Poptray virus?

[davet]

Yesterday my fsecure anti virus came up with the following message..
Malicious code found in file C:\ZIPFILES\POPTRAY.EXE.
Infection: Trojan-Spy.Win32.Banker.bkl
Action: The file was renamed.

Do I have a virus I did a scan of my drive and all was clear
So I renamed the file back to poptray.exe and as soon as I run it the message appeared again!
So I decided t get the latest version of poptray and as soon as I ran the downloaded exe to install the latest version, the message appeared again.
Has anybody else had this as currently I can’t run pop tray as my antiviral keeps stopping it?

[KY Dave]

From where did you download it?

I suggest you DELETE the file you have and take the actions necessary to protect your system. Search with GOOGLE for that trojan, it seems to be a program to steal financial info and also opens a backdoor. You should scan for a trojan and use a removal program.

Then download a clean version from SOURCE FORGE by starting at the link below...

http://www.poptray.org/beta.php

Scan it and then install.

SourceForge has the original PopTray.exe files and they should contain no virus. They are NOT zip files.
_________________
KY Dave

Family Blog
You can STOP SPAM using this SETUP including FreePOPs, K9 and PopTray.

[Rdsok]

I would suggest double checking the results that your antivirus is giving you.... Test the file at http://virusscan.jotti.org/ and if see if it is a false positive.

If it is a false, report it to your antivirus company, normally this is done by zipping the file and emailing it to them but each company has different methods so check with them first.

Always get the files you download from the official website or its mirror websites to help avoid getting files that may have been altered by others.
_________________
Help Info
Search the Forum
Writing Regular Expressions
How to clean an infected computer

[davet]

I did download the latest file it from SOURCE FORGE but the Poptray that i had was running on my PC for about a year without a problem suddenly the virus error appeared today without even receiving an email. So i thought it may be infected that is why i downloaded a new copy and the install.exe gave the same result, but only whe i tried to run/ install it. But before running the install exe the scan said it was fine? and the installation completed without error and the new version of poptray works fine. So confusing!!

[Rdsok]

It shouldn't be confusing if you had read the info I posted as well... it would just mean that now your AV program is giving a false positive after it recieved an update and you need to report it so they may "fix" it in a later update.
_________________
Help Info
Search the Forum
Writing Regular Expressions
How to clean an infected computer

[antoine]

A french user just reported me the same infection detected by Kaspersky AV with poptray v3.03

My opinion about that :

- I really doubt Renier would ever put a trojan horse in his software
- Maybe the preview feature of poptray may have corrupted a machine when it is used to preview a malicious mail
- As has already been mentionned maybe just a false positive
- It is wise to check where the suspected version of poptray has been downloaded (non official site, P2P, ...)

--
Antoine, french poptray co-translator

[Renier]

Sounds like a false positive to me. Maybe PopTray contains the same bytes that they are using as a signature for the virus.
_________________
Renier Crause