Suspecious EXE file (but only 1 virust scanner confirmed this)

[Murdoc]

Hello all, I've downloaded a "patch" recently for a software and I've used an online site which has all major anti-virus scanner software installed and performs test in their own controlled environment. The test shows that out of 20 anti-virus softwares only AVG deemed it to be a virus namely Generic5.OFF Trojan.

I have noticed that right after using the patch I was under a silent spyware attack and I didn't discover it until the socketcltX.ocx error message came up on my Windows XP screen. I confirmed this to be a spyware attack because after getting this error, I performed a scan with spybot and a spyware was found hiding a bunch of dll files inside C:\windows directory.

It does sound very suspecious but do you guys think that this patch is really a virus? Or do you guys think that it's just coincidence? When I launched the patch everything looks normal and it looked like a regular software.

 

[eyeCpc]

That would depend on what the patch was for. If it was a 3rd mod for some game a possible trojan or adware is likely. From a regular retail software company the likelihood of trojans is greatly deminished there for sure. They want repeat business not a bad rep. That would be where something else triggered the spy right when you were applying the patch.

 

[Crimsonite]

What kinda patch...?

Anyways, go follow Warez' guide..

 

[Murdoc]

What kinda patch...?

Anyways, go follow Warez' guide..

Let's say it's a patch to stop a software from nagging you in registering their program.

The question is, if only 1 anti-virus is able to detect this problem could it really be a coincidence that I got the spyware at the sametime?

 

[eyeCpc]

AVG has been great here at spotting things on occasion. Once while having it completely disabled it suddenly sprang to life when a trojan was swiftly copied to the drive during a web search and coming across some new site. AVG pointed out the exact file name and location at the root of C for manual removal of the apparent trojan downloader. No new registry entries had been made there. SUspect drivers in the Windows\system32 folder suggest a need to post a HT log or something to look for new values in the reg.