Guest Additions - false Trojan positive ?
Posted: 17. Sep 2009, 03:05
Virtualbox 3.0.6
Host: Ubuntu 9.04
Guest: XP Pro SP3
I just created a VM and installed XP Pro SP3. Then installed Spybot Search & Destroy with it's resident TeaTimer watchdog. I installed Guest Additions and at the completion when it asked me to reboot the VM, Spybot popped up and identified VBoxDrvInst.exe as the DyFuCa.InternetOptimizer trojan.
C:\Program Files\Sun\VirtualBox Guest Additions>dir
Volume in drive C has no label.
Volume Serial Number is 0496-E8F2
Directory of C:\Program Files\Sun\VirtualBox Guest Additions
09/16/2009 08:40 PM <DIR> .
09/16/2009 08:40 PM <DIR> ..
06/30/2009 11:28 AM 25,214 iexplore.ico
09/16/2009 08:40 PM 51 Sun VirtualBox Guest Additions.url
09/09/2009 01:20 PM 79,488 uninst.exe
09/09/2009 01:20 PM 84,496 VBCoInst.dll
09/09/2009 01:20 PM 641,552 VBoxControl.exe
09/09/2009 01:20 PM 63,632 VBoxDisp.dll
09/09/2009 01:19 PM 104,976 VBoxDrvInst.exe
09/09/2009 01:20 PM 8,990 VBoxGuest.cat
09/09/2009 01:20 PM 2,751 VBoxGuest.inf
09/09/2009 01:20 PM 51,792 VBoxGuest.sys
09/09/2009 01:20 PM 7,545 VBoxMouse.cat
09/09/2009 01:20 PM 2,090 VBoxMouse.inf
09/09/2009 01:19 PM 39,888 VBoxMouse.sys
09/09/2009 01:20 PM 1,030,672 VBoxTray.exe
09/09/2009 01:20 PM 8,082 VBoxVideo.cat
09/09/2009 01:20 PM 2,816 VBoxVideo.inf
09/09/2009 01:20 PM 76,816 VBoxVideo.sys
09/09/2009 01:20 PM 625,103 VBoxWHQLFake.exe
18 File(s) 2,855,954 bytes
2 Dir(s) 4,831,555,584 bytes free
C:\Program Files\Sun\VirtualBox Guest Additions>\download\md5sums vboxdrvinst.ex
e
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type \download\md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[C:\Program Files\Sun\VirtualBox Guest Additions\]
VBoxDrvInst.exe d1accd5280d43e277622b1693a51cbb2
I assume this is a false positive?
Thanks.
Host: Ubuntu 9.04
Guest: XP Pro SP3
I just created a VM and installed XP Pro SP3. Then installed Spybot Search & Destroy with it's resident TeaTimer watchdog. I installed Guest Additions and at the completion when it asked me to reboot the VM, Spybot popped up and identified VBoxDrvInst.exe as the DyFuCa.InternetOptimizer trojan.
C:\Program Files\Sun\VirtualBox Guest Additions>dir
Volume in drive C has no label.
Volume Serial Number is 0496-E8F2
Directory of C:\Program Files\Sun\VirtualBox Guest Additions
09/16/2009 08:40 PM <DIR> .
09/16/2009 08:40 PM <DIR> ..
06/30/2009 11:28 AM 25,214 iexplore.ico
09/16/2009 08:40 PM 51 Sun VirtualBox Guest Additions.url
09/09/2009 01:20 PM 79,488 uninst.exe
09/09/2009 01:20 PM 84,496 VBCoInst.dll
09/09/2009 01:20 PM 641,552 VBoxControl.exe
09/09/2009 01:20 PM 63,632 VBoxDisp.dll
09/09/2009 01:19 PM 104,976 VBoxDrvInst.exe
09/09/2009 01:20 PM 8,990 VBoxGuest.cat
09/09/2009 01:20 PM 2,751 VBoxGuest.inf
09/09/2009 01:20 PM 51,792 VBoxGuest.sys
09/09/2009 01:20 PM 7,545 VBoxMouse.cat
09/09/2009 01:20 PM 2,090 VBoxMouse.inf
09/09/2009 01:19 PM 39,888 VBoxMouse.sys
09/09/2009 01:20 PM 1,030,672 VBoxTray.exe
09/09/2009 01:20 PM 8,082 VBoxVideo.cat
09/09/2009 01:20 PM 2,816 VBoxVideo.inf
09/09/2009 01:20 PM 76,816 VBoxVideo.sys
09/09/2009 01:20 PM 625,103 VBoxWHQLFake.exe
18 File(s) 2,855,954 bytes
2 Dir(s) 4,831,555,584 bytes free
C:\Program Files\Sun\VirtualBox Guest Additions>\download\md5sums vboxdrvinst.ex
e
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type \download\md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[C:\Program Files\Sun\VirtualBox Guest Additions\]
VBoxDrvInst.exe d1accd5280d43e277622b1693a51cbb2
I assume this is a false positive?
Thanks.