Has the app been infected by virus ?

Strange. Different Antiviruses show different types of viruses. Apple poses stringent policies in accepting apps so this might be fake or apple might haven't realised as well. Try reporting this app in App Store or contact Support through mail and tell them!

moocing wrote:

ClamXav said: Music Guess 3.0 1 was infected by Trojan.Downloader-71107

The signature for that Infection name is the MD5 hash "0bc2c53340d230485f26347d58673c22"

I can't tell exactly when it was added to the ClamAV® database, but it must have been before 15 Jun 2009 according to this when it was submitted by VirusTotal with a BitDefender name of "Worm.Generic.63323" so yet another name.

The problerm is whether it had been infected by Win32... virus ?

It wouldn't be the first time.

The only mystery to me is why it ClamAV didn't catch it on VirusTotal. Did you actually upload your file, or just locate this entry with the same name?

I'll poke around and see if whatelse I can find, but reporting your findings to Apple Security would be a good first step.

Poking around the iPhone AppStore, I can find Music Guess Quiz 3.0 and Music Guess Lite 1.4, but no Music Guess 3.0.1. And the reviews aren't very good for the former.

The "Developer Web Site" is a Facebook page for Music Guess but the AppStore link takes me back to Music Guess Quiz.

His other web site came up "Unavailable" and it's WOT rating isn't good due to "Site blacklisted at ws.surbl.org".

So my best guess would be that the version you have has already been taken down and may have been the one I read about.

Edit: I found a support site that seems to work and have a better rating, here.

Message was edited by: MadMacs0

OK, I think I figured out one problem. The name of the file is actually Music Guess 3.0.ipa, so the 1 that you after 3.0<space> must have been added during the download process.

So I downloaded it for myself, scanned it with ClamXav and got the same results you did.

I uploaded it to VirusTotal and got results similar to yours (different hashes and one more detection) here.

Opening the file with Pacifist, the only thing I found that looked suspicious was contained inside "/Contents of Music Guess 2.0.ipa/Payload/Project.app/FBConnect.bundle/" which had a folder full of images along with a Windows self-extracting file called "FBConnect.bundle.exe". Scanning that with ClamXav gives me "Trojan.Downloader-71107" again.

MadMacs0 has done some good work here, which should set your mind at ease. Most likely, that file that is being identified as malware is some kind of Windows malware that was included by mistake. This isn't the first time we have seen Windows malware accidentally included in a Mac or iOS app, usually because some of the files used have been handled by an infected Windows machine. In any event, that malware cannot affect you in any way. Since that malware is encapsulated inside something that cannot possibly run on Windows, it should be safe even if you're syncing your iPod to a Windows machine. You would have to delve into the Music Guess 3.0.ipa file on Windows and run that malicious .exe file manually in order for it to hurt you.

I heard back from Apple Product Security this morning:

Thank you for forwarding this issue to us. We are taking another look at the app in question.