Backdoor or Win32/Ralpha.A Trojan

[Denney]

Can someone point me to a URL with a definition for the above. I've
Googled and read all the forum threads that have come up on the subject
but what I'm really wanting to read is a definition.

Denney

 

[kurt wismer]

Can someone point me to a URL with a definition for the above. I've
Googled and read all the forum threads that have come up on the subject
but what I'm really wanting to read is a definition.

project vgrep returned 0 results for "ralpha"... what product gave you
that name?

anyways, the fact that it's a backdoor trojan is probably 90% of what
there is to tell about it...

 

[Denney]

project vgrep returned 0 results for "ralpha"... what product gave you
that name?

anyways, the fact that it's a backdoor trojan is probably 90% of what
there is to tell about it...

NOD32 calls it Wind32/Ralpha.a Trojan but my current Etrust program and
the Trend Micro online scan don't "see" it. The file is randomize.dll
and is in a 5-year old graphics program (i.e. MGI PhotoSuite II SE).
The response from NOD32 is "other AV detect it as the Ralpha trojan
also".

Half the forum threads say its a false positive the other half claim its
not. The forum threads I've read start up in April discussing the
subject. It also seems to occur in some of Photo Shop Deluxe programs.

Denney

 

[kurt wismer]

NOD32 calls it Wind32/Ralpha.a Trojan but my current Etrust program and
the Trend Micro online scan don't "see" it. The file is randomize.dll
and is in a 5-year old graphics program (i.e. MGI PhotoSuite II SE).
The response from NOD32 is "other AV detect it as the Ralpha trojan
also".

if it infected a legitimate file nod would have called it a virus
instead... since it didn't call it a virus and since it's so old and
part of a legitimate application suite i rather suspect it's a false
alarm - unless you've sent in to nod and they've confirmed that it is
indeed the trojan their product says it is...

 

[Denney]

if it infected a legitimate file nod would have called it a virus
instead... since it didn't call it a virus and since it's so old and
part of a legitimate application suite i rather suspect it's a false
alarm - unless you've sent in to nod and they've confirmed that it is
indeed the trojan their product says it is...

.. . . and thats exactly what happened (i.e., NOD didn't call it a
virus, its an old file part of a legitimate application and after
sending it to NOD they say it is a trojan). Now this is where I think it
gets more interesting. I've been using NOD32 for over 2 years and it
didn't detect it until very recently. The following links would suggest
that this is an issue that has recently cropped up with MGI PhotoSuite
and some versions of Print Shop Deluxe

http://www.broadbandreports.com/forum/remark,10248589~mode=flat

http://www.broadbandreports.com/forum/remark,10187617~mode=flat

Was this file inserted in these products for some reason and are some of
the AV products only now detecting it? I'll try uninstalling and
reinstalling MGI PhotoSuite from the CD and see if that results in any
detection changes. I'm still looking for a URL by the way with a
definition for this trojan.

This issue is starting to bring back memories of an old "Buggy.Shell"
problem McAfee used to detect on a Compaq Presario I had a few years
back. Seems it thought that a file related to a mouse tutorial was
transmitting sensitive information.


Denney

 

[sunshine]

Can someone point me to a URL with a definition for the above. I've
Googled and read all the forum threads that have come up on the subject
but what I'm really wanting to read is a definition.

Denney

You have to secure your Windows Platform, e-mail and web browser
applications and then install a firewall before putting your computer
on the Internet or you will never be safe from hackers who use your
computers to trade/sell guns, bo*bs, prosititues, drugs and so on. So
when the FBI comes knocking on your door for being a criminal then
don't cry to me.

Tracker
snailmail(valid)[email protected]

 

[Dale Simmons]

Denney <[email protected]> wrote in message

You have to secure your Windows Platform, e-mail and web browser
applications and then install a firewall before putting your computer
on the Internet or you will never be safe from hackers who use your
computers to trade/sell guns, bo*bs, prosititues, drugs and so on. So
when the FBI comes knocking on your door for being a criminal then
don't cry to me.

Tracker
snailmail(valid)[email protected]

The only reason we are crying is from laughing so hysterically.

 

[kurt wismer]

(e-mail address removed) says... [snip]

if it infected a legitimate file nod would have called it a virus
instead... since it didn't call it a virus and since it's so old and
part of a legitimate application suite i rather suspect it's a false
alarm - unless you've sent in to nod and they've confirmed that it is
indeed the trojan their product says it is...

.. . . and thats exactly what happened (i.e., NOD didn't call it a
virus, its an old file part of a legitimate application and after
sending it to NOD they say it is a trojan).

hmmm... it's hard to imagine that it could be anything other than what
they said it is if they analyzed it...

[snip]

I'm still looking for a URL by the way with a
definition for this trojan.

well, good luck with that... i can't find one...

 

[Denney]

(e-mail address removed) says... [snip]

if it infected a legitimate file nod would have called it a virus
instead... since it didn't call it a virus and since it's so old and
part of a legitimate application suite i rather suspect it's a false
alarm - unless you've sent in to nod and they've confirmed that it is
indeed the trojan their product says it is...

.. . . and thats exactly what happened (i.e., NOD didn't call it a
virus, its an old file part of a legitimate application and after
sending it to NOD they say it is a trojan).

hmmm... it's hard to imagine that it could be anything other than what
they said it is if they analyzed it...

[snip]

I'm still looking for a URL by the way with a
definition for this trojan.

well, good luck with that... i can't find one...

I found where NOD32 added detection for WIN32/Ralpha.A on May 21, 2004.
I also uninstalled the MGI PhotoSuite II SE program and then reinstalled
it from the Visioneer Scanner CD that it came on per Eset's suggestion.
The randomize.dll file is installed as part of the installation routine
and it was once again detected. Suffice to say that the file has been
on the computer for a couple of years. I also sent a sample to Etrust
who responded back by saying the file was clean. I'm currently awaiting
a response from Eset on the results of the uninstall\reinstall that I
sent them.

 

[W. K. Mahler]

ya wanna know bout ralph.a

ralph meyer, hyannis, ma

family out in harwich

go watch hbo series...

cop takes guy into bathroom and ,.......him...
oh its about forced sex

he is a back door kinda guy too
and that scene was from the 70's.
but released this decade with "new" footage

and believe it or not that ralph meyer
is that kind backdoor guy
and getting evicted too...


been caught dealing he was
lettin in complete homeless...


this is public record too...

amazing where viruses originate

 

[W. K. Mahler]

"we're the first ones to starve, we're the first ones to die

the first ones in line for that pie in the sky
and we're always the last when the cream is shared out
for the worker is working when the fat cat's about"

--------thats pretty good...


we're amongts the dead, we're amongst the living
all in the name of wholesome truth
all in the name of encompassing love
the rooftops are soaked by rain
carrying the dirt of our lifes stains
carrying the nutrients we need to attain
so we can consider ourselves
soul, spirit, mind body one in the same
one in the same

....from "say" w. k. mahler copyright 2003, w. k. mahler music publishing co.



fat cat...



wkmahler