Trojan in Append Patch?

Posted in

#1 by sanahtlig
2014-07-17 at 04:45
I was downloading the append patches from Holyseal (link) when Chrome blocked the May Append Life patch (PC_APPEND-LIFE_MAY.zip). This surprised me because I'd never seen Chrome block a download before. I restored the file and scanned it with Norton Internet Security, which identified it as a Trojan and removed it. I tried scanning it with VirusTotal, but the file size was too large and it wouldn't scan the zip archive.

The other Append Life patches and 1.01 patch were not blocked by Chrome.Last modified on 2014-07-17 at 06:30
#2 by kratoscar2008
2014-07-17 at 05:26
I think so, i downloaded it from animesharing instead.

link
#3 by sanahtlig
2014-07-17 at 06:08
That mirror creator site the May Append Life file from the animesharing thread is "hosted' on is pretty sketchy. By default the download is bundled with an adware installer, with the option to not install it greyed out. To get the unmodified file, you actually have to uncheck a box on the final download page.Last modified on 2014-07-17 at 06:21
#4 by merup
2014-07-17 at 06:18
there are no trojans in holyseal downloads. These are normal .zip archives.

upd Maybe it scans the zip contents. Even if so, it is perfectly safe. Just delete the .exe and manually copypaste the rest to the main PxC directory. Overwrite when/if asked.Last modified on 2014-07-17 at 06:23
#5 by sanahtlig
2014-07-17 at 06:27
I scanned the patch.exe file from a third source. Oddly enough, Chrome didn't flag this one.

Virus Total results

15/54 antivirus scanners flagged it as a trojan. That's somewhat concerning considering this is supposed to be an official patch, not an unofficial hacking program like Interactive Text Hooker. I wonder if the developers bundled some sort of DRM or spyware with it.Last modified on 2014-07-17 at 06:34
#6 by sanahtlig
2014-07-17 at 06:46
I scanned the June Append Life patch with the same result. Apparently the patch.exe file is a recurring culprit, although as merup explained it's probably possible to install the updates without using the patch.exe file.

This however doesn't explain Chrome's behavior, as Chrome rejects some files from HolySeal and not others, and rejects the same file from HolySeal but not on other sites.Last modified on 2014-07-17 at 06:47
#7 by verifonix
2014-07-17 at 20:52
Trojan.Generic/Trojan.Suspect probably isn't an actual trojan though. But just to be safe you could install it without the .exe like merup says.

Reply

You must be logged in to reply to this thread.