DeskLock App infected ?

User avatar

Topic author
Superl
Site Admin
Site Admin
Man of action
Man of action
Posts: 1331
Joined: Sat Apr 16, 2011 7:49 am
12
Location: Montreal, Canada
Contact:

Re: DeskLock App infected ?

#2384

Post by Superl »

At this time only those four remain, but didn't get any confirmation from rising McAfee so it can change in the next scan

Baidu-International Trojan.Win32.Badur.qhx 20160122
Jiangmin Trojan/Badur.hjs 20160122
Tencent Win32.Trojan.Badur.Szvv 20160122
ViRobot Trojan.Win32.S.Agent.4877312[h] 20160122


Come and say hello in here
Any donation will help click here please.

Have a nice day :103:
User avatar

Topic author
Superl
Site Admin
Site Admin
Man of action
Man of action
Posts: 1331
Joined: Sat Apr 16, 2011 7:49 am
12
Location: Montreal, Canada
Contact:

Re: DeskLock App infected ?

#2386

Post by Superl »

Ah Ah the saga continue
This this afternoon scan when I created the previous post

Image


And now a few hours later #-o

Image
Will see in the morning, I will continue sending emails :-?


Come and say hello in here
Any donation will help click here please.

Have a nice day :103:
User avatar

Topic author
Superl
Site Admin
Site Admin
Man of action
Man of action
Posts: 1331
Joined: Sat Apr 16, 2011 7:49 am
12
Location: Montreal, Canada
Contact:

Re: DeskLock App infected ?

#2387

Post by Superl »

Here are the communication with Baidu Antivirus Users

There first Email to me
they were kind and wanted to give me a great service :-j
Hi,thanks for your kindly feedback.
For having a smoother communication,we registered a Baidu Antivirus Users' Forum account for you.Your password is:aAIUW2
You can change your password by clicking the link below
Link remove the site link doesn't exist anymore

 
==================
Welcome to Baidu Antivirus's Forum to join other users worldwide.We are ready to help you here and would like to afford answers to your puzzles.
So I went to the forum here is an image of the post over there =)) =)) =))


Image


Come and say hello in here
Any donation will help click here please.

Have a nice day :103:
User avatar

Topic author
Superl
Site Admin
Site Admin
Man of action
Man of action
Posts: 1331
Joined: Sat Apr 16, 2011 7:49 am
12
Location: Montreal, Canada
Contact:

Re: DeskLock App infected ?

#2397

Post by Superl »

OK looks like I can't get it better, to email that I'm posting here to show the service that they have


first one I sent to Tencent support return to me with the mention «550 Mail content denied»

Code: Select all

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  icna_support@tencent.com
    host cloudmx.qq.com [113.108.11.188]
    SMTP error from remote mail server after end of data:
    550 Mail content denied. http://ascloud.qq.com/cgi-bin/readtemplate?t=anti_spam_errors#n1000726

------ This is a copy of the message, including all the headers. ------

Return-path: <admin@lujosoft.net>
Received: from 198-91-XXX.XXX.cpe.distributel.net ([198.91.XXX.XXX]:14345 helo=[192.168.2.2])
	by noc.serveurlasalle2.com with esmtpsa (TLSv1.2:DHE-RSA-CAMELLIA256-SHA:256)
	(Exim 4.85)
	(envelope-from <admin@lujosoft.net>)
	id 1aLBWO-002Co9-RP
	for icna_support@tencent.com; Mon, 18 Jan 2016 10:15:09 -0500
Reply-To: admin@lujosoft.net
To: icna_support@tencent.com
From: "admin@lujosoft.net" <admin@lujosoft.net>
Subject: False Positive
Message-ID: <569D0177.2040606@lujosoft.net>
Date: Mon, 18 Jan 2016 10:15:03 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
X-cPanel-MailScanner-Information: Please contact the ISP for more information
X-cPanel-MailScanner-ID: 1aLBWO-002Co9-RP
X-cPanel-MailScanner: Found to be clean
X-cPanel-MailScanner-SpamCheck: 
X-cPanel-MailScanner-From: admin@lujosoft.net
X-Spam-Status: No

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    I'm the author of this application and as been denied to submission
    by sites because of this false positive<br>
    Detected by your scanner as <span style="color: rgb(180, 12, 26);
      font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
      font-size: 13px; font-style: normal; font-variant: normal;
      font-weight: normal; letter-spacing: normal; line-height: 20px;
      orphans: auto; text-align: left; text-indent: 0px; text-transform:
      none; white-space: normal; widows: 1; word-spacing: 0px;
      -webkit-text-stroke-width: 0px; display: inline !important; float:
      none; background-color: rgb(249, 249, 249);">Win32.Trojan.Badur.Szvv</span><span
      style="color: rgb(180, 12, 26); font-family: 'Helvetica Neue',
      Helvetica, Arial, sans-serif; font-size: 13px; font-style: normal;
      font-variant: normal; font-weight: normal; letter-spacing: normal;
      line-height: 20px; orphans: auto; text-align: left; text-indent:
      0px; text-transform: none; white-space: normal; widows: 1;
      word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
      !important; float: none; background-color: rgb(249, 249, 249);"></span><br>
    <a href="http://www.lujosoft.net/Forum1/download/file.php?id=54">http://www.lujosoft.net/Forum1/download/file.php?id=54</a><br>
  </body>
</html>


The second one to rising suport and return for 554 Mail rejected for policy reasons.

Code: Select all

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  longyu@rising.com.cn
    host mx1.rising.com.cn [218.247.215.231]
    SMTP error from remote mail server after RCPT TO:<longyu@rising.com.cn>:
    554 Mail for longyu@rising.com.cn rejected for policy reasons.

------ This is a copy of the message, including all the headers. ------

Return-path: <admin@lujosoft.net>
Received: from 198-91-XXX.XXX.cpe.distributel.net ([198.91.XXX.XXX]:16236 helo=[192.168.2.2])
	by noc.serveurlasalle2.com with esmtpsa (TLSv1.2:DHE-RSA-CAMELLIA256-SHA:256)
	(Exim 4.85)
	(envelope-from <admin@lujosoft.net>)
	id 1aLBiJ-002EJE-KY
	for longyu@rising.com.cn; Mon, 18 Jan 2016 10:27:27 -0500
Reply-To: admin@lujosoft.net
To: longyu@rising.com.cn
From: "admin@lujosoft.net" <admin@lujosoft.net>
Subject: False positive
Message-ID: <569D0459.30702@lujosoft.net>
Date: Mon, 18 Jan 2016 10:27:21 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-cPanel-MailScanner-Information: Please contact the ISP for more information
X-cPanel-MailScanner-ID: 1aLBiJ-002EJE-KY
X-cPanel-MailScanner: Found to be clean
X-cPanel-MailScanner-SpamCheck: 
X-cPanel-MailScanner-From: admin@lujosoft.net
X-Spam-Status: No

Inquiries Number:RS20160113174907140548
File name:DesklockII.rar
MD5:8CAB668CE2ADC397AC18BA85CCDA7265
File Status:Being analyzed

How long does it take to whitelist my program, Understand that I work 
really hard to built my reputation as a developer and in a seconds you 
guy's destroy it with false positive.


So I'm asking please do something about it, I posted here 5 days ago


So how to reach company like that


Come and say hello in here
Any donation will help click here please.

Have a nice day :103:
Post Reply

Return to “LuJoSoft DeskLock”