Results 1 to 7 of 7

Thread: Win32.Trojan.Spy.Ardamax.t - False Positive?

  1. #1
    matamata Guest

    Default Win32.Trojan.Spy.Ardamax.t - False Positive?

    My latest ZASS scan alerted me that I was infected with Win32.Trojan.Spy.Ardamax.t and advised deletion. But it points to Steam.exe, which is the Steam Games application.
    Can this be verified as a false positive? Thanks for any advice.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    mortimer Guest

    Default Re: Win32.Trojan.Spy.Ardamax.t - False Positive?

    Same problem here

  3. #3
    polhudo Guest

    Default Re: Win32.Trojan.Spy.Ardamax.t - False Positive?

    I've got the same problem... is that whit all steam users?
    This is a bit strange, because I know how to kill the AKL but he doesn't seems to appear in the Computer Register.

    We need help!!

  4. #4
    gratzy Guest

    Default Re: Win32.Trojan.Spy.Ardamax.t - False Positive?

    Same here. Unfortunately ZA decided to treat (I have it set for automatic treatment for Trojans) and quarantined the whole Steam folder, files and shortcuts.My desktop looked funny and empty afterwards, with all of the shortcuts removed. Wish I was home to stop it.Any idea what's happening here? I never used any hacks or other third-party software for Steam apps.

    OS: Win XP SP3ZA Pro 7.0 with Anti-Spyware update 8/5/08

  5. #5
    mrgarryjones Guest

    Default Re: Win32.Trojan.Spy.Ardamax.t - False Positive?

    I am getting exactly same problem Win32.Trojan.Spy.Ardamax.t coming from Steam.exe
    I googled it and Win32.Trojan.Spy.Ardamax.t is an Keylogger I want go to on my steam games but don't want to be keylogged logging in.

  6. #6
    lotushead Guest

    Default Re: Win32.Trojan.Spy.Ardamax.t - False Positive?

    Hiya ~

    XP Pro, ZoneAlarm Security Suite version:7.0.483.000, **bleep** Free Edition v10

    Same here, yesterday I set it to Delete and had to reinstall Steam (new download) since ZA removed the entire application.
    Today, same result, I uploaded Steam.exe to www.virustotal.com (http://www.virustotal.com/analisis/c...88b55a13c2a350)
    and got these results:

    File Steam.exe received on 08.06.2008 15:16:51 (CET)
    Current status: finished
    Result: 1/36 (2.78%)
    Compact Compact
    Print results

    Antivirus Version Last Update Result
    AhnLab-V3 2008.8.6.2 2008.08.06 -
    AntiVir 7.8.1.15 2008.08.06 -
    Authentium 5.1.0.4 2008.08.05 -
    **bleep** 4.8.1195.0 2008.08.05 -
    AVG 8.0.0.156 2008.08.06 -
    **bleep** 7.2 2008.08.06 -
    CAT-QuickHeal 9.50 2008.08.06 -
    ClamAV 0.93.1 2008.08.06 -
    DrWeb 4.44.0.09170 2008.08.06 -
    eSafe 7.0.17.0 2008.08.05 -
    eTrust-Vet 31.6.6015 2008.08.06 -
    Ewido 4.0 2008.08.06 -
    F-Prot 4.4.4.56 2008.08.05 -
    F-Secure 7.60.13501.0 2008.08.06 Suspicious:W32/Ciadoor.ar!Gemini
    Fortinet 3.14.0.0 2008.08.06 -
    GData 2.0.7306.1023 2008.08.06 -
    Ikarus T3.1.1.34.0 2008.08.06 -
    K7AntiVirus 7.10.405 2008.08.06 -
    Kaspersky 7.0.0.125 2008.08.06 -
    McAfee 5354 2008.08.05 -
    Microsoft 1.3807 2008.08.06 -
    NOD32v2 3332 2008.08.06 -
    Norman 5.80.02 2008.08.06 -
    Panda 9.0.0.4 2008.08.06 -
    PCTools 4.4.2.0 2008.08.06 -
    Prevx1 V2 2008.08.06 -
    Rising 20.56.22.00 2008.08.06 -
    Sophos 4.31.0 2008.08.06 -
    **bleep** 3.1.1537.1 2008.08.06 -
    Symantec 10 2008.08.06 -
    TheHacker 6.2.96.393 2008.08.04 -
    TrendMicro 8.700.0.1004 2008.08.06 -
    VBA32 3.12.8.2 2008.08.05 -
    ViRobot 2008.8.6.1326 2008.08.06 -
    VirusBuster 4.5.11.0 2008.08.05 -
    Webwasher-Gateway 6.6.2 2008.08.06 -

    Additional information
    File size: 1271032 bytes
    MD5...: 5136ced31148edf861b5f42f094f2bd7
    SHA1..: 4ab7819b098e3c34dc3f3795f6699af7e34cd53f
    SHA256: 15473a99cea03e1d1d1394be854f81a258ef14f3a06e8e81cb 333ddc79bb2581
    SHA512: 0758a933d87aabb3bc2169b8ef160745a3db66e7917bd65dfb fd4ba53aea6597
    d5af900ef5ed04b261d76e6a155492c920d6107487e230ead3 6164b1ded9980d
    PEiD..: -
    PEInfo: PE Structure information

    ================================================== ====================

    Only FSecure thought the file could be infected, that's a 2.78% chance
    of a Virus... Not enough to delete it again?

    I did a further search on the 1 hit (as above) F-Secure 7.60.13501.0 2008.08.06 Suspicious:W32/Ciadoor.ar!Gemini
    Found the following site that offers a free scanner with mention of the ciadoor trojan.
    http://www.liutilities.com/products/campaigns/slib/se/

    Downloaded and did a scan (free scan, cant remove anything without licence)
    It also found nothing of value (some tracking cookies and Malware (Microsoft IE default about.blank homepage)
    I also updated my old trusty Spybot - Search & Destroy (v1.60) and did a scan, also nothing.

    Has ZA gone MAD? Anyone?

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Win32.Trojan.Spy.Ardamax.t - False Positive?

    Hi!ensure your AV/AS is up-to-date and then if the malware is quarantined in the spyware section, report it to ZA (as false positive) to get it fixed.http://www.zonealarm.com/store/conte...are_report.jspInclude as much details as possible and a download link to get if fixed faster...Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •