1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XRumer Demo with Trojan?

Discussion in 'Black Hat SEO' started by SebastianJu, Jan 5, 2010.

  1. SebastianJu

    SebastianJu Power Member

    Joined:
    Mar 27, 2008
    Messages:
    679
    Likes Received:
    130
    I downloaded the XRumer Demo and got a warning from Antivir that the xrumer.exe is a trojan.

    13 of 41 scanner of Virustotal.com says its a Trojan too.

    Code:
    http://www.virustotal.com/de/analisis/742285666b72abcc3c285b1a1553aeb7959c1e140a55534979e33dfc93b31842-1262704749
    So what is it? A false positive because of what? Or a good hidden Trojan that only some scanner finds?

    Is it the same with the xrumer.exe of the normal version?
     
  2. SebastianJu

    SebastianJu Power Member

    Joined:
    Mar 27, 2008
    Messages:
    679
    Likes Received:
    130
    But its from the official site of Xrumer... Cant believe they would risk their business by doing that...

    Edit: On the other hand... Botmaster would have a new meaning then... :)
     
  3. Hyperion

    Hyperion Regular Member

    Joined:
    Apr 21, 2009
    Messages:
    307
    Likes Received:
    59
    Location:
    Treasure Island
    Russians... On the other hand, it says that the trojan is a downloader, I don't know how they update their program.
     
  4. boobooboy

    boobooboy Regular Member

    Joined:
    Jan 11, 2009
    Messages:
    340
    Likes Received:
    70
    You just gotta trust botmaster. You don't have much of a choice. Maybe it's listed their because it's a spam tool according to some.
     
  5. SebastianJu

    SebastianJu Power Member

    Joined:
    Mar 27, 2008
    Messages:
    679
    Likes Received:
    130
    But a spamtool wouldnt have something to do with Trojan-Downloader... And it would probably be hard to have suddenly a xrumer.exe on the own pc when you didnt bought it... So no need to implement this thing into virusscanners...
    Or if it would be implemented, for example useful for businesses that want to check the activity of their employees, it wouldnt be recogniced as a Trojan-Downloader but instead of a not suitable program...
     
  6. d3t0x

    d3t0x Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 28, 2008
    Messages:
    1,954
    Likes Received:
    780
    Location:
    Vancouver, BC
    it's not a trojan. botmaster is trusted by thousands of users you have nothing to worry about he would not want to ruin his reputation.
     
  7. j0b0123

    j0b0123 Regular Member

    Joined:
    Oct 30, 2009
    Messages:
    262
    Likes Received:
    218
    Occupation:
    professional trader - stocks, forex, futures
    Location:
    Las Vegas, USA
    Home Page:
    the other possibility is you have several trojans on your PC itself which are infecting downloads. Meaning you download X, when it comes onto your pc, something attaches itself or does something - just a thought.
     
  8. SebastianJu

    SebastianJu Power Member

    Joined:
    Mar 27, 2008
    Messages:
    679
    Likes Received:
    130
    Could be easily found out when another person downloads. But I dont think thats the case because: The file I scanned was scanned before multiple times in virustotal. So the exe cant be changed. And I downloaded a lot things the last days and such thing didnt happen to another download...
     
  9. mil0x

    mil0x Power Member

    Joined:
    May 27, 2008
    Messages:
    702
    Likes Received:
    643
    Occupation:
    ??
    Location:
    Somewhere on the net..
    Why download the demo anyways? All you can do is make 1 post to show that the program works. You're serious about the trojan? :D:rolleyes:
     
  10. SebastianJu

    SebastianJu Power Member

    Joined:
    Mar 27, 2008
    Messages:
    679
    Likes Received:
    130
    Didnt know the demo is so limited. I wanted to test Hrefer but it wasnt included in the demo as far as I see...
    In the filecheck of virustotal checked in november last year only 9 scanner found a virus. Now 13. So im wondering whats the thing there... Im sure there are files with false positives but 13 false positives? Its not a crack or something. There I would see that its sometimes possible to use code that can be seen as virus but a legit demo?
     
  11. mil0x

    mil0x Power Member

    Joined:
    May 27, 2008
    Messages:
    702
    Likes Received:
    643
    Occupation:
    ??
    Location:
    Somewhere on the net..
    I've responded to this a long time ago. With this kind of mindset you're not ready for xRumer.

     
  12. SebastianJu

    SebastianJu Power Member

    Joined:
    Mar 27, 2008
    Messages:
    679
    Likes Received:
    130
    Ok, I see your point. But still wondering what makes a legit software exe seen as a trojan. What kind of code has to be implemented that avs alerts.

    But I doubt this can be answered here. So never mind...
     
  13. mil0x

    mil0x Power Member

    Joined:
    May 27, 2008
    Messages:
    702
    Likes Received:
    643
    Occupation:
    ??
    Location:
    Somewhere on the net..
    FYI xRumer is not really classified as a 'legit software' ;)
     
  14. Benditer

    Benditer Junior Member

    Joined:
    Aug 13, 2009
    Messages:
    125
    Likes Received:
    37
    Occupation:
    Many
    Location:
    Future
    Those who think that botmaster is to be trusted...think again. I am pretty sure that even the full version (the exe archive) comes packed with an ill famed virus that can very well steal your credit card info and so on. If the warning given by antivirus is something like 'spam tool' then that's understandable but anything else, I won't take that lightly. So guys, just because u have spent $540 on that piece of software don't think that "botmaster" will not give u some free bots as a gift. There is a reason that he calls himself by that name. And then thr is a reason that he is banned on BHW.
     
  15. swishahouse

    swishahouse Newbie

    Joined:
    Jan 20, 2009
    Messages:
    14
    Likes Received:
    1
    Occupation:
    DJ
    Location:
    127.0.0.1
    botmaster is legit, end of story

    if he wanted to spread a bot that stored and sent him your cc info he wouldn't put it in $540 software that's mainly ran on dedicated servers
     
  16. Zakk-

    Zakk- Junior Member

    Joined:
    Sep 16, 2009
    Messages:
    141
    Likes Received:
    15
    Although, the idea is fairly smart. Produce software that would be ran on powerful dedi servers, spread it (and earn money at the same time) and have thousands of bots with great connections on hosts that probably don't care much about spam. It would be a powerful botnet.

    (Note: I'm not saying Xrumer has any of this, just saying that the concept isn't absurd)
     
  17. jenniferarico

    jenniferarico Registered Member

    Joined:
    Feb 3, 2010
    Messages:
    97
    Likes Received:
    2
    I don't think its a trojan.If you really got that from their official site then it is well enough to work with.
     
  18. bluegarden

    bluegarden Regular Member

    Joined:
    May 7, 2010
    Messages:
    305
    Likes Received:
    56
    AVAST Antivirus reports the Xrumer demo as trojan too.

    i got the demo at SEnuke http://www.botmasternet.com

    let me know if this is the legit site of Xrumer..
     
  19. blazen

    blazen Regular Member

    Joined:
    Mar 8, 2008
    Messages:
    471
    Likes Received:
    147
    bluegarden that is the legit site. Also xrumer do not have harmful trogans, those are false positives. Botmaster would not ruin his business reputation.
     
  20. Kid Shaleen

    Kid Shaleen Regular Member

    Joined:
    Oct 29, 2009
    Messages:
    250
    Likes Received:
    63
    There are times when legitimate programs get attacked because they innocently trigger one of the AI's that anti-virus programs use. I know programs that create a variety of serial numbers and registrations are particularly prone to being listed, falsely, as virii.

    I don't imagine it is too difficult for other programs like xrumer to be similarly categorized, especially given some of their features.

    And if you're still worried, run the demo sandboxed.