What happens when you try to run it? MAybe we can work it out from there.
- 01-05-2009, 10:25 AM #79
Details on virus detection
While installing CrackUtil, my machine's anti-virus software detected Mal/Behav-053, a malware whose members are typically worms with backdoor functionality and may include Trojan components. The file under quarantine is C:\Program Files\CrackUtil\is-T90LG.tmp. What exactly is this tmp file and what does it do?
There have been over 1400 downloads of CrackUtil and you are the 1st to detect this.
Which antivirs program are you running?
- 01-07-2009, 09:48 AM #82
It could also be that the last version of crackutil is genuinely infected, by accident or otherwise.
Lastly, if it is bad news, users will not see anything anyway because viruses tend not create animations that jump up and down on the desktop. A virus is more likely to download personal data from a BB, and sting your users 6 months later- the Flop.
I just downloaded it again and can't find anything wrong with it. For mr there are no viruses. I scanned the .zip file the unzipped .exe file and the installed folder in C:\Program FIles\CrackUtil and found no viruses in any of them.
This does not mean that there are none. It only means that I did not find anything.
We need more information. We need to know SPECIFICALLY which file is supposed to be infected.
Inside the CrackUtil.exe file when it has been unzipped are three files.
CrackUtil.exe - the program file
CrackUtil.chm - the help file
Javaoader.exe - RIM's utility that CrackUtil uses to execute commands on the BlackBerry.
The install file is built using Inno Setup Compiler 5.2.3 and the Help file is written in Word 2003 and saved as .htm files. These are then compiled into the .chm file using Abee Chm Maker.
If more people would like to scan any or all of their files and post replies then I and other users would be most grateful.
I had a problem with the title word Crack when an email server refused to let it through for the same reason. This is just a bad piece of AV programming. If I were a burglar I would not wear a Tee shirt saying so. AV programs need to look inside files not reject joke files that are titled "Crack Me Up". See what I mean.
I hope that this is a false positive. I am sure that Sophos is a very good AV product. I have a couple of customers that use it. However it is not in the current Top Ten list of reviewed products AntiVirus Software Review 2009 - TopTenREVIEWS.
Last edited by Pete6; 01-07-2009 at 10:57 AM.
- 01-07-2009, 11:03 AM #84
I just deleted CrackUtil from my PC and downloaded and installed it again. I use Symantec Antivirus with liveupdate 1/7/2009 Rev 2. It did not find any malware in CrackUtil during installation or use.
- 01-07-2009, 11:15 AM #85
I was not allowed to login to the corp. network without Sophos installed. They made this happen!
I think its a false positive because the icon is orange instead of red. Scientific, aren't I? Below is the undoctored screen grab of Sophos' warning. This happens only with crackutil.exe- the Flop.
- 01-07-2009, 11:23 AM #87
The issue is with Sophos. I'm not sure if the "crack" in the file name is a key or not but I was unable to download it on my work PC with Sophos running. Downloaded at home with no problems. Flash drives are wonderful inventions.Blessed are they who can laugh at themselves, for they shall never cease to be amused.
I just went to another PC runningBitDefender and it shows CrackUtil as clean. I have a customer laptop here running AVG and I too says my program is clean. I was using Vipre on my own PC so I think that Sophos may be picking up on the word Crack.
flop, could you try also installing CrackPic and/or CrackMem please just to check if it is really the name. Also try any other program not called Crack*. Thanks, man.
- 01-07-2009, 03:43 PM #93
I have submitted the file to Sophos and hopefully they will update their software accordingly
Renamed javaloader.exe to crackjavaloader.exe and Sophos said it was clean. I'm certain it has nothing to do with the filename, and it would be good to have Sophos update their heuristics because its obviously too sensitive.
Last edited by flop; 01-07-2009 at 03:49 PM.- the Flop.
- CrackBerry Genius
01-07-2009, 05:10 PM #96
- 1,860 Posts
- CH me I MUST be dreaming!
Nothing found here either Pete and I have crackmem on 4 computers
- 01-09-2009, 01:45 PM #98
Sophos have confirmed that CrackUtil is clean. I'm sorry for alarming you!!
However, Sophos have also not confessed that its a false-positive. This is nuts because I was actually not the first person to raise the alarm. Have Sophos implied that my screenshot was faked? Maybe I'll sue for libel
I guess this means they won't change anything and that CrackUtil won't work for Sophos users
Last edited by flop; 01-09-2009 at 01:48 PM.- the Flop.
It also sounds like Sophos are denying all responsibility, all shapes, all sizes and all colors. As I said earlier, it's like an ex-gf of mine who had a false positive which, is always worrying.
- CrackBerry User
01-10-2009, 08:40 AM #100
- 34 Posts
'true' is not a valid....error
Downloaded the program and trying to retrieve the files on my BB 8900 running 184.108.40.206.
It sees the device, shows the software and event log, but when I press 'retrieve file listing' I get the following error: " 'true' is not a valid floating point value"
If I do it a second time after this error, I get " I/O Error 32 "
Running it on XP. Any advice....My bb and software too new for this handy program?