Poptray virus?

General discussion about PopTray. You love it? You hate it? Talk about it here.

Moderators: KY Dave, jojobear99, Rdsok

Post Reply
davet
First Timer
Posts: 2
Joined: Thu Jun 15, 2006 10:37 am

Poptray virus?

Post by davet » Thu Jun 15, 2006 12:51 pm

Yesterday my fsecure anti virus came up with the following message..
Malicious code found in file C:\ZIPFILES\POPTRAY.EXE.
Infection: Trojan-Spy.Win32.Banker.bkl
Action: The file was renamed.

Do I have a virus I did a scan of my drive and all was clear
So I renamed the file back to poptray.exe and as soon as I run it the message appeared again!
So I decided t get the latest version of poptray and as soon as I ran the downloaded exe to install the latest version, the message appeared again.
Has anybody else had this as currently I can’t run pop tray as my antiviral keeps stopping it?

User avatar
KY Dave
Not the Developer
Posts: 1599
Joined: Thu Mar 14, 2002 7:29 pm
Location: Burkesville, KY. U.S.A.
Contact:

Post by KY Dave » Thu Jun 15, 2006 1:16 pm

From where did you download it?

I suggest you DELETE the file you have and take the actions necessary to protect your system. Search with GOOGLE for that trojan, it seems to be a program to steal financial info and also opens a backdoor. You should scan for a trojan and use a removal program.

Then download a clean version from SOURCE FORGE by starting at the link below...

http://www.poptray.org/beta.php

Scan it and then install.

SourceForge has the original PopTray.exe files and they should contain no virus. They are NOT zip files.
KY Dave

Family Blog
You can STOP SPAM using PopFile and PopTray.

User avatar
Rdsok
PopTray Family
Posts: 1418
Joined: Fri Mar 19, 2004 11:36 pm
Location: Norman, Oklahoma USA
Contact:

Post by Rdsok » Thu Jun 15, 2006 5:42 pm

I would suggest double checking the results that your antivirus is giving you.... Test the file at http://virusscan.jotti.org/ and if see if it is a false positive.

If it is a false, report it to your antivirus company, normally this is done by zipping the file and emailing it to them but each company has different methods so check with them first.

Always get the files you download from the official website or its mirror websites to help avoid getting files that may have been altered by others.

davet
First Timer
Posts: 2
Joined: Thu Jun 15, 2006 10:37 am

Post by davet » Thu Jun 15, 2006 8:12 pm

I did download the latest file it from SOURCE FORGE but the Poptray that i had was running on my PC for about a year without a problem suddenly the virus error appeared today without even receiving an email. So i thought it may be infected that is why i downloaded a new copy and the install.exe gave the same result, but only whe i tried to run/ install it. But before running the install exe the scan said it was fine? and the installation completed without error and the new version of poptray works fine. So confusing!!

User avatar
Rdsok
PopTray Family
Posts: 1418
Joined: Fri Mar 19, 2004 11:36 pm
Location: Norman, Oklahoma USA
Contact:

Post by Rdsok » Thu Jun 15, 2006 11:10 pm

It shouldn't be confusing if you had read the info I posted as well... it would just mean that now your AV program is giving a false positive after it recieved an update and you need to report it so they may "fix" it in a later update.

antoine
Enthusiast
Posts: 26
Joined: Fri Sep 12, 2003 9:14 am
Location: Paris, France
Contact:

Post by antoine » Fri Jun 16, 2006 3:38 pm

A french user just reported me the same infection detected by Kaspersky AV with poptray v3.03

My opinion about that :

- I really doubt Renier would ever put a trojan horse in his software
- Maybe the preview feature of poptray may have corrupted a machine when it is used to preview a malicious mail
- As has already been mentionned maybe just a false positive
- It is wise to check where the suspected version of poptray has been downloaded (non official site, P2P, ...)

--
Antoine, french poptray co-translator

User avatar
Renier
Site Admin
Posts: 1957
Joined: Mon Oct 15, 2001 12:54 pm
Location: Cape Town, South-Africa
Contact:

Post by Renier » Sat Jun 17, 2006 1:09 pm

Sounds like a false positive to me. Maybe PopTray contains the same bytes that they are using as a signature for the virus.

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests