I made a backup of my VPS on my PC and Avast antivirus detect a trojan in a file.
The path: \eggdrop\modules-1.6.21\
The file: seen.so
Detection: ELF:IRCBot-D [Trj]
Most likely is a false positive.
I've scanned the file using web total virus and here are the results:
https://www.virustotal.com/es/file/9747 ... 470704763/
Only Avast detect virus of 53 AVs.
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
Trojan in eggdrop module false positive ?
- juanamores
- Master
- Posts: 317
- Joined: Sun Mar 15, 2015 9:59 am
Trojan in eggdrop module false positive ?
If you do not understand my ideas is because I can not think in English, I help me with Google Translate. I only speak Spanish. Bear with me. Thanks 
- juanamores
- Master
- Posts: 317
- Joined: Sun Mar 15, 2015 9:59 am
I sent the file to AVAST Laboratory.
I have confirmed that the virus detection is correct.
The truth is I do not think it virus.
I do not think 52 antivirus mistake .
It is a false positive!
This said AVAST :
I have confirmed that the virus detection is correct.
The truth is I do not think it virus.
I do not think 52 antivirus mistake .
It is a false positive!
This said AVAST :
Buenos días
Gracias por ponerse en contacto con Avast y enviarnos la muestra
El laboratorio de virus me informa de que es realmente un virus y la detección es correcta.
Reciba un cordial saludo
If you do not understand my ideas is because I can not think in English, I help me with Google Translate. I only speak Spanish. Bear with me. Thanks
If and only if you got the eggdrop1.6.21.tar.gz (or whatever version you are using) from the official source aka. Eggheads.org site, then grab the non-compiled seen.c from the archive located in eggdrop1.6.21/src/mod/seen.mod, tell them that they are idiots cos it's a false positive result and uninstall the product.
I just got the seen.c file and here (link) is the virustotal result.
I just got the seen.c file and here (link) is the virustotal result.
Once the game is over, the king and the pawn go back in the same box.
- juanamores
- Master
- Posts: 317
- Joined: Sun Mar 15, 2015 9:59 am
I uploaded the file to so they can scan.
encryption key for file:
I used to download it from the official website, but this was a while ago.
Code: Select all
https://mega.nz/#!cYsRhZzYencryption key for file:
I do not remember where I downloaded this eggdrop .!MUKHc7zBoMixKVPaw3VEZ7ra8TBsAZ5LqN80b430L9Y
I used to download it from the official website, but this was a while ago.
If you do not understand my ideas is because I can not think in English, I help me with Google Translate. I only speak Spanish. Bear with me. Thanks
I would assume they (Avast) classify it as a positive trojan, as eggdrops have been used to power malicious botnets in the past. To be honest, I'd almost expect them to classify any irc-client as an intrusion or trojan...
Sadly, I doubt they'll change their minds about it. Best bet is to get the binaries from a trusted source, or build them yourself, and do whatever you can to whitelist the file on your system.
Sadly, I doubt they'll change their minds about it. Best bet is to get the binaries from a trusted source, or build them yourself, and do whatever you can to whitelist the file on your system.
NML_375
Because they haven't marked more files and just the seen module makes me think that the file has some piece of code (for instance like writing something in a file) similar to what malicious botnets used, maybe got some inspiration from the seen module..
Anyway, I wouldn't be bothered by this if you got the source from Eggheads.org's website.
Anyway, I wouldn't be bothered by this if you got the source from Eggheads.org's website.
Once the game is over, the king and the pawn go back in the same box.