain a virus).

We're reformatting her hard drive, just to be safe, so I'm not worried about getting rid of the virus(es). I am, however, concerned that more people might fall victim to this and I am wondering what the best course of action is, beyond attempting to contact the (possibly shady--private whois, no identity in TLS certificate) owners of that web site.

Evidence

Here's a link to the specific file (WARNING: MAY CONTAIN VIRUS): (removed)

Here's an online scan I made of that file: http://virusscan.jotti.org/en/scanresult/6abbd6a44a0d99340fa54db610fe0977ed79a885/e6a4ec2444d0a9b3bd20786d7ecba8458b7d2c8a

Only one of the scanners found anything at all: Troj.Downloader.W32.Aphex.020. I might chalk this up to a false positive, but it's the only lead I have and the timing is perfect. Shortly after she installed that file, two separate trojans were detected (albeit not the one found by that scanner). I'd be interested in hearing if it's possible to verify that the file really does contain a trojan or if it is just a false positive (perhaps a Windows VM with Wireshark?).

Improve this question

2 Answers 2

Reset to default
2

The first step should be to contact the manufacturer with your concerns and see what they have to say on the matter.

This is very rare for something like this to happen, but, it isn't unheard of and is possible.

That being said, without an in-depth investigation in to the driver (and sorry, I don't have the time to examine), I would say that the most likely cause would be that the tablet's driver uses weird integration techniques / hooks which are similar to other malware.

I have done some more scans on the extracted file alone, and, it appears to be clean. Again, can't rule it out - but, it is highly possible that your girlfriend got the virus somewhere else.

Improve this answer
1

I have tested the driver using the website Virustotal, which tests using 43 ant-virus products, and not only ten. The results are available here, and are very simply "All clear, no viruses".

As your download website is the correct one, I would give it a very high probability of this being a false positive. The VisTablet Support will probably already know all about these false positives (if not - they should), so get in touch with them.

You should better have a look at the tools that your friend is using. Currently, the main vector for infection is the browser, rather than downloaded products. I would first make sure that your friend is not using Internet Explorer. Firefox with the NoScript extension would be much more secure.

Please note that even Firefox is much less secure without NoScript, and I would also throw in for good measures Adblock Plus and Cookie Monster, and teach your friend to beware of any unexpected dialog window in the browser, even if it looks quite innocent.

Improve this answer
2
  • It was the latest version of Firefox, but I certainly see your point.
    – Sydius
    Commented Sep 4, 2011 at 7:20
  • See my edit above.
    – harrymc
    Commented Sep 4, 2011 at 8:14

Not the answer you're looking for? Browse other questions tagged .