Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Has the app been infected by virus ?

ClamXav said: Music Guess 3.0 1 was infected by Trojan.Downloader-71107 ,


and on https://www.virustotal.com


the scan result is :



SHA256: 05f44eb5e76f60685c2ee0b359f22531809501d4690e6a94ff307c70306de578
File name: Music Guess 3.0 1.ipa
Detection ratio: 40 / 47
Analysis date: 2013-05-21 22:46:22 UTC ( 3 days, 4 hours ago )



User uploaded file



0



0


More details


Agnitum Worm.Autoit.AAN 20130521
AhnLab-V3 Win32/Yahlover.worm.808448 20130521
AntiVir TR/Crypt.XPACK.Gen 20130522
Antiy-AVL 20130521
Avast AutoIt:AutoRun-B [Wrm] 20130521
AVG Downloader.Agent2.WQU 20130521
BitDefender Trojan.Downloader.JMGF 20130522
ByteHero 20130517
CAT-QuickHeal 20130520
ClamAV 20130522
Commtouch W32/Downloader.AXVV-1156 20130521
Comodo TrojWare.Win32.TrojanDownloader.Agent.cfhlk 20130522
DrWeb Trojan.DownLoad.5589 20130522
Emsisoft Trojan.Downloader.JMGF (B) 20130522
eSafe 20130520
ESET-NOD32 Win32/AutoRun.Autoit.P 20130521
F-Prot W32/Downldr2.GAMK 20130521
F-Secure Trojan.Downloader.JMGF 20130521
Fortinet W32/Agent.FDR!tr 20130521
GData Trojan.Downloader.JMGF 20130522
Ikarus Worm.Win32.AutoIt 20130521
Jiangmin Trojan/Agent.hzpo 20130520
K7AntiVirus EmailWorm 20130521
K7GW Trojan 20130521
Kaspersky Worm.Win32.AutoIt.sp 20130522
Kingsoft VIRUS_UNKNOWN 20130506
Malwarebytes Worm.Email.ILY 20130522
McAfee Generic.tra!e 20130522
McAfee-GW-Edition Generic.tra!e 20130522
Microsoft Worm:Win32/YahLover.C 20130522
MicroWorld-eScan 20130522
NANO-Antivirus Trojan.Win32.Hider.wsbk 20130521
Norman Obfuscated.H2!genr 20130521
nProtect Trojan.Downloader.JMGF 20130521
Panda W32/Sohanat.DD.worm 20130521
PCTools Malware.Imaut!rem 20130521
Rising Worm.Win32.Agent.wx 20130521
Sophos Mal/Sohana-A 20130521
SUPERAntiSpyware 20130521
Symantec W32.Imaut.AA 20130522
TheHacker Trojan/AutoRun.Autoit.p 20130521
TotalDefense Win32/YahLover.IJ 20130521
TrendMicro TROJ_SPNR.03DQ11 20130522
TrendMicro-HouseCall TROJ_SPNR.03DQ11 20130521
VBA32 Trojan.Scar 20130521
VIPRE Trojan.Win32.AutoIt.gen.4 (v) 20130521
ViRobot Worm.Win32.Autoit.697234 20130521


The problerm is whether it had been infected by Win32... virus ?


the result is right ?


thanks.

iPod touch, iOS 6.1

Posted on May 24, 2013 8:02 PM

Reply
7 replies

May 24, 2013 9:42 PM in response to moocing

moocing wrote:


ClamXav said: Music Guess 3.0 1 was infected by Trojan.Downloader-71107

The signature for that Infection name is the MD5 hash "0bc2c53340d230485f26347d58673c22"


I can't tell exactly when it was added to the ClamAV® database, but it must have been before 15 Jun 2009 according to this when it was submitted by VirusTotal with a BitDefender name of "Worm.Generic.63323" so yet another name.

The problerm is whether it had been infected by Win32... virus ?

It wouldn't be the first time.


The only mystery to me is why it ClamAV didn't catch it on VirusTotal. Did you actually upload your file, or just locate this entry with the same name?


I'll poke around and see if whatelse I can find, but reporting your findings to Apple Security would be a good first step.

May 24, 2013 10:10 PM in response to moocing

Poking around the iPhone AppStore, I can find Music Guess Quiz 3.0 and Music Guess Lite 1.4, but no Music Guess 3.0.1. And the reviews aren't very good for the former.


The "Developer Web Site" is a Facebook page for Music Guess but the AppStore link takes me back to Music Guess Quiz.


His other web site came up "Unavailable" and it's WOT rating isn't good due to "Site blacklisted at ws.surbl.org".


So my best guess would be that the version you have has already been taken down and may have been the one I read about.


Edit: I found a support site that seems to work and have a better rating, here.


Message was edited by: MadMacs0

May 24, 2013 10:43 PM in response to moocing

OK, I think I figured out one problem. The name of the file is actually Music Guess 3.0.ipa, so the 1 that you after 3.0<space> must have been added during the download process.


So I downloaded it for myself, scanned it with ClamXav and got the same results you did.


I uploaded it to VirusTotal and got results similar to yours (different hashes and one more detection) here.


Opening the file with Pacifist, the only thing I found that looked suspicious was contained inside "/Contents of Music Guess 2.0.ipa/Payload/Project.app/FBConnect.bundle/" which had a folder full of images along with a Windows self-extracting file called "FBConnect.bundle.exe". Scanning that with ClamXav gives me "Trojan.Downloader-71107" again.

May 25, 2013 2:39 AM in response to moocing

MadMacs0 has done some good work here, which should set your mind at ease. Most likely, that file that is being identified as malware is some kind of Windows malware that was included by mistake. This isn't the first time we have seen Windows malware accidentally included in a Mac or iOS app, usually because some of the files used have been handled by an infected Windows machine. In any event, that malware cannot affect you in any way. Since that malware is encapsulated inside something that cannot possibly run on Windows, it should be safe even if you're syncing your iPod to a Windows machine. You would have to delve into the Music Guess 3.0.ipa file on Windows and run that malicious .exe file manually in order for it to hurt you.

May 26, 2013 2:04 AM in response to MadMacs0

Thank every one 🙂


------------------------------------------

OK, I think I figured out one problem. The name of the file is actually Music Guess 3.0.ipa, so the 1 that you after 3.0<space> must have been added during the download process.


MadMacs0: yes, should be this situation.



------------------------------------------


I had deleted the app whatever.


God save us 😀

Has the app been infected by virus ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.