Virtualbox 3.0.6
Host: Ubuntu 9.04
Guest: XP Pro SP3
I just created a VM and installed XP Pro SP3. Then installed Spybot Search & Destroy with it's resident TeaTimer watchdog. I installed Guest Additions and at the completion when it asked me to reboot the VM, Spybot popped up and identified VBoxDrvInst.exe as the DyFuCa.InternetOptimizer trojan.
C:\Program Files\Sun\VirtualBox Guest Additions>dir
Volume in drive C has no label.
Volume Serial Number is 0496-E8F2
Directory of C:\Program Files\Sun\VirtualBox Guest Additions
09/16/2009 08:40 PM <DIR> .
09/16/2009 08:40 PM <DIR> ..
06/30/2009 11:28 AM 25,214 iexplore.ico
09/16/2009 08:40 PM 51 Sun VirtualBox Guest Additions.url
09/09/2009 01:20 PM 79,488 uninst.exe
09/09/2009 01:20 PM 84,496 VBCoInst.dll
09/09/2009 01:20 PM 641,552 VBoxControl.exe
09/09/2009 01:20 PM 63,632 VBoxDisp.dll
09/09/2009 01:19 PM 104,976 VBoxDrvInst.exe
09/09/2009 01:20 PM 8,990 VBoxGuest.cat
09/09/2009 01:20 PM 2,751 VBoxGuest.inf
09/09/2009 01:20 PM 51,792 VBoxGuest.sys
09/09/2009 01:20 PM 7,545 VBoxMouse.cat
09/09/2009 01:20 PM 2,090 VBoxMouse.inf
09/09/2009 01:19 PM 39,888 VBoxMouse.sys
09/09/2009 01:20 PM 1,030,672 VBoxTray.exe
09/09/2009 01:20 PM 8,082 VBoxVideo.cat
09/09/2009 01:20 PM 2,816 VBoxVideo.inf
09/09/2009 01:20 PM 76,816 VBoxVideo.sys
09/09/2009 01:20 PM 625,103 VBoxWHQLFake.exe
18 File(s) 2,855,954 bytes
2 Dir(s) 4,831,555,584 bytes free
C:\Program Files\Sun\VirtualBox Guest Additions>\download\md5sums vboxdrvinst.ex
e
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type \download\md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[C:\Program Files\Sun\VirtualBox Guest Additions\]
VBoxDrvInst.exe d1accd5280d43e277622b1693a51cbb2
I assume this is a false positive?
Thanks.
Guest Additions - false Trojan positive ?
-
GoFaster
- Posts: 1
- Joined: 17. Sep 2009, 02:49
- Primary OS: Ubuntu other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Win XP
Guest Additions - false Trojan positive ?
Last edited by GoFaster on 17. Sep 2009, 13:56, edited 1 time in total.
-
Sasquatch
- Volunteer
- Posts: 17798
- Joined: 17. Mar 2008, 13:41
- Primary OS: Debian other
- VBox Version: VirtualBox+Oracle ExtPack
- Guest OSses: Windows XP, Windows 7, Linux
- Location: /dev/random
Re: Guest Additions - false Trojan positive ?
Yes, it's a false positive. There is no virus in the GA. Else my own antivirus would have triggered something (AVG and Comodo).
Read the Forum Posting Guide before opening a topic.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org
Retired from this Forum since OSSO introduction.
VirtualBox FAQ: Check this before asking questions.
Online User Manual: A must read if you want to know what we're talking about.
Howto: Install Linux Guest Additions
Howto: Use Shared Folders on Linux Guest
See the Tutorials and FAQ section at the top of the Forum for more guides.
Try searching the forums first with Google and add the site filter for this forum.
E.g. install guest additions site:forums.virtualbox.org
Retired from this Forum since OSSO introduction.