I just got a message from AVG about an apparent trojan called Downloader.Generic7.AKOA
After some experiment I found that this arises consistently when I execute the file Gwave508.exe. That's a on old setup file. I currently use GW v 5.10. It seems bizarre that it should prompt such a message.
Google gave zero hits for 'Downloader.Generic7.AKOA'.
Anyone have any info about this please?
Could someone remind me of the web site to which I can forward a file for up-to-date virus checking?
--
Terry, East Grinstead, UK
Trojan Downloader.Generic7.AKOA?
There is no virus in GOldwave if you downloaded it from Goldwave Inc.'s page. Several false positive have been reported.
«downloader.GENERIC7.akoa» looks like a heuristic detection, it detcted something that eventually should be a malicious code. It is trendy to get some paranoïd heuristic detection in many products, and the companies ignore the claims from customers about these false positive. The only answer I received was "reinstall the antispyware from this link, reboot your computer physically disconnected from internet, scan deeply your computer, and delete all what it finds", that would have meant to delete until now three software i trust however. To change the antivirus/antispyware hasn't changed about the presence of false positive (which curiously are not the same ones).
Sometimes, while these false positive affect only small companies software or open source software, I wonder if they consider small companies software as malware just because it's a concurrence to the big one which has a dominant position over all the other ones.
«downloader.GENERIC7.akoa» looks like a heuristic detection, it detcted something that eventually should be a malicious code. It is trendy to get some paranoïd heuristic detection in many products, and the companies ignore the claims from customers about these false positive. The only answer I received was "reinstall the antispyware from this link, reboot your computer physically disconnected from internet, scan deeply your computer, and delete all what it finds", that would have meant to delete until now three software i trust however. To change the antivirus/antispyware hasn't changed about the presence of false positive (which curiously are not the same ones).
Sometimes, while these false positive affect only small companies software or open source software, I wonder if they consider small companies software as malware just because it's a concurrence to the big one which has a dominant position over all the other ones.
-
DewDude420
- Posts: 1171
- Joined: Fri Mar 11, 2005 11:15 pm
- Location: Washington DC Metro Area
- Contact:
Here's the problem with AV Vendors.....so many of them seem to be able to be "paid off".
Prime example: I have a downloaded copy of [PROGRAM NAME REDACTED] that obviously came with a keygen. This Keygen does not contain a single virus...however, my AV program is set to detect keygens as trojans...why? Because some company paid them off to do this. (and if anyone is wondering...I paid for Goldwave 10 years ago...i only download programs that cost in excess of 4 digits)
I right now get a list of about 15 files that are "infected" that are entirely false-positivies.
It's sad when companies that are supposed to be dedicated to security can be paid off to falsify results to satisfy thiers (and some other software vendors) pocket.
Prime example: I have a downloaded copy of [PROGRAM NAME REDACTED] that obviously came with a keygen. This Keygen does not contain a single virus...however, my AV program is set to detect keygens as trojans...why? Because some company paid them off to do this. (and if anyone is wondering...I paid for Goldwave 10 years ago...i only download programs that cost in excess of 4 digits)
I right now get a list of about 15 files that are "infected" that are entirely false-positivies.
It's sad when companies that are supposed to be dedicated to security can be paid off to falsify results to satisfy thiers (and some other software vendors) pocket.
the reason AV programs report keygens and other hacker tools as "harmful" is because they are hacker tools and do hacker like things which the AV tool is designed to "protect" you from.
it doesn't know that the hacker tool it's looking at is a good or friendly hacker tool that you want to keep, it just knows its a hacker tool.
Most AV programs download updated "definition files" on a regular basis, some of them a little too often, like every 4 hours for AVG. These "definition files" describe certain behavior patterns to be on the look out for. KeyGens and other similar harmless tools are described in them BC they are used to "hack" a published software, and it's the AVs job to detect all forms of hacking, even "white hat" hacking, if that's what you wanna call software piracy
If an armed cop walked through a metal detector at the airport, it would set off an alarm BC it detects a gun, it doesn't know the gun is attached to a cop, just that it's a gun.
that's why you should never allow av software to automatically "heal" or delete anything with out you looking at it first.
it doesn't know that the hacker tool it's looking at is a good or friendly hacker tool that you want to keep, it just knows its a hacker tool.
Most AV programs download updated "definition files" on a regular basis, some of them a little too often, like every 4 hours for AVG. These "definition files" describe certain behavior patterns to be on the look out for. KeyGens and other similar harmless tools are described in them BC they are used to "hack" a published software, and it's the AVs job to detect all forms of hacking, even "white hat" hacking, if that's what you wanna call software piracy
If an armed cop walked through a metal detector at the airport, it would set off an alarm BC it detects a gun, it doesn't know the gun is attached to a cop, just that it's a gun.
that's why you should never allow av software to automatically "heal" or delete anything with out you looking at it first.
UPDATE: I just googled Downloader.Generic7.AKOA and got 8 Hits, including this page, and 2 other ones where terry posted his query.
Among them was an independant AV spyware detection & removal company http://www.scanforfree.com/07/downloade ... moval.html that posted this information about it, and to me it sounds like apretty real and serious threat:
Downloader.Generic7.AKOA also known as Generic7.AKOA is backdoor trojan installed by Gwave508.exe. Downloader.Generic7.AKOA is a generic standalone trojan horse program that can hiddenly download and execute malicious programs from remote ftp or websites on to the infected computer. Usually Downloader.Generic7.AKOA trojan spred through questionable porn related websites, via peer to peer programs and spam emails. Downloader.Generic7.AKOA is a destructive infection and a serious security risk that can steal private data and cause slow PC performance!
Downloader.Generic7.AKOA clones: Downloader.Generic7, trojan Horse Generic10.THY, Trojan Generic7.igx, Trojan Generic7.HYA, Trojan Generic7.KQK, Trojan Generic7.AGGJ, Trojan Generic7.xtx, Trojan Generic7.RTW, Trojan Generic7.QQK, Trojan Generic7.ACGM, Trojan Generic7.TWP, Trojan Generic7.RT, Trojan Generic7.GC, Trojan Generic7.Aeey, Trojan Generic7.AUY, Trojan Generic7.IZY, Trojan Generic7.ENJ, Trojan Generic7.KDD, rojan Generic7.AFFI, rojan Generic7.IIW
Process: Gwave508.exe
Symptoms of Downloader.Generic7.AKOA:
* Slower windows boot and shut down speed, slow browsing speed
* Generic7.AKOA is extremely complicated to uninstall, reinstall after start-up
* Fake desktop shortcuts and system tray icons
* Downloader.Generic7.AKOA can cause frustrating Windows bleep sound
* Missing or corrupt registry system files and Blue Screen
* Hijack desktop wallpaper and toolbar
* Unusual running processes/files in the task manager
* Inactivate pop up blocker and overruns the desktop with adult popups
Downloader.Generic7.AKOA activities:
* Disable firewall and anti-virus software, logs surfing activity to create popup ads
* Gather Windows system information, Sends out login names, passwords and keystrokes
* Infects computer with trojan through browser security leaks
As was said earlier, 508 is an obsolete version and I don't see a company paying money to perpetrate a rouse keep you from having an obsolete version.
It seems to me that BC of the independent hit for it and what they're saying about it, that this is a real thing that's actually out there.
Maybe NOT EVERY copy of 508 is infected and a lot of ppl prolly got clean copies, but enough copiers got infected to propagate this thing into the wild and generate this type of response.
Since 508 is obsolete and superseded by a newer version, I would expect occurrences of this particular infection to wane off, and htis may be the reason there's not a lot more stuff about it ... it's pretty old and may have been purged.
I would NOT however just blatantly DISREGARD AV warnings about infections based on a perceived industry bias.
Among them was an independant AV spyware detection & removal company http://www.scanforfree.com/07/downloade ... moval.html that posted this information about it, and to me it sounds like apretty real and serious threat:
Downloader.Generic7.AKOA also known as Generic7.AKOA is backdoor trojan installed by Gwave508.exe. Downloader.Generic7.AKOA is a generic standalone trojan horse program that can hiddenly download and execute malicious programs from remote ftp or websites on to the infected computer. Usually Downloader.Generic7.AKOA trojan spred through questionable porn related websites, via peer to peer programs and spam emails. Downloader.Generic7.AKOA is a destructive infection and a serious security risk that can steal private data and cause slow PC performance!
Downloader.Generic7.AKOA clones: Downloader.Generic7, trojan Horse Generic10.THY, Trojan Generic7.igx, Trojan Generic7.HYA, Trojan Generic7.KQK, Trojan Generic7.AGGJ, Trojan Generic7.xtx, Trojan Generic7.RTW, Trojan Generic7.QQK, Trojan Generic7.ACGM, Trojan Generic7.TWP, Trojan Generic7.RT, Trojan Generic7.GC, Trojan Generic7.Aeey, Trojan Generic7.AUY, Trojan Generic7.IZY, Trojan Generic7.ENJ, Trojan Generic7.KDD, rojan Generic7.AFFI, rojan Generic7.IIW
Process: Gwave508.exe
Symptoms of Downloader.Generic7.AKOA:
* Slower windows boot and shut down speed, slow browsing speed
* Generic7.AKOA is extremely complicated to uninstall, reinstall after start-up
* Fake desktop shortcuts and system tray icons
* Downloader.Generic7.AKOA can cause frustrating Windows bleep sound
* Missing or corrupt registry system files and Blue Screen
* Hijack desktop wallpaper and toolbar
* Unusual running processes/files in the task manager
* Inactivate pop up blocker and overruns the desktop with adult popups
Downloader.Generic7.AKOA activities:
* Disable firewall and anti-virus software, logs surfing activity to create popup ads
* Gather Windows system information, Sends out login names, passwords and keystrokes
* Infects computer with trojan through browser security leaks
As was said earlier, 508 is an obsolete version and I don't see a company paying money to perpetrate a rouse keep you from having an obsolete version.
It seems to me that BC of the independent hit for it and what they're saying about it, that this is a real thing that's actually out there.
Maybe NOT EVERY copy of 508 is infected and a lot of ppl prolly got clean copies, but enough copiers got infected to propagate this thing into the wild and generate this type of response.
Since 508 is obsolete and superseded by a newer version, I would expect occurrences of this particular infection to wane off, and htis may be the reason there's not a lot more stuff about it ... it's pretty old and may have been purged.
I would NOT however just blatantly DISREGARD AV warnings about infections based on a perceived industry bias.
-
GoldWave Inc.
- Site Admin
- Posts: 4375
- Joined: Wed Mar 10, 2004 6:43 pm
- Location: St. John's, NL
- Contact:
Where did you download the gwave508.exe file? Have you performed a byte comparison with the original here to determine if the infected copy is different from the original?
You can find the results of multiple scans for gwave508.exe here. Even with a perfectly clean file, two of the AV programs report a false positive. The rest correctly report the file is clean. Let me know when many AV programs start reporting a problem and then I'll be concerned. Until then, please do not post this kind of harmful rubbish based on the results of one "independent" AV vendor.
Chris
Has it occurred to you that maybe not any copies have been infected? That this is yet another false positive?joeyd714 wrote:Maybe NOT EVERY copy of 508 is infected
It has been stated and proven that AV companies have reported false positives on GoldWave. There is no perceived bias. The damage caused by their negligence to my company is profound and your unsubstantiated and unproven post only makes things worse.joeyd714 wrote:I would NOT however just blatantly DISREGARD AV warnings about infections based on a perceived industry bias.
You can find the results of multiple scans for gwave508.exe here. Even with a perfectly clean file, two of the AV programs report a false positive. The rest correctly report the file is clean. Let me know when many AV programs start reporting a problem and then I'll be concerned. Until then, please do not post this kind of harmful rubbish based on the results of one "independent" AV vendor.
Chris