wonderboy2005
January 26th, 2005, 07:38 PM
Trojaned build of DC++ in the wild
Anti-virus company Kapersky Lab has announced that a trojaned version of popular P2P software DC++ has been found in the wild. Several download services, including Download.com have been offering a version which installs malware onto the system.
The trojaned version installs TrojanDownloader.Win32.Istbar.er, Trojan.Win32.Krepper.ag and Trojan.Win32.Agent.ba - all of which are related to installation of AdWare.
The version offered by AfterDawn.com (http://www.afterdawn.com/software/p2p_software/p2p_applications/dcplusplus.cfm) is clean. You can identify the infected version from the proper one from their MD5 sum.
MD5 for clean version: 9041a4c53a30bb45fcd6a81669241045
MD5 for trojaned version: 02ffde276505191525e84cf084cb85e9
According to Kapersky only the installation package of tha latest version, v0.668, is affected. If you have installed that version it is recommended that you check your system using, for example, Ad-Aware (http://dawnload.net/desktop_software/desktop_security/ad-aware.cfm).
After checking your system download the clean version from the following URL:
http://www.afterdawn.com/software/p2p_software/p2p_applications/dcplusplus.cfm
Download.com has removed the listing for DC++.
Source: Kapersky Lab (http://www.viruslist.com/en/weblog?weblogid=158236628)
I (wonderboy) got it from http://www.afterdawn.com/
Anti-virus company Kapersky Lab has announced that a trojaned version of popular P2P software DC++ has been found in the wild. Several download services, including Download.com have been offering a version which installs malware onto the system.
The trojaned version installs TrojanDownloader.Win32.Istbar.er, Trojan.Win32.Krepper.ag and Trojan.Win32.Agent.ba - all of which are related to installation of AdWare.
The version offered by AfterDawn.com (http://www.afterdawn.com/software/p2p_software/p2p_applications/dcplusplus.cfm) is clean. You can identify the infected version from the proper one from their MD5 sum.
MD5 for clean version: 9041a4c53a30bb45fcd6a81669241045
MD5 for trojaned version: 02ffde276505191525e84cf084cb85e9
According to Kapersky only the installation package of tha latest version, v0.668, is affected. If you have installed that version it is recommended that you check your system using, for example, Ad-Aware (http://dawnload.net/desktop_software/desktop_security/ad-aware.cfm).
After checking your system download the clean version from the following URL:
http://www.afterdawn.com/software/p2p_software/p2p_applications/dcplusplus.cfm
Download.com has removed the listing for DC++.
Source: Kapersky Lab (http://www.viruslist.com/en/weblog?weblogid=158236628)
I (wonderboy) got it from http://www.afterdawn.com/