Hey guys.
I installed uniuploader the other day an have been using it for about 5 days now.
This morning i decided to clean my computer up an when i run my spyware scanner it detected the Settings.ini file which is created off uniuploader.
Here is the link for what trojan its ment to be.

Is this right?

Cheers for you time
Sheepy

Perhaps it is right. Just delete the whole UU folder and reinstall.

I'm obviously an amatuer coder, but, how would reinstalling NOT make this come back? If it came from UU, wouldn't reinstalling it, make it again?

Thats another thing, I am the website administrator, I have gotten the guild to accept this roster and such, despite all the keyloggers, and whatnot goin around about stealing keys,now, there could possibly be a trojan involved?

This is a great community, and the developers to the addons have done a fantastic job, but this make me EXTREMELY nervous, exposing 300+ people to a possible trojan.

First off, which program caught it?

Where was this UU downloaded from that has the supposed trojan?

Has anybody else discovered this? Where exactly on your computer was it, so we can all check?

I want to be sure before yelling " The sky is falling"..
Thx and sorry if i'm causing a mountain of a molehill.

well, you can trust me to compile clean programs for you.

That said, the only way to make sure you have a clean copy is to compile the program using http://msdn.microsoft.com/vstudio/express/ and the source code in the download section.

I only get the mods/addons from THIS site, fearing suhc things.. I already asked about security before introducing this to my group. I felt comfortable with the responses and information I gathered from this and other sites about wowroster. I apologize if my post makes it look like I'm accusing anyone here of wrong doing. That is not my intentions. I have seen no proof of that.

I am, however curious, as to how he got it. If it is going to be posted on this forum, I would like to hear the whole story. For peace of mind, and the knowledge of awareness.

Virusses mainly work by attaching themselves to other "regularly" used programs. Uninstalling and reinstalling would normally get rid of this kind of virus. Problem is, they dont only infect one file, they infect many, and some of them detect this attempted removal and infect something else.

Then there are false alarms, and i think this is what youre looking at. There is no way a setting.ini file can contain a virus as its NOT an executable file and nothing inside it gets executed. Chances are its a false alarm.

Yeah, i'm more interested as to where it came from or what other downloads/factors were involved.

I am constantly looking for the keylogger attacks, they seem to come in waves. I just like to inform my group of what is happening.

we had a similar thread last year about a false positive AVG was throwing

Hey guys sorry i didnt post sooner i been away for a bit.
the so called trojan come from the Settings.ini file which is made my UU.
Here is a screenie of how it comes up in the program

I looked through the settings.ini file an cant see anything dodgy but im still a little bit jubious

do u run you UU from your desktop folder?

Move it to a folder of its own, and see if the warning moves with it.

OK lets see here, for starters I don't see any way that the settings.ini file could be a trojan. It is a settings configuration file and on it's own doesn't access the internet or any active ports. If anything you spyware software is detecting the url string information contained within the file and is a false alarm. I run Norton 360, Spy Bot S&D, and AddAware. And have yet to see this warning as a problem. Odds are it is a conflict with you spyware software.

Risk ?

I don't get it.

UniLoader: the source is viewable, and even rather well done.
One can build UniLoader by themselves if the need is there, but fear withholds one from installing or even using the executable.
Uniloader hassles with plain text files and images.
It sends them away from your system, coming from 3 places, it’s installation location, like \Program Files\UniLoader\...., \WoW\WTF\Account\LOGIN\SavedVariables\... and \WoW\Interface\AddOns\...

True is - some of those text files are actually scripting files, coded in LUA. LUA is being known as even more save then Java... Java is the language that every browser in the world 'just executes' when loaded – and we’re all still there, aren’t we?

A point of risk might be the fact that UniAdmin runs from a web server.
Now, how save is a web server?
So, one should break into Unidmin, add a false 'real Add On' which is actually 'dangerous code' - make UniAdmin swallow it (see it as valid Add On's) - have it send to UniLoader when it asks for it.
UniLoader will throw this file it in one of these 3 directories ONLY.
WoW won't do anything with it, except may be throwing an error like 'this ain't no LUA... – black box burk.".
And things stop there.
It will no be executed or even interpreted.

Exception to this rule: the person who finds an executable in these WoW directories (and only these), and because he (she) has to click on anything to 'ty it out' becomes a victim.
But: we all know that the good AntiVirus, or whatever tool that fits this name, would already have stopped the simple 'writing of this file' when it has been put there.

So, still, I don't get it.

I only see one point:
A couple of system interacts and exchange information on a nearly ‘magic’ way.
It runs nearly automatic, so, by nature, that’s suspected.
That’s ok.
The simple fact that we discus about it, brainstorming it, testing it, feedbacking the results, makes it sure.

Mattm - and others - you did a hell of a job !

Got one question: why isn’t this tool just included on my WoW CD’s on the first place?
Or even a smallest hint saying: “When you installed this game, drop by at www.wowroster.net”?! Because we all will, on the long run, if you are a warrior like me, or right away, if you’re a hard-gamer ^^

PS: pardon me, as said; I’m a warrior, so still having issues with Spirit and Intelligence ;-) but coding makes me eat, and I recognize quality when I see it.

Sheepy_Daz wrote:the so called trojan come from the Settings.ini file which is made my UU.
Here is a screenie of how it comes up in the program

I get a 404 on that screenshot. Did you spell the link correctly, and use the right upper/lower case?

Hey guys sorry to bump an old thread back up.
I moved the files from the desktop an used the installer to install UU an its not picking up the file as spyware anymore.
why would it pick it up on the desktop though?

First post here yay =)

Been browsing through the forums cause i'm having some issues here and this one caught my eye

Anyway, back on track. Sheepy I would guess that's because you have a virus in your desktop folder then. I remember having every image I opened from a certain folder making my NOD32 throwing me some virus error. I didn't really look into it anymore as I forgot about it and stuff (was still very noob at PC back then )

But then a few weeks later I decided to organize my images a bit and moved many out of that folder, renamed the original folder "random images" with the ones that didn't fit any other folder

But then every image didn't give me a warning anymrore, EXCEPT for the one in that particular folder ...

I suggest you deep scan you desktop with a GOOD antivirus (AVG, Kaspersky, NOD32, etc.) Please don't use Norton ^^