Project Delta: Trojan?

My virus software is flagging the nxi.exe as a suspicious file, containing a CRYP_MEW-11 Trojan. Has anybody else ran into this, is this file safe? Personally I’m kind of hesitant to run an exe from the comp on this computer, and my virus software blocked The Missing Piece from touching the internet after installing.

Any help would be appreciated, even from the authors.

  • D

Hello,

I’m the author of Project Delta.
We are not allowed to discuss our games in public until the comp is over.

All I can tell you is this:

The executable is packed with MEW, a free exe-packer program which can be found at:
softpedia.com/get/Programmin … W-SE.shtml

E.

AVG Free Edition doesn’t give a warning. And it didn’t trigger Corporate Norton Antivirus on my work PC (although I haven’t actually tried to run it yet).

Sweet, thanks for getting back to me, I feel a lot better about the file. This is the computer that I program IF on, so I really don’t run anything on it, and I was a little worried. I’ll be trying it out tomorrow. :smiley:

  • D

I’m getting suspicious about this myself… Who knows, maybe when you pack exe-files with it then MEW adds a trojan-code without the author’s knowledge.

I should use another packer in the future.

E.

Maybe, maybe not. I’m using Trend Micro’s PC-cillin on this machine, and it could just be seeing an exe wrapped in MEW and flagging it suspicious because it doesn’t know any better. When I scan it with NOD32 on my Vista box nothing comes up, but like I said, this is my dev box and I’m a little sensitive about it. :wink: Just knowing that you did use a MEW wrapper makes me feel better, because it explains why it was flagged on this machine.

  • D

I have Vista with Norton Protection Center and Norton Internet Security installed on my machine. I have just scanned all my harddrives and the nxi.exe. Nothing found.

This is strange. Why would an antivirus program such as PC-cillin flag a compressed executable as a trojan virus?

Maybe this will help.

This is the link Trend Micro gives me:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=Cryp_MEW-11

It also says:
Aliases: Generic.dx (McAfee), Trojan.Dropper (Symantec), Troj/Patch-F (Sophos),
In the wild: Yes
Overall risk rating: Low

Description:
This is the Trend Micro heuristic detection for suspicious files that manifest similar behavior and characteristics as malware packed by MEW.

I know this is not what you want to hear, but maybe it is spyware. I can’t submit it for review, so I really don’t know, but if it is malware, maybe you can contact Stephen Granade and submit a new version using UPX.

  • D

Oh, I see. You have activated heuristic detection in your antivirus program. This is not recommended really. You should have turned it off, because it tends to give lots of false warnings on files, even on normal Windows system files.

Well, the software installs with heuristic detection turned on, I’ve never had any problems with it, so I’ve never had to turn it off.

So maybe we’re back to:

Which is what I was thinking in the first place when you said that you used a MEW wrapper, but when you said that the authors site was suspicious I was a little worried.

I’m thinking that there’s probably nothing wrong with the file, sorry for all the confusion - D

Like I said, I made a mistake. I will use a reliable packer next time, such as UPX.

Greets
Emilian

Nothing picks up ALL trojans and spyware. If something did, then their would never be a need for updates/upgrades. It is a game in itself, hackers/coders trying to outdo each other…

My advice, have two sweepers running on consecutive days, one reliable paid device, one free device. Believe it or not, the free ones are often able to detect new stuff first, but not remove it, in my experience. Then the updates for the paid goods removes it a few days/weeks later from the quarantine.

I do the same with spyware detection, JSYK.

Tommie

paolari’s post (above yours) was context-sensitive spam. I’m deleting it, and the bot account that posted it.

Whenever your anti-virus finds something, it is a good idea to use this online service:

virustotal.com

It will check the file you submit using over 20 different programs.

Edit:
Btw, Merk, I think that context-sensitive bot is back :stuck_out_tongue: