Forum Thread: can a trojan be placed in a Printer program?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
taffy078 can a trojan be placed in a Printer program?
Contributor 25th Sep, 2012 07:56
Ranking: 408
Posts: 1,463
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
As you'll gather from the heading, I haven't got a clue about the nitty gritty of trojans, other than they are a pain in the a**e, just like the sick people who put them there.

I have an HP Deskjet F2280 - it's adequate for my needs and works well and cost-effectively.

The main software is the HP Solution Centre. This was updated/revamped recently, since when I've experienced a few problems so I've posted on the HP Forum.

One of the problems was that Malwarebytes found Trojan.Spatet in the HP file and registry (results below). It was the first time since the update that I ran Malwarebytes. It might just be a co-incidence or perhaps even a false positive.

I need to ask about this on the Malwarebytes forum but before I do, can our resident experts spare my blushes there and tell me if it is likely, or even possible, for someone to get into my PC and plant a trojan in a Vendor's software? I'm confident that my anti-virus/firewall will stop this which is why I wonder of it was already in the software, or is a False Positive.

in the file: C:\Program Files\HP\Digital Imaging\help\player\FlashPla.exe
in the Registry Value:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs|C:\Program Files\HP\Digital Imaging\help\player\FlashPla.exe

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7

Maurice Joyce RE: can a trojan be placed in a Printer program?
Handling Contributor 25th Sep, 2012 09:59
Score: 12075
Posts: 9,345
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Although by no stretch of the imagination am I an expert the answer is yes being as the software is on your PC.

I think U will find the HP solution Centre is a standalone programme in Control Panel>add/remove? If so just uninstall it if U do not use/want it.

I would contact Malwarebytes support - http://www.malwarebytes.org/contact_consumer/

Better if U insert your order number as it gives U priority support. They will investigate if it is a false positive. I assume it has put the offending items in quarantine?



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 25th Sep, 2012 10:52
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thanks Maurice.

I think that the Solution Centre is the only way to change settings when scanning to file e.g. whethere to save as jpg or tif etc and also for other scan/copy tasks. So at the moment it looks like I need it. I'll check though.

I'll contact Malwarebytes as you suggest though I've no order number - I use the free version. Yes - it has put it in quarantine.

I'll come back with the outcome.

In closing, I've just had a thought. Perhaps the timing is a coincidence. This blasted trojan may have slipped through because of the recent Internet Explorer security problems.

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
Maurice Joyce RE: can a trojan be placed in a Printer program?
Handling Contributor 25th Sep, 2012 10:56
Score: 12075
Posts: 9,345
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Highly unlikely - looks like a false positive to me. I have reported a few to them & they have always been happy to test & adjust their database if necessary.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Anthony Wells RE: can a trojan be placed in a Printer program?
Expert Contributor 25th Sep, 2012 16:15
Score: 2493
Posts: 3,384
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 25th Sep, 2012 16:19
Hi taffy ,

The Trojan Spatet has many versions shown by letter ; here is what Eset say about (an early) version A :-

http://go.eset.com/us/threat-center/encyclopedia/t...

As you can see it is a nasty piece of work and to be treated with real care .

Bear in mind that no A/V or A/S is 100% (however much faith you may have in it - that's why you have MBAM as well) and may not detect the Trojan until it tries to run ; as it contains a backdoor it is doubly dangerous . Such a Trojan could get in your printer software through an infected file and might initially be difficult to detect as such .

I would not know if it is a False Positive or not , nothing indicates whether it is one way or the other , as Maurice has said , only MBAM can confirm that (one way or another) .

Whilst waiting you can always run the MBAM .qua file past VirusTotal or Jotti .
.

EDIT : Here is the MBAM Forum page for reporting FP's :-

http://forums.malwarebytes.org/index.php?s=677e344...

Let us know your progress

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 25th Sep, 2012 18:07
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Thanks Anthony. I'm waiting for the results from Virus Total but am having problems with Jotti.
I found this address (http://virusscan.jotti.org/en-gb), browsed for the MWB report but the "submit file" box is greyed out.

Am I missing something obvious?

PS Which file should I submit? The infected file is now in quarantine.

PPS Virus Total found nothing but there again it was the MWB report that I submitted!!

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 25th Sep, 2012 18:13
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK


--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 25th Sep, 2012 18:16
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
The reason NVIDIA hasn't emailed me my new password yet is that they're still sorting it out:

http://www.nvidia.com/content/forums/index.html

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
Anthony Wells RE: can a trojan be placed in a Printer program?
Expert Contributor 25th Sep, 2012 22:46
Score: 2493
Posts: 3,384
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi taffy ,

Not sure what MWB report you are referring to but the quarantined file (.qua usually) is "usually" found by browsing to :-

C:\Docs & Settings\Your Name\AppData(a hidden folder/file)\Malwarebytes\Mawarebytes' Anti-Malware\Quarantine .

The Jotti page is fine for me ; after you browse and select a file the greyed out "Submit" link works (fine :).

The Nvidia problem sounds like it is their database rather than something on your machine . Never had the email myself but I am not registered on thier Forum .

Retry VirusTotal and Jotti with the .qua file .

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 26th Sep, 2012 07:54
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hi, Anthony. I've realised my mistake. The file that I sent to Virus Total was in fact MWB's scan report, not the quarantined file.
Thanks to your help, I found the (hidden) .quar file. Virus Total scored it '0' which I assumes means it's clear, so pointing perhaps to a False Positive.

I tried Jotti again - I browsed, found the infected file and clicked on 'open'. The folder path appeared but the grey window with 'submit file' in whiite remained dead. When I hovered the cursor over it, the cursor changed from the arrow to a perpendicular line.

I took NVidia's email as a warning that their forum may have been compromised enabling the bstds who did it to access members PCs, which is why I wondered if that was the source of my problem. But I've just this second had an awful thought. Last week, I was asked to sign up to Facebook to help resolve a problem for a local sports club. I copied a photo from there, pasted it in Word and then tried to print it. My printer took ages and in the end I had to abort the print.

The photo was of a group of the club's members. I'm now wondering if the person who posted that photo had an infected PC, could the trojan have been 'inside' the photo?



--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
Maurice Joyce RE: can a trojan be placed in a Printer program?
Handling Contributor 26th Sep, 2012 10:11
Score: 12075
Posts: 9,345
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Taffy,
Are you still running Norton Internet Security?

This Trojan has been around a very long time, is low level & is easily removed.

He are the details:
Background
http://www.symantec.com/security_response/writeup....

Technical Details

http://www.symantec.com/security_response/writeup....

Removal Details.

http://www.symantec.com/security_response/writeup....

I would not link the NVIDIA incident to the Malwarebytes find. Provided all your passwords are different or were changed on the 12th July that should be good enough to kill that one off.

If really concerned run a full viral scan & then just sit back & wait for Malwarebytes to respond if the scan is negative.

If you cannot wait for that you can run HiJack This -

http://fs34.filehippo.com/5339/4e88bde118e14f16be4...

Once you run the scan send the file to me by email & I will look at it for you.

I am assuming this is the alleged offending file - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs|C:\Program Files\HP\Digital Imaging\help\player\FlashPla.exe


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 26th Sep, 2012 14:01
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Thank you Maurice, Anthony. It seems that the cuase of this entire blasted episode was some problem with Malwarebytes.

The following thread isn't mine but the young lady who posted it summed up the frustrations very nicely!

http://forums.malwarebytes.org/index.php?showtopic...

I am sorry for having wasted your time but I've learnt a lot during this short time. I hope that other members have too! :0)



--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
Maurice Joyce RE: can a trojan be placed in a Printer program?
Handling Contributor 26th Sep, 2012 16:20
Score: 12075
Posts: 9,345
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Pleased it is all sorted for you.

How are U getting on with this thread?

https://secunia.com/community/forum/thread/show/13...

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Anthony Wells RE: can a trojan be placed in a Printer program?
Expert Contributor 26th Sep, 2012 21:57
Score: 2493
Posts: 3,384
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi taffy ,

Good news it seems , although the poster is not specific about the Trojan FP's name , it sounds like yours

If I were you , I would return the quarantined file(s) to your system and then browse to them , right click and in the pop-up menu you should see your security programmes and you can scan that/those files individually and thus quickly . I suggest this as those files may be important to and/or a part of your printer problems .

In addition , as MBAM found a problem in the last scan , it is always advisable to (re)run a full scan untill it shows as clean .

As far as your exploits with the Facebook 'photo , that is certainly a possible way to infect your PC . The Trojan Maurice has pointed to at Symantec is an early version and easy for your NIS to deal with which is not to say that there are not more recent versions being updated , say for Facebook . Koobface , for example , is constantly being modified .

You were very wise to take all the precautions and measures you did .

Let us know if an MBAM scan has now cleared the detection problem

Jotti's greyed ou link works fine for me when i left click .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Maurice Joyce RE: can a trojan be placed in a Printer program?
Handling Contributor 26th Sep, 2012 22:49
Score: 12075
Posts: 9,345
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 26th Sep, 2012 22:50
Anthony,
Done & dusted. I think Taffy perhaps has posted the wrong link.

http://forums.malwarebytes.org/index.php?showtopic...


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Anthony Wells RE: can a trojan be placed in a Printer program?
Expert Contributor 26th Sep, 2012 23:05
Score: 2493
Posts: 3,384
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Thanks Maurice . Loaded and locked :)

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 27th Sep, 2012 11:06
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hi Maurice. No mistake with that link. Rather than show you my thread, I wanted to show you another MWB-AM user's thread, as this confirms that MWB was having a problem.

Thanks again.


PS just responded to https://secunia.com/community/forum/thread/show/13...

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0
Maurice Joyce RE: can a trojan be placed in a Printer program?
Handling Contributor 27th Sep, 2012 12:54
Score: 12075
Posts: 9,345
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I do not think it is a Malwarebyte "problem" - more a daily routine. Any good and dedicated scanner will create the odd false positive/are missing data from their database/have corrupt links.

I use Malwarebytes Pro & the programme has no problems running & in my case has produced no false positives for a very long time.

As previously stated I have reported numerous to Malwarebytes & Secunia. Both have corrected them or explained why they are not prepared to do so in a timely manner.

Cyberworld at its best!

Hope you are not near the floods?



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
taffy078 RE: can a trojan be placed in a Printer program?
Contributor 27th Sep, 2012 15:00
Score: 408
Posts: 1,463
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thank you. Maurice. No - the floods have missed us, thank goodness. Yesterday we had four inches of rain during the day so what fell into the local rivers will have caused propblems lower down.

--
taffy078, West Yorkshire, UK

HP Envy Win10 PC and Compaq Presario screwed up by forced upgrade to Win10 from WIn7
Was this reply relevant?
+0
-0

This thread has been marked as locked.