egghelp/eggheads community

Trojan in eggdrop module false positive ?

2016-08-13T01:53:32-04:00

Because they haven't marked more files and just the seen module makes me think that the file has some piece of code (for instance like writing something in a file) similar to what malicious botnets used, maybe got some inspiration from the seen module..

Anyway, I wouldn't be bothered by this if you got the source from Eggheads.org's website.

Statistics: Posted by caesar — Sat Aug 13, 2016 1:53 am

Trojan in eggdrop module false positive ?

2016-08-12T14:03:16-04:00

I would assume they (Avast) classify it as a positive trojan, as eggdrops have been used to power malicious botnets in the past. To be honest, I'd almost expect them to classify any irc-client as an intrusion or trojan...

Sadly, I doubt they'll change their minds about it. Best bet is to get the binaries from a trusted source, or build them yourself, and do whatever you can to whitelist the file on your system.

Statistics: Posted by nml375 — Fri Aug 12, 2016 2:03 pm

Trojan in eggdrop module false positive ?

2016-08-11T01:27:14-04:00

I got the seen.so file from my own eggdrop that i know for sure i got from the official source and the virus scan has the same result.

Statistics: Posted by caesar — Thu Aug 11, 2016 1:27 am

Trojan in eggdrop module false positive ?

2016-08-10T20:39:41-04:00

I uploaded the file to

Code:

https://mega.nz/#!cYsRhZzY

so they can scan.
encryption key for file:

!MUKHc7zBoMixKVPaw3VEZ7ra8TBsAZ5LqN80b430L9Y

I do not remember where I downloaded this eggdrop .
I used to download it from the official website, but this was a while ago.

Statistics: Posted by juanamores — Wed Aug 10, 2016 8:39 pm

Trojan in eggdrop module false positive ?

2016-08-10T02:30:26-04:00

If and only if you got the eggdrop1.6.21.tar.gz (or whatever version you are using) from the official source aka. Eggheads.org site, then grab the non-compiled seen.c from the archive located in eggdrop1.6.21/src/mod/seen.mod, tell them that they are idiots cos it's a false positive result and uninstall the product.

I just got the seen.c file and here (link) is the virustotal result.

Statistics: Posted by caesar — Wed Aug 10, 2016 2:30 am

Trojan in eggdrop module false positive ?

2016-08-09T19:06:48-04:00

I sent the file to AVAST Laboratory.
I have confirmed that the virus detection is correct.
The truth is I do not think it virus.

I do not think 52 antivirus mistake .
It is a false positive!

This said AVAST :

Buenos días

Gracias por ponerse en contacto con Avast y enviarnos la muestra

El laboratorio de virus me informa de que es realmente un virus y la detección es correcta.

Reciba un cordial saludo

Statistics: Posted by juanamores — Tue Aug 09, 2016 7:06 pm

Trojan in eggdrop module false positive ?

2016-08-09T01:20:41-04:00

False positive, nothing to worry about unless you got the file from another source other than the official one that might have tampered with the files.

Statistics: Posted by caesar — Tue Aug 09, 2016 1:20 am

Trojan in eggdrop module false positive ?

2016-08-08T21:04:18-04:00

I made a backup of my VPS on my PC and Avast antivirus detect a trojan in a file.
The path: \eggdrop\modules-1.6.21\
The file: seen.so
Detection: ELF:IRCBot-D [Trj]

Most likely is a false positive.
I've scanned the file using web total virus and here are the results:
https://www.virustotal.com/es/file/9747 ... 470704763/

Only Avast detect virus of 53 AVs.

Statistics: Posted by juanamores — Mon Aug 08, 2016 9:04 pm