Win32:Trojan-gen {Other}

[daijitaru]

I just bought a Razer Mamba Mouse today and wanted to download the recent drivers from their website (wxw.razersupport.com). However, as im trying to download the drivers and firmware update, Avast detected them as Win32:Trojan-gen {Other}. I'm thinking these might be a false-positive. I'm unsure on what to do. Would like to ask for help regarding this matter. :-(

[spg SCOTT]

Hi daijitaru,

Welcome to the forum

Please could you upload the file to www.virustotal.com to confirm if it is a false positive and report back with the link to the results?


You could also send the file in a password protected archive to virus(at)avast(dot)com with 'potential false positive' in the subject line and the password in the email body.

or

You could add the file to the user files of the virus chest and send it from there:

Right click avast icon in taskbar -->click start avast antivirus -->right click scanner background --> click virus chest --> navigate to user files -->click add files -->
right click file -->email to alwil software.
If it is already there you can do it anyway...

NOTE:
The file will actually be uploaded when the next update is performed (you can do a manual update to initiate the sending)


You could also add a link to this thread and some more information when you do.

-Scott-

[polonus]

Hi daijitaru,

Try to upload the update to virustotal.com and see what flags it there. This could be a good indication to see if there is a FP or not. On the other hand their website seems to be infected from a suspicious inline script outside of HTML:

Code: [Select]

v*r popUpWin=0;
id=document.loc*tion.href;
function popUpWindow(URLStr, left, top, width, height)
{... }.........[*=a - broken by me - pol]
Report this there, please, and replace URL with wxw.razersupport.com please,

polonus

[daijitaru]

ok ill try these. thanks.

edit: changed the url to wxw

[daijitaru]

This is the result for 1st file: Mamba Firmware Updater v1.08.02.exe

http://www.virustotal.com/analisis/ba4aeb0cbc80b5ec240d2806f21cda7aa854c096611b6f24a4ed9d3348660b97-1253486307


EDIT: the other file is too big for virustotal.

[Milos]

Hi,
I think, that I've seen some similar file -- "setup.exe" in zip file, which creates "usbsvc.exe" in %system32%\drivers and runs it and after that it launches some setup of driver installation. It's strange behavior, maybe you can ask the author of that file.

Milos

[polonus]

Hi Milos,

The Razer mouse drivers have a trojan, re: http://www.virustotal.com/analisis/ba4aeb0cbc80b5ec240d2806f21cda7aa854c096611b6f24a4ed9d3348660b97-1253486307
The trojan has the original driver install program, but after 19-09 a worm in the system directory. So everybody that installed a Razer mouse driver after that date should scan for the trojan, because they have no clue how they were hacked (we know now see previous posting of mine) their support has been taken off for the time being,


polonus

[Milos]

Thanks Polonus,
it looks, they are working on repair.

Milos

[SSund]

Thanks for the post, i had installed a Death Adder on my laptop this last week and ran into a bunch or trojan,rootkit activity and now i know where it developed from. I have already run Malware bites, Super Antispyware, and ATF Cleaner in safe mode with restore points deactivated, then i reinstalled my drivers after i did last known good config and this issue returned. I ran the same programs a second time and i am currently scanning my laptop thoroughly with avast and it has caught 4 trojan's during the scan so far(2 within the razer firmware, zip files). Hopefully i got rid of the annoyances plaguing me at the moment.

[daijitaru]

I have resolved these problems with malwarebytes, I think. Currently trying to resolve a Hijack.displayproperties found by malwarebytes. I dont know if it is related to this.

[hello123]

I herd on malwarebytes forum (i don't know if it's true)
that hijack.displayproperties is a false positive with vista 64bit.