You are here

Malware found in PDFTK Builder Portable

17 posts / 0 new
Last post
JDmacroman
Offline
Last seen: 14 years 5 months ago
Joined: 2011-05-14 12:28
Malware found in PDFTK Builder Portable

Sounded like a good app to be able to use, but not if it's going to have Malware.

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2008-08-26 14:11
Most likely a false positive

But since you don't say what detected it, no one can be of any help...

The minimum you could do is send the file to virustotal.com and report back here with the results.

More than likely there will only be 1 or 2 results.

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Simeon
Simeon's picture
Offline
Last seen: 11 years 1 week ago
DeveloperTranslator
Joined: 2006-09-25 15:15
false positive

What antivirus are you using?
I just checked with VirusTotal and it was clean.

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

DClark
Offline
Last seen: 14 years 4 months ago
Joined: 2011-05-26 17:16
Malware in PDFTK

I've been a big fan of the PDF TK portable version and use it at work - often recommending it to others. We have Sophos AV at work. However, at home when I installed it on my PC (I use portable apps when they exist) my AVG Free found malware on it. I immediately uninstalled it and cleaned my system. Not sure if that helps track it down. But I'm more careful now and it will take a lot more to convince me that it's clean.

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2008-08-26 14:11
Finally we are getting somewhere...

Well, did you submit it to AVG?
Did you check at Virustotal?

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

depp.jones
Offline
Last seen: 1 hour 22 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
Blind faith in antivirus

Blind faith in antivirus solutions can cause trouble. I can fully understand the worries that are stirred up by virus alerts as you have to depend on something, even if that's the overzealous antivirus software. The worst part of it can be panic reactions. In your case you got of lightly, others may have formatted their system drive.
I am quite shure, that PDFTK Portable is clean and AVG is defective again.

Chris Morgan
Chris Morgan's picture
Offline
Last seen: 10 years 4 months ago
Joined: 2007-04-15 21:08
Or infected elsewhere

Rather, we should say that what we ship is clean of all malware. It is ever possible that other malware has infected the executable so that AVG is not barking up the wrong tree. Try installing it again and see if AVG still complains; if it does, it's a false positive (or it's been infected during installation, which is far less likely). Uploading your own copy to VirusTotal is a good way to check.

I am a Christian and a developer and moderator here.

“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1

depp.jones
Offline
Last seen: 1 hour 22 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
Good point! I always forget

Good point! I always forget that possibility. I have to admit that I am not unbiased when I think of antivirus programs, although I shurly use them. I think I sometimes just overshoot. Wink
I will keep that in mind, for shure, thanks for another helpful reminder!

DClark
Offline
Last seen: 14 years 4 months ago
Joined: 2011-05-26 17:16
Update

OK, so you've finally convinced me to reinstall PDFTK and I did from your site (like I always do). Of course I scanned the file from the shell extension with AVG before and after installing it.

AVG still alerts with the same information:
File name: C:\PROGRAM FILES\PDFTKBUILDERPORTABLE\APP\PDFTKBUILDER\PDFTKBUILDER.EXE
Threat name: Agent2.CKDB
Category: Trojan
Description: This is a known Trojan/Backdoor

If I can provide any more information let me know. I've tried scanning the individual executable and AVG is fine with it until I try to actually execute it. Then I get this issue.

I cannot submit it to AVG because they don't offer support for free.avg.com.

==================================================

I have submitted the installed .exe file that AVG chokes on to VirusTotal and get the following:

File name:
PDFTKBuilder.exe
Submission date:
2011-06-27 19:03:24 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 42 (0.0%)

Additional information
Show all
MD5 : 48b9f5919d87cb82c4de7961ba7a8de2
SHA1 : 0cb051bbc00e0e5446482d7a57b5ea9ba368c155
SHA256: beb641d62d17daa8f911891033360d7d8f8769fdb46910baf5d1385a3c0ebe85

Once again, AVG does not return any warnings when scanning the .exe file - only when it executes.

Please forgive me for my ignorance. I do not mean to post and leave you all hanging. It's just that I don't understand everything yet. Thanks for the tips. Maybe I just have to pay for a real AV software like Norton...it's just that AVG has always done what I needed for free. Thanks everyone.

Simeon
Simeon's picture
Offline
Last seen: 11 years 1 week ago
DeveloperTranslator
Joined: 2006-09-25 15:15
hm

I just run it to the 2 scanner pages (Virustotal and Jotti) and it was 100% clean in both. That points to an AVG-specific issue.

I cant really help you here.

Does anyone know why AVG does behave differently if the file is scanned vs opened?

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

solanus
solanus's picture
Offline
Last seen: 11 years 1 week ago
Joined: 2006-01-21 19:12
A couple of suggestions

First, according to their FAQ, AVG actually does provide a way to report false positives:
http://free.avg.com/us-en/faq.num-2606.pnuid-faq_v3_virus_8_root#num-2437

Second, there's another quality free antivirus software that you can try - Avast.
I've been using it for years with great satisfaction.

I made this half-pony, half-monkey monster to please you.

Gerard Hofman
Offline
Last seen: 11 months 1 week ago
Joined: 2011-05-28 16:29
PDFTK Builder includes trojan-horse alerts AVG

AVG reports trojan-horse; Agent2.ckdb, when start PDFTK Builder.
When I send it to virus total, ther is no report; wow totally clean.

After a new and clean installation the same alert of AVG.

I believe this is a mismatch of AVG, or........

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2008-08-26 14:11
What file?

For the third time in this thread, what file exactly is it alerting on...

Have you submitted it to AVG?

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

solanus
solanus's picture
Offline
Last seen: 11 years 1 week ago
Joined: 2006-01-21 19:12
Maybe it's time we have a whole separate forum for

Maybe it's time we have a whole separate forum for virus and malware reports. I've seen these cropping up with increasing frequency, but so far every single one has been a false positive, if they've gotten their apps from here using the official mirrors.

I made this half-pony, half-monkey monster to please you.

spg SCOTT
spg SCOTT's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2008-08-26 14:11
Dubious postings?

Is it just me that is just a little suspicious with this kind of postings?

This is not the first thread where the OP, and subsequent posters only have the one post that is to report a "Trojan" or "Malware"

The threads all have very definite titles, and with no responses...

You get the idea...maybe it is just me, I'm really trusting you know Blum

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

depp.jones
Offline
Last seen: 1 hour 22 min ago
DeveloperTranslator
Joined: 2010-06-05 17:19
On the other hand, as many

On the other hand, as many false positives seem to come from using UPX, what about switching to uncompressed apps? Size does not really matter nowadays (try to fill up the smallest reasonable drives (2GB) with a normal set of apps and power users normally use bigger drives) and speed wise I think it is negligible.

solanus
solanus's picture
Offline
Last seen: 11 years 1 week ago
Joined: 2006-01-21 19:12
Downloads still matter

While drive space has become larger and cheaper, broadband speeds have not really changed much; and since the updater does not appear to use any type of download acceleration, megabytes matter when downloading the installers.

I think it's really time that major virus scan providers learn to deal with UPX. It's used everywhere, not just with PortableApps.

I made this half-pony, half-monkey monster to please you.

Log in or register to post comments