VIRUS in Gigabyte drivers?

Discussion in 'Hardware' started by lith, Nov 15, 2006.

  1. lith

    lith Private E-2

    Hi

    After downloading and, unfortunately, installing drivers from Gigabyte's MAIN site, my anti-vir program found a trojan in them!
    Trojan name: Backdoor.RAdmin.w

    The infected drivers were for motherboard integrated audio (Azalia)
    http://www.gigabyte.com.tw/Support/Motherboard/Driver_DownloadFile.aspx?FileType=Driver&FileID=837

    ...and for Gigabyte GeForce 7300GT graphics card:
    http://www.gigabyte.com.tw/Support/VGA/Driver_DownloadFile.aspx?FileType=Driver&FileID=2869

    I'm not sure if this is the right forum to post this, feel free to move it where it should be (admin)
    It would be great if you could download these drivers and scan them as well, then maybe we could mass-attack Gigabyte support for this. I think this is very serious.

    Thanks

    Lith

    (my MoBo - GA-M55S-S3)
     
    lith, Nov 15, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Have you emailed Gigabyte support over this as it is very possible that your AV maybe picking up a false positive as many virii use similar files to liegit ones which make it equally hard to find which is a legit file or not.

    try scanning your system with one of the online scanners to double check,

    Bitdefender online free scan
    http://www.bitdefender.com/scan8/ie.html

    Panda Online free scan
    http://www.pandasoftware.com/activescan/
     
    DavidGP, Nov 15, 2006
    #2
  3. lith

    lith Private E-2

    Yes I sent Gigabyte an e-mail a minute ago. The other scanners didn't show anything so it's less probable now but, well, I think that one positive scan is serious enough, right? No harm in asking here and there I suppose..

    I will keep you posted

    Thanks Halo
    Lith
     
    lith, Nov 15, 2006
    #3
  4. lith

    lith Private E-2

    Finally I got a reply from Gigabyte, of course no explanation but at least they are going to check those drivers..
     
    lith, Nov 21, 2006
    #4
  5. lith

    lith Private E-2

    Finally got a reply from Gigabyte's tech support

    Well, fortunately they checked and haven't found anything malicious in the files (except for the drivers themselves ;-) ). Case closed.

    Lith
     
    lith, Nov 28, 2006
    #5
  6. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi lith,

    Cheers for the updates, I can only summise as in my first post that your AV is picking this a file in the driver package as a trojan, but in reality is a false positive, which AV are you using by the way?

    and have you updated the AV and re-scanned the files again, just to check.


    I did a small bit of searching and for example, Kaspersky a very good AV highlights or did at one point a few months back say CCLeaner and WinRAR were both infected with Backdoor.RAdmin.w
     
    DavidGP, Nov 28, 2006
    #6
  7. lith

    lith Private E-2

    Sorry but your last sentence seems a but cut up for me - did Kaspersky falsely detect this backdoor in those programs?

    Mostly I'm using a polish (patriot, heh) AV - "MKS Vir". I think it's a decent AV, updated daily and it detected stuff which for example Panda didn't see at all. (very probable, not false positives). There is an "english" option so if you're interested you can check it out at http://www.mks.com.pl/skaner/ - of course if you want to waste any more time on this case ;-)
    I think I'll use it in combination with the ones you suggested, especially bitdefender made a good impression.

    Thanks!
    Lith
     
    lith, Nov 29, 2006
    #7
  8. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Yes KAV did highlight those two genuine applications having that trojan in a few months back, fortunatly the next updated virus DAT file removed the flase positive flag.

    It maybe worth if all the other AVs you have scanned with, mainly Bitdefender doesnt highlight the same trojan in the Gigabyte drivers, is to contact MKS and alert them to a possible false positive so that they can investigate.

    I will check that program out, when time allows, so cheers for that :)
     
    DavidGP, Nov 29, 2006
    #8
  9. nitecrawler

    nitecrawler Guest

    downloaded it from American server, scanned with Avast Pro, and some more of my favourites.....clean as a whistle??
     
    nitecrawler, Nov 29, 2006
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds