Found a trojan in the game TokkobotDX

[Guest]

Archived from groups: alt.comp.freeware.games (More info?)

My antivirusprogram (Norman Virus Control) found a trojan called
LowZones.A in the download for the game TokkobotDX.


--
JP Loken

 

[Guest]

Archived from groups: alt.comp.freeware.games (More info?)

On Thu, 16 Sep 2004 17:39:24 GMT, JP Loken
<jp_lokennospam@hotmailikkespam.com> wrote:

> My antivirusprogram (Norman Virus Control) found a trojan called
> LowZones.A in the download for the game TokkobotDX.
>
>

Norman Virus Control has started to claim that several other, older
freeware programs I have stored were also infected by the trojan. (Among
others I've lost the languagepack to GG Search; Table; Wordweb; Dr.Delete.)

I've learned that this particular trojan has been discovered very recently.
I therefore think that it's my antivirus program going mad.

I'm sorry.
(I'm also damned sorry for the programs I've lost.) :-(


--
JP Loken

 

[Guest]

Archived from groups: alt.comp.freeware.games (More info?)

[This followup was posted to alt.comp.freeware.games and a copy was sent
to the cited author.]

JP Loken wrote alt.comp.freeware.games on Thu, 16 Sep 2004 20:53:19 GMT,
the following
> On Thu, 16 Sep 2004 17:39:24 GMT, JP Loken
> <jp_lokennospam@hotmailikkespam.com> wrote:
>
> > My antivirusprogram (Norman Virus Control) found a trojan called
> > LowZones.A in the download for the game TokkobotDX.
> >
> >
>
> Norman Virus Control has started to claim that several other, older
> freeware programs I have stored were also infected by the trojan. (Among
> others I've lost the languagepack to GG Search; Table; Wordweb; Dr.Delete.)
>
> I've learned that this particular trojan has been discovered very recently.
> I therefore think that it's my antivirus program going mad.
>
> I'm sorry.
> (I'm also damned sorry for the programs I've lost.) :-(
>
Did you recently download the game? And if so what site? I just
downloaded TokkobotDX V1.0 from
http://personal.inet.fi/cool/suni/tokkobotdx.html
and checked the D/L with AVG and it did NOT report a virus. Maybe the
site where you downloaded it from is adding extras. Maybe you got the
virus from somewhere else.

Mark S

 

[Guest]

Archived from groups: alt.comp.freeware.games (More info?)

On Thu, 16 Sep 2004 21:17:34 GMT, Mark S. <mark@caiman.us> wrote:

> [This followup was posted to alt.comp.freeware.games and a copy was sent
> to the cited author.]
>
> JP Loken wrote alt.comp.freeware.games on Thu, 16 Sep 2004 20:53:19 GMT,
> the following
>> On Thu, 16 Sep 2004 17:39:24 GMT, JP Loken
>> <jp_lokennospam@hotmailikkespam.com> wrote:
>>
>> > My antivirusprogram (Norman Virus Control) found a trojan called
>> > LowZones.A in the download for the game TokkobotDX.
>> >
>> >
>>
>> Norman Virus Control has started to claim that several other, older
>> freeware programs I have stored were also infected by the trojan. (Among
>> others I've lost the languagepack to GG Search; Table; Wordweb;
>> Dr.Delete.)
>>
>> I've learned that this particular trojan has been discovered very
>> recently.
>> I therefore think that it's my antivirus program going mad.
>>
>> I'm sorry.
>> (I'm also damned sorry for the programs I've lost.) :-(
>>
> Did you recently download the game? And if so what site? I just
> downloaded TokkobotDX V1.0 from
> http://personal.inet.fi/cool/suni/tokkobotdx.html
> and checked the D/L with AVG and it did NOT report a virus. Maybe the
> site where you downloaded it from is adding extras. Maybe you got the
> virus from somewhere else.
>
> Mark S

I downloaded Tokkobotdx from the same site as you.
When re-downloading it, NVC claimed again it was infected.

When scanning with Trend Micro HouseCall, that AV found one trojan, but in
the same language file to "GG Search" where NVC found one. The difference
was that Trend Micro called it "Troj_sdbot.dn", not "LowZones.A".

I believe you're right in suggesting that I've got a trojan from somewhere
else. Thinking about it, I accidentally hit a warez-like site to day
searching for a solution to a Windows-problem (blush).

I've always kept my programs updated, so I think Trend Micro was wrong in
stating that it was "sdbot.dn".
LowZones.A, on the other hand, seems to have been discovered yesterday(!),
and is therefore more likely.
There is so far hardly any public info about it.


--
JP Loken