Sign in to follow this  
Followers 0
aismov

AVG antivirus telling me 1.20.1 has "downloader.agent.AQN" Trojan Horse

46 posts in this topic

Is it possible that somone hacked the FTP and added this malicious program?

A immediate repsonse would be nice.

trojan_horse.jpg

Share this post


Link to post
Share on other sites
Is it possible that somone hacked the FTP and added this malicious program?

A immediate repsonse would be nice.

trojan_horse.jpg

Ran avg earlier myself about an hour or two ago and got it. Ended up uninstalling all of wwiiol just for the hell of it. That's why I'm doing a full install.

edit: rewording

Share this post


Link to post
Share on other sites

I just got that same message warning me on all my previous updates too. It just went down the line in the folder the updates get downloaded too and warned me on all of them.

Share this post


Link to post
Share on other sites
I just got that same message warning me on all my previous updates too. It just went down the line in the folder the updates get downloaded too and warned me on all of them.

Same.

Share this post


Link to post
Share on other sites

wtf, even after downloading full install I get the error message!? In my above post I did a scan earlier today on my comp and got this with 1.20.0 playgate.exe.

Share this post


Link to post
Share on other sites

Is it possible that the Trojan has been there for a long time except that it took a while for the guys at AVG to disover it and update out software in order to catch it?

If yes thats kinda scary! Either way I am not downloading 1.20.1 or anything else and installing it until the situation is cleared up.

Share this post


Link to post
Share on other sites
Is it possible that the Trojan has been there for a long time except that it took a while for the guys at AVG to disover it and update out software in order to catch it?

If yes thats kinda scary! Either way I am not downloading 1.20.1 or anything else and installing it until the situation is cleared up.

What of all the guys that have already patched?

Share this post


Link to post
Share on other sites

you should have anti virus disabled during patches and installs.

I have scanned my install folders with norton anti virus 2006 with todays virus definations and it finds no bugs.

Share this post


Link to post
Share on other sites
What of all the guys that have already patched?

I would immediatly clear your Cache and any internet saved forms/passwords that could hold credit card information or passwords that access your online banking page. I would also remove to a physically seperate (i.e. external, removable HDD) all sensitive information on your computer.

Identity theft IS a *VERY* serious issue, so nobody here should be fooling around if they already installed the patch. It might end up being nothing, but the 5 minutes spent clearing out sensitive information from your cache is much wiser than the potential headaches of being a identity theft victim and the hassles you need to go through with your credit card companies, and even the possibility of having a bad credit score because someone stole your info.

I WOULD NOT take this situation lightly until it is resolved. Until we get a rat response telling us what is going on, everyone should treat this VERY seriously and take every precaution possible to protect their identity and financial information. I would:

1) move/delete all sensitive documents

2) clear cache

3) clear saved passwords/saved forms (these store credit card numbers)

4) update your antivirus software if it is not set to autoupdate, then scan all your HDDs

5) make sure that all youe firewalls are up and running (though this doesn't really help against a Trojan)

6) check financial statements this week in case there are any purchases you haven't made

I CANNOT stress this more - I know people who have been the victims of identity theft/fraud and it is NOT a laughing matter. The more you are prepared, and the sooner you catch it and report it, the better off you will be in resolving the issue quickly and without risking a hit to your credit.

Share this post


Link to post
Share on other sites

Ok, this might be bad, even after ignoring the avg message wwiiol 1.20.11 does not work, it says I don't have permissions or something? I've got admin of this comp though. This is getting weirder and weirder. I moved the wwiiol full install thing to the recycle bin and when I opened it 2 new files seem to have appeared out of no were, they were both trojans. I'd take this EXTREMELY SERIOUSLY.

Share this post


Link to post
Share on other sites

Ok, everytime I open the recycle bin another trojan keeps popping up first it was something like recycle9 trojan now it's at 12...

Share this post


Link to post
Share on other sites

Doing another system scan and it caught the same dowloader.agent.aqn file in my temp directory now.

Share this post


Link to post
Share on other sites

I personally running a full system scan right now and moving all sensitive files to my external backup HDD.

Share this post


Link to post
Share on other sites

I am getting the exact same thing that you guys are getting with AVG. I've scanned and removed everything so far, but I can't get the patch to work. It just tells me that I don't have the authority or it's restricted. Have you guys got the thing to work yet?

Share this post


Link to post
Share on other sites
Did all of you download from the link reddog posted!??

I did and no luck. I still get the "restricted" error.

Share this post


Link to post
Share on other sites

I see...so this is where the melt-down is occuring!!

LMAO..sorry to hear this guys..I'm at work.

Share this post


Link to post
Share on other sites
noodle had the same problem

Indeed I do, thanks for directing me here Tompy!

Just downloaded the newest patch and when it tried to run AVG popped up with this!!omgwtfg!@!!

virus6dn.jpg

I just reinstalled the game like a week ago and it never popped up before while getting all the patches. Fackin thing wont patch now' date=' even with avg turned off.[/quote']

Share this post


Link to post
Share on other sites
I did and no luck. I still get the "restricted" error.

I did too, also, if you look at the date this was on the ftp site, it's the 5th of november.

Share this post


Link to post
Share on other sites

I downloaded the patch onto a secure host, and ran two scanners against it. Both came up clean. I'm leaning to "false positive".


[krenn@sls-db7p12 krenn]$ wget ftp://downloads.wwiionline.com/wwiiol12001201.exe
--23:02:50-- ftp://downloads.wwiionline.com/wwiiol12001201.exe
=> `wwiiol12001201.exe'
Resolving downloads.wwiionline.com... done.
Connecting to downloads.wwiionline.com[66.28.224.233]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD not needed.
==> PASV ... done. ==> RETR wwiiol12001201.exe ... done.
Length: 10,322,480 (unauthoritative)

100%[====================================>] 10,322,480 1019.27K/s ETA 00:00

23:03:01 (1019.27 KB/s) - `wwiiol12001201.exe' saved [10322480]

[krenn@sls-db7p12 krenn]$ clamscan wwiiol12001201.exe
wwiiol12001201.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 41232
Engine version: 0.87
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 9.84 MB
Time: 6.465 sec (0 m 6 s)
[krenn@sls-db7p12 krenn]$ /etc/iscan/vscan -v wwiiol12001201.exe
Virus Scanner v3.1, VSAPI v7.510-1002
Trend Micro Inc. 1996,1997
Pattern version 937
Pattern number 113239
wwiiol12001201.exe

==============================
Directory:
Searched : 0
File:
Searched : 1
Scan : 1
Infected : 0
Infected : 0(Include files been compressed)
Time:
Start : 11/9/05 23:23:56
Stop : 11/9/05 23:23:56
Used : 00:00

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.