Heads up for a virus G.V. Katzy | Cakewalk Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Cakewalk
- Products
- Support

Mark Thread UnreadFlat Reading Mode ❐

Heads up for a virus G.V. Katzy

Author Post Essentials Only Full Version
Kalle Rantaaho Max Output Level: -5 dBFS Total Posts : 7005 Joined: 2006/01/09 13:07:59 Location: Finland Status: offline 2013/02/26 14:38:42 (permalink) Heads up for a virus G.V. Katzy I made a full check of my laptop yesterday. The security program spotted malware Generative Variant Katzy in the zip-file including Klanghelms free DC1A compressor. The file was unzipped and I havent installed it on my music PC yet, even though I moved the zip-file there long ago. I dl'd it from Klanghelms site. Below I have pasted my experiences of the Generative Variant Katzy from about a year ago.. Really not something you want to get. I wonder if any of you have made aquaintance of Generative Variant Kazy. What a menace. It's a malware that can (if I have understood correctly what I've read) hide for example inside a pdf-file, and trick you protection software enough to get onto your screen as a virus-warning, for example, and then download a trojan. It attacked the PC of a friend. Simultaneously the protection software announced it had spotted the intruder and it is eliminated, but that was about two seconds too late. It made the whole Documents and Settings-folder disappear in about ten seconds. The whole user account and everything related disappeared from the screen. Pressing Window-E I could open "My Computer"-view, just to see that all files and folders were reported empty. Then I could sneak in through the kitchen door using Nokias media synchrozing application Ovi, and I could verify, that the data had not been physically destroyed, and seemingly, I could copy data on a memory stick. The stick showed exactly the same amount of content that was transferred, but tryin to open the files I got a "This file is empty"-message. Luckily, I could help her out by salvaging the data using a Linux based Knoppix-disc. The whole drive had to be formatted. What's especially annoying here is, that the person, as well as I am, was using F-Secures protection software, which is about the best, heaviest and most expensive there is. So, you really can't be sure about any post or files you receive..I'm even more convinced now that having no internet on my music PC is the right decision, even though I take care of my backups. What if the backup HDD is connected when this malware attacks!!?? Heartattack, stroke...younameit!! post edited by Kalle Rantaaho - 2013/02/28 15:00:21 SONAR PE 8.5.3, Asus P5B, 2,4 Ghz Dual Core, 4 Gb RAM, GF 7300, EMU 1820, Bluetube Pre - Kontakt4, Ozone, Addictive Drums, PSP Mixpack2, Melda Creative Pack, Melodyne Plugin etc. The benefit of being a middle aged amateur is the low number of years of frustration ahead of you. #1 12 Replies Related Threads
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/02/27 18:20:36 (permalink) It might be a good idea to actually research as to where the source of your particular infection is coming from. I've just downloaded a bunch of files from Klanghelm's site including the one you suspected and they are all clean. A quick internet search shows that you are currently the only person in the whole wide web citing anything from Klanghelm as being an issue. It's pretty bad form if you go round flagging up some developers site as being the cause of a virus outbreak without specific evidence to back it up. The poor guy is trying to sell plugins for a living. I'd say you and your 'friend' are both getting it from a common source but it ain't this one. The best advice I can think of before you install ANY download is to image before, so you can restore afterward. System restore doesn't cut it and there is no such thing as successfully removing a virus from an infected machine yet some folk spend days and weeks trying. Nothing wrong with having a music PC connected to the internet 24/7 btw, many people do these days, a much worse idea is getting viruses on your music PC like you clearly have. post edited by Jonbouy - 2013/02/27 18:35:04 "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #2
Kalle Rantaaho Max Output Level: -5 dBFS Total Posts : 7005 Joined: 2006/01/09 13:07:59 Location: Finland Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/02/28 14:34:54 (permalink) I'm aware of how questionable it is to mention the name of a respectable company in this kind of connection. However, F-Secure reported that the malware was inside a zip-file which has not been unzipped once. Is it possible that a malware goes inside a zip-file after I've downloaded it? If so, I'm not only very sorry for the title and content of my post, but also surprised. I've always thought zip-files are sort of locked. Also, it worries me that F-Secure did not spot the malware by the download. I have no idea if it's possible that it was a false alarm. And note, that you dl'd it recently, I did it long ago. Accidents do happen. Before installing new, downloaded software, imaging is recommended, for sure. I wasn't installing. I just did a complete check of my laptop. I doubt anyone does a system image every time they download something :o) (??). I read a lot about the malware in question when solving my friends problem a year ago. If Katzy lies in, say, a pdf-file that is not opened, it does not spread in the machine. AFAIK, getting rid of it requires just deletion of the file in question. My "friend" is an eighteen year old girl. There is not one same web adress that we visit, nor have we ever changed any kind of data in any form. We don't live in the same household. It's impossible we got it from the same source. SONAR PE 8.5.3, Asus P5B, 2,4 Ghz Dual Core, 4 Gb RAM, GF 7300, EMU 1820, Bluetube Pre - Kontakt4, Ozone, Addictive Drums, PSP Mixpack2, Melda Creative Pack, Melodyne Plugin etc. The benefit of being a middle aged amateur is the low number of years of frustration ahead of you. #3
Bub Max Output Level: -3.5 dBFS Total Posts : 7196 Joined: 2010/10/25 10:22:13 Location: Sneaking up behind you! Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/02/28 14:52:29 (permalink) Kalle Rantaaho Also, it worries me that F-Secure did not spot the malware by the download. That's because it happened after it got on your system. Ahhhh ... "I pulled the head off Elvis, filled Fred up to his pelvis, yaba daba do, the King is gone, and so are you." #4
Kalle Rantaaho Max Output Level: -5 dBFS Total Posts : 7005 Joined: 2006/01/09 13:07:59 Location: Finland Status: offline Re:Heads up for a virus G.V. Katzy 2013/02/28 15:13:03 (permalink) Bub Kalle Rantaaho Also, it worries me that F-Secure did not spot the malware by the download. That's because it happened after it got on your system. Ahhhh ... Ehhh...is that a pun or something? What happened after what ??? The protection software automatically scans anything new that comes in. If I plug in a memory stick, it automatically checks it. Is it possible for a malware to creep into a zip-file? I've thought the malware must be present when the file gets zipped. We're not talking about a virus that attacks actively, AFAIK, but a malware that needs to be launched by opening the file where it hides. I erased the company name from the original title to avoid unnecessary "discomfort". SONAR PE 8.5.3, Asus P5B, 2,4 Ghz Dual Core, 4 Gb RAM, GF 7300, EMU 1820, Bluetube Pre - Kontakt4, Ozone, Addictive Drums, PSP Mixpack2, Melda Creative Pack, Melodyne Plugin etc. The benefit of being a middle aged amateur is the low number of years of frustration ahead of you. #5
Bub Max Output Level: -3.5 dBFS Total Posts : 7196 Joined: 2010/10/25 10:22:13 Location: Sneaking up behind you! Status: offline Re:Heads up for a virus G.V. Katzy 2013/02/28 15:46:47 (permalink) Kalle Rantaaho Bub Kalle Rantaaho Also, it worries me that F-Secure did not spot the malware by the download. That's because it happened after it got on your system. Ahhhh ... Ehhh...is that a pun or something? What happened after what ??? The protection software automatically scans anything new that comes in. If I plug in a memory stick, it automatically checks it. Is it possible for a malware to creep into a zip-file? I've thought the malware must be present when the file gets zipped. We're not talking about a virus that attacks actively, AFAIK, but a malware that needs to be launched by opening the file where it hides. I erased the company name from the original title to avoid unnecessary "discomfort". My apologies. I should have put a smiley. That was "Ahhhh ..." as in an "Ah Ha!" Moment where something suddenly becomes clear and makes sense. If you download a file, and your protection software scans it as it's downloading, or scans it the second it is done downloading before you get a chance to open it, and it does not find anything wrong, then the infection happened after you downloaded the file and it was checked by your protection software. Somewhere between the time you downloaded the file and when you checked it with your software is when the infection happened. It didn't come that way from their site. Yes, it's possible for a zip to be infiltrated without evidence of it ever being opened. These people doing this crap are scary smart, anything is possible. "I pulled the head off Elvis, filled Fred up to his pelvis, yaba daba do, the King is gone, and so are you." #6
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/02/28 18:22:55 (permalink) It's not only easy for a virus to be inserted into a zip file it is also very common. Windows handles zip files natively so it's as easy for a rogue file or a script to place a file in a standard folder. In fact it is placing a file in a standard 'folder'. All current virus checkers will scan inside standard compressed files (rar, zip, 7z and various otherwise invisibly compressed files) for this very reason. "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #7
slartabartfast Max Output Level: -22.5 dBFS Total Posts : 5289 Joined: 2005/10/30 01:38:34 Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/02/28 19:54:46 (permalink) Is it possible that a malware goes inside a zip-file after I've downloaded it? It is. It is also not only possible but common for a virus signature to exist in a clean (non-infected) file. In the trade, that is known as a false positive. Signature based antivirus programs compare a series of bytes present in a known virus to every byte in every piece of code that passes through them. On occasion, the "signature" code is not the damaging code of the virus, but just a recognizable piece of the virus code. It is possible to duplicate enough of that signature, in benign code in the process of writing programs, to cause it to be recognized by the antivirus as belonging to the virus, even though the virus "warhead" is not part of the code. The signature files for each of the antivirus programs can be somewhat different, and so you can have code declared to be a virus by one scanner, but not by another. The problem, when your antivirus flags code as matching a virus signature and someone else's antivirus does not, is trying to figure out which is the error. Did your antivirus flag a virus that theirs missed or did yours flag a false positive? The wise thing to do if the file is not critical is to play it safe. There is nothing wrong with warning your friends about such a finding, even if you cannot confirm that it is not false positive. If your antivirus has it right, then you can save them a world of hurt. If your antivirus is wrong, they can take special care to be sure theirs is not just missing it. Many antivirus programs have a way to send the suspect file to the antivirus maker for analysis. There are also websites that will allow you to compare the findings by a variety of antivirus programs on a search of the file name. http://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives http://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm #8
Kalle Rantaaho Max Output Level: -5 dBFS Total Posts : 7005 Joined: 2006/01/09 13:07:59 Location: Finland Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/03/01 12:35:39 (permalink) Thank you all for the information! SONAR PE 8.5.3, Asus P5B, 2,4 Ghz Dual Core, 4 Gb RAM, GF 7300, EMU 1820, Bluetube Pre - Kontakt4, Ozone, Addictive Drums, PSP Mixpack2, Melda Creative Pack, Melodyne Plugin etc. The benefit of being a middle aged amateur is the low number of years of frustration ahead of you. #9
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/03/02 04:32:46 (permalink) slartabartfast The wise thing to do if the file is not critical is to play it safe. There is nothing wrong with warning your friends about such a finding, even if you cannot confirm that it is not false positive. If your antivirus has it right, then you can save them a world of hurt. If your antivirus is wrong, they can take special care to be sure theirs is not just missing it. Providing you take care not to damage an innocent vendors good reputation for supplying clean files... "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #10
craigb Max Output Level: 0 dBFS Total Posts : 41704 Joined: 2009/01/28 23:13:04 Location: The Pacific Northwestshire Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/03/02 04:35:03 (permalink) I know some people who are false positives. Time for all of you to head over to Beyond My DAW! #11
slartabartfast Max Output Level: -22.5 dBFS Total Posts : 5289 Joined: 2005/10/30 01:38:34 Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/03/02 14:34:14 (permalink) Jonbouy slartabartfast The wise thing to do if the file is not critical is to play it safe. There is nothing wrong with warning your friends about such a finding, even if you cannot confirm that it is not false positive. If your antivirus has it right, then you can save them a world of hurt. If your antivirus is wrong, they can take special care to be sure theirs is not just missing it. Providing you take care not to damage an innocent vendors good reputation for supplying clean files... I assume that all vendors are innocent, regardless of whether they have infected files for download or not. Unless you are visiting a malicious website, infected files are not deliberately placed there by the merchant, who is as much a victim as anyone. If you are concerned about the "reputation" of the vendor, the best thing you can do is to contact him and let him know what you have found. He then has the option to purge his code, or report the false positive to the antivirus maker and request an exception for his file. Most false positives that I have downloaded, affect precisely these small operations. With some notable exceptions, a file that millions of people download daily which an antivirus falsely flags will be fixed quickly, or the antivirus vendor will add it to their false positive list. The vendor can put a notice on their website acknowledging that the file is incorrectly flagged by antivirus X, with links to other antivirus scanner results, but the casual user may think this is just part of the scam. This kind of thing is a potential nightmare for the vendor. Still as a user, I would prefer to have a false su**ion raised than to miss a real virus that my scanner does not catch. edit Apparently the forum software has decided that I have intended to post a racial slur against persons of Hispanic ancestry cleverly hidden in the noun form of su**ious...er doubtful about the integrity or truthfulness of. post edited by slartabartfast - 2013/03/02 14:37:39 #12
craigb Max Output Level: 0 dBFS Total Posts : 41704 Joined: 2009/01/28 23:13:04 Location: The Pacific Northwestshire Status: offline Re:Free Klanghelm DC1A comp - Heads up for a virus G.V. Katzy 2013/03/02 16:57:08 (permalink) slartabartfast edit Apparently the forum software has decided that I have intended to post a racial slur against persons of Hispanic ancestry cleverly hidden in the noun form of su**ious...er doubtful about the integrity or truthfulness of. Yes, stupid censorship is the spice of life. Time for all of you to head over to Beyond My DAW!** #13

Jump to:

© 2025 APG vNext Commercial Version 5.1