Author Topic: NEW virus - MSIL:CRYPT-NB - TROJAN  (Read 11859 times)

0 Members and 1 Guest are viewing this topic.

Offline simon007

  • Newbie
  • *
  • Posts: 1
NEW virus - MSIL:CRYPT-NB - TROJAN
« on: May 07, 2013, 08:52:21 PM »
Avast just flagged up / BLOCKED this virus

MSLI:Crypt-BN

anyone heard of it.

During boot scan i was able to delete it from several programs,   seemed to be attatched to
this file       FTPUtilsu.dll  [ trj ]
I could not however repair the file.

Should I just re-install windows 7 rather than   reinstall the affected programs.
I don't want this virus to come back?

Simon

Offline fagash61

  • Newbie
  • *
  • Posts: 1
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #1 on: May 07, 2013, 09:04:08 PM »
Got the same MSIL:Crypt-NB when I ran WebPlus X6. I can't be certain, but FTPUtilsU.dll appears to be genuine and Avast is giving a false positive.
I have checked and 'FTPUtilsU.dll' is installed in my \Serif\WebPlusX6\Program folder. Have sent a false positive report to Avast.

Offline tyraarane

  • Newbie
  • *
  • Posts: 17
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #2 on: May 07, 2013, 09:10:39 PM »
It's most likely a false positive. I picked up the same MSIL:Crypt-NB in 14 files related to the game Audiosurf--they all came up during a routine scheduled scan today; here's a list. I uploaded ~10 of those files to VirusTotal, where only 2 out of 45 AVs came back detecting infections: Avast and one I'd never heard of (GData). Both detected MSIL:Crypt-NB.

Several other Steam users are reporting the same trojan in the exact same Audiosurf files as well...what are the odds we all have trojans infecting the exact same files? Slim to none, I'd wager. I'd be willing to bet yours is a false positive as well. I've reported mine to Avast.

Offline ShadeWing

  • Jr. Member
  • **
  • Posts: 22
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #3 on: May 07, 2013, 09:20:09 PM »
I had the same issue with 14 files in Audiosurf as well.  It's more than likely a false positive, so I sent a report in.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36691
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #4 on: May 07, 2013, 09:24:59 PM »
Quote
where only 2 out of 45 AVs came back detecting infections: Avast and one I'd never heard of (GData). Both detected MSIL:Crypt-NB.
actually only one.....as Gdata use avast as one of its two virus engines

« Last Edit: May 07, 2013, 09:27:20 PM by Pondus »

Offline Jim Fisher

  • Newbie
  • *
  • Posts: 9
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #5 on: May 07, 2013, 10:08:47 PM »
This may be what I have been fighting all day. The update that occured last night/earlier today screwed up my console and clients. ALL DAMN DAY I have been fighting with this same false positive. It was produced from an application which I have had installed for almost a year (with the appropriate patching) I know it is a failed/bad update from AVAST...

I came in and thought my network was completly infected. I have 80 workstations and a dozen or so severs all generating this same message ALL DAMN DAY....

It has wreacked havoc on production and users are STEAMED AS I AM STEAMED!

BOOO BOOOOOOOO! >:(

Offline le_alain

  • Newbie
  • *
  • Posts: 2
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #6 on: May 07, 2013, 11:37:48 PM »


BOOO BOOOOOOOO! >:(


BooBooo toooo, that's why I regiter
AVAST juste destroyed My ACDSEEPRO6 for the same reason.

It's false and an Error of AVAST !!  it's a regular register program with NO Problem.
And avast also block when I want to reinstall

and can't uninstall AVAST of my PC !
how do I work now ??????????

My only problem is AVAST !!!   

BOOOO OOOO OOO !  :(  :(  :(
« Last Edit: May 07, 2013, 11:39:48 PM by le_alain »

Offline RAFT IT

  • Newbie
  • *
  • Posts: 3
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #7 on: May 08, 2013, 12:01:09 AM »
I have AVAST! Endpoint.

This destroyed my companies Point of Sale software today.

Short term fix was to restore all the files moved to virus chest and turn off real time file shield on the computers running the POS software.  Once updated definitions are released I will turn it back on.

Offline mima85

  • Newbie
  • *
  • Posts: 1
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #8 on: May 08, 2013, 09:33:34 AM »
We've had the same problem with our own software. Avast is continuously detecting the Chilkat Inc. components' DLLs used by our software as infected with the trojan MSIL:Crypt-NB, which of course are not. This is a false positive and it happens since yesterday afternoon.

Avast's people, you're causing A LOT OF PROBLEMS to our company and to our customers which use your antivirus (and they're quite a lot). Fix this issue IMMEDIATELY!!!!

And be sure that hereafter I'll NEVER recommend your antivirus product, rather I'll tell (and I'm still doing it) our customers to change it with something more reliable! You lost credibility with this bug, your product became a very big problem for us.

BOOOOOO BOOOOOO BOOOOOOOOO also from us!  >:( >:( >:( >:( >:(
« Last Edit: May 08, 2013, 09:54:26 AM by mima85 »

Offline Antagony

  • Newbie
  • *
  • Posts: 1
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #9 on: May 08, 2013, 04:17:30 PM »
Similarly to mima85, we are a software company with a lot of customers and all our applications use Chilkat libraries extensively. So those of our customers using avast! had their systems totally screwed up by this problem yesterday.

I realize the latest definitions update has fixed this false positive (and reasonably quickly), but that was unfortunately too little, too late for many of our customers – whose businesses were severely disrupted by this – and it won't undo the damage to our own reputation.

What I don't understand, and would like to see an explanation for, is how could this happen in the first place? Chilkat's libraries are all digitally signed and they're a reputable company that's been around for years. Moreover, these files were all registered in Windows as either COM or .NET components, so they were almost certainly going to be integral to the proper running of an application users had installed on their systems. Don't avast! have some mechanism to check that the files they're blanket flagging as malware actually are? You know, like researching first to find out whether an infected file has a genuine counterpart that is safe before issuing a blanket flag? I understand someone may have used the Chilkat name to disguise their malware, but surely it wouldn't be that difficult to differentiate between genuine files and fake ones if the genuine files were known about?

Oh and this whole thing might not have been so bad if there was a relatively straightforward way to tell the avast! program it had made a mistake and to restore the incorrectly removed files to their proper locations. If that was the case we could have fired out a quick email to all of our customers, instructing them on how to resolve the problem. But the only way we could find to fix this was to manually add exclusions and then copy the files back in; and as this involved a few files in different locations (that varied depending on the OS) that was too much of a task to try and instruct our customers how to do for themselves. So we've had to spend a day and a half supporting our customers remotely after this debacle!

This is not good enough avast!, simply not good enough!

Offline viznu

  • Newbie
  • *
  • Posts: 1
Re: NEW virus - MSIL:CRYPT-NB - TROJAN
« Reply #10 on: May 09, 2013, 12:34:16 PM »
Sir,

Please fix this false positive. We have around 350 installations of our software spread across 4 Customers. Our software use Chilkat libraries extensively. Around 70 of these installations  has Avast installed and the Chilkat libraries are removed in most of them. Our engineers are going nuts fixing this. Please restore the files through a new update.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32541
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!