Author Topic: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]  (Read 12503 times)

0 Members and 1 Guest are viewing this topic.

Offline artamangr

  • Jr. Member
  • **
  • Posts: 25
  • Arta forever!
QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« on: November 24, 2005, 11:53:46 AM »
Hi everyone.
Having updated to the latest vps (VPS 0547-3, 24.11.2005) which added detection of this worm, i almost immediately got notified that QuickTimeStreaming.qtx in C:\Program Files\QuickTime\QTsystem is infected by it. Having the file moved to the chest, apart from QuickTime that stopped working after that also the instant messenger Trillian stopped working (it seems strange regarding trillian, but since last night -when it was working properly- i didnt add any software or anything...i just boot this morning the laptop, antivirus updated, file moved to chest, trillian stopped working...). Also, regarding QuickTime i havent been using it at all (neither i remember seeing it working through any browser) so it seems strange that some of its files got infected.
Can this be a false positive detection case?
I remember a few weeks ago, after an update, adobe32.dll was reported as infected in what turned out to be a false positive.
Thank u in advance for any advise
Cheers!
Piges ntip myalo!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #1 on: November 24, 2005, 12:04:55 PM »
QuickTime is into iTunes right now.
You could have a plugin for iTunes into Trillian.
But, as you say, it could be a false positive.
Did you submit the file to Jotti or VirusTotal for analysis?
The best things in life are free.

Offline artamangr

  • Jr. Member
  • **
  • Posts: 25
  • Arta forever!
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #2 on: November 24, 2005, 12:10:50 PM »
QuickTime is into iTunes right now.
You could have a plugin for iTunes into Trillian.
But, as you say, it could be a false positive.
Did you submit the file to Jotti or VirusTotal for analysis?

Sorry, but i ve never done that before..do i just have to use the option in the virus chest 'email to alwil software'?
Piges ntip myalo!

Offline Raveny

  • Newbie
  • *
  • Posts: 1
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #3 on: November 24, 2005, 12:31:02 PM »
Hi,
I have the same problem like you. It just happened after the daily update of avast!
I turned avast off now and everything works fine again!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11798
    • AVAST Software
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #4 on: November 24, 2005, 12:44:16 PM »
The problem should be fixed now.
Sorry for the troubles.

Offline artamangr

  • Jr. Member
  • **
  • Posts: 25
  • Arta forever!
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #5 on: November 24, 2005, 12:49:42 PM »
Yep,
everything works now :)
thanks
Piges ntip myalo!

Offline mafmaf

  • Newbie
  • *
  • Posts: 3
  • avast! Appreciation Society :)
    • STARBASE_74
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #6 on: November 24, 2005, 12:58:26 PM »
I just got the same detection. My VPS file just updated to 0547-3, 24.11.2005. Should I mark the QuickTimeStream.qtx file as safe?

Cheers!

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11798
    • AVAST Software
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #7 on: November 24, 2005, 01:02:11 PM »
Invoke a VPS update - 0547-4 was released a while ago.

Offline mafmaf

  • Newbie
  • *
  • Posts: 3
  • avast! Appreciation Society :)
    • STARBASE_74
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #8 on: November 24, 2005, 01:05:02 PM »
Invoke a VPS update - 0547-4 was released a while ago.


Great, thanks for that, igor :)

Offline MikiGreen

  • Newbie
  • *
  • Posts: 3
QuickTimeStreaming.qtx gone
« Reply #9 on: November 24, 2005, 01:27:25 PM »
I'm sorry but I didn't move QuickTimeStreaming.qtx to chest, but deleted it.
I know now we can simply use iTunes and Quicktime by taking it back from chest 'cause the latest version no longer detects QuickTimeStreaming.qtx, but How can I do without QuickTimeStreaming.qtx?

I already tried to install iTunessetup.exe again, but after installing, iTunes still shows error, and I can't even uninstall Quicktime from my PC. :-\

thanks

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: QuickTimeStreaming.qtx gone
« Reply #10 on: November 24, 2005, 01:34:32 PM »
How can I do without QuickTimeStreaming.qtx?
I can send the file to your email if you want...
The best things in life are free.

Offline MikiGreen

  • Newbie
  • *
  • Posts: 3
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #11 on: November 24, 2005, 01:38:49 PM »
oh, it got solved.
Deleting Quicktime folder, I could uninstall Quicktime.

thx :D

Offline MikiGreen

  • Newbie
  • *
  • Posts: 3
Re: QuickTimeStreaming.qtx gone
« Reply #12 on: November 24, 2005, 01:40:16 PM »
How can I do without QuickTimeStreaming.qtx?
I can send the file to your email if you want...

Thanks but no thanks  now;)

Offline Nightquest

  • Newbie
  • *
  • Posts: 6
  • www.oinonen.biz
    • www.oinonen.biz
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #13 on: November 24, 2005, 02:03:39 PM »
Thanks for updates, now quicktime works perfectly again.

Offline lantiero

  • Newbie
  • *
  • Posts: 3
Re: QuickTimeStreaming.qtx infected by Win32:Trojano-2949 [Trj]
« Reply #14 on: November 25, 2005, 12:16:04 PM »
No, unfortunately I can't get it fixed. I've been trying to re-install iTunes/QuickTime many times since yesterday when I deleted the qtx file on Avast request. I've also updated the VPS to no avail.

 Everything seem to go well as iTunes gets installed, but QT installation stops displaying error code -3.

To uninstall QT seems pretty difficult as well as it complains that the msi installation file cannot be found.

Any suggestions?
Thanks.