Dead Karl 2 Trojan

[Paradoxone]

Hello!

The other day I went to:

http://www.catsuka.com/focuson_anim.php ... _animation

and saved the Dead Karl gif "deadkarl_prehistoricanimal02" on my hd. When I run a virus scan I found out that the gif has a trojan back door virus attached to it.

Please remove the corrupted file so no one else will download the trojan in the future. Maybe you can contact the author of that gif and tell him that that particular one is corrupted, and ask him to give you an uncorrupted one?

Thank you very much in advance!
Btw, you guys ROCK! Absolutely Terrific Site!

:-Daniel

[Tsuka]

I'm sorry, but I've just analyzed all the DeadKarl gif-animations hosted on Catsuka, with 4 different anti-virus, and I didn't found any trojan or virus.

I think you was wrong.

[Paradoxone]

I just checked again. It's the one where Karl rips apart that girl from "The Ring".

http://www.catsuka.com/show.php?image=f ... imal02.gif

rightclick save image then drag the gif file into the antivir virus scanner found here: http://www.free-av.de/

It results in the following finding every time I try it:

C:\Programs\...\deadkarl_prehistoricanimal02.gif
is the Trojan HorseTR/Spy.Banker.vk.1

I wish I was wrong

[berseker]

I don't think such a Trojan can be in a .gif file as these kind of files cannot execute harmful codes. I see three solutions :
- your antivirus is wrong
- your computer was already infected by this trojan from somewhere else and it is only detected here.
- I am wrong

[Paradoxone]

I just discovered something else. Don't worry, it's not a virus this time.

http://www.catsuka.com/videos/files/PolarBears.zip

The file is corrupted. The audio of the clip starts to break apart at

0:56 / 1:37 minutes

from that point on all you hear is audio gibberish. I warn you, it's quite a shock when you listen to the dialogue and suddenly all you hear is radio static

Don't tell me yours works fine, I tried to download it again and it happens all the time but only with this file. I hope I don't have to bring more bad news.

:-Daniel

[Tsuka]

I'm not a virus specialist, but as Berseker said, I think it's strange that an executable trojan can be in an animatd-gif.
I won't test it with others antivirus, I think it's safe. If you use online antivirus like Kapersky (here or here) or Secuser, you'll see that there's nothing. I don't have Norton, but if someone wants to test the file with it, he's welcome.
-edit- I also tested the file with McAfee online antivirus, no problem.

About the Polar Bears video, you're right, there's an audio problem in the RealVideo file, I will try to correct it, or to put another Polar Bears episode.
While waiting, you can find many other episodes of this tv-series here :
http://www.pyercoffin.com/movies_polar.html

[Paradoxone]

I don't know if a trojan can hide in a gif file either, but that maybe due to the usual size of gifs. Dead Karl on the other hand, though in gif format, actually is more like a short story of sorts, thus the size of approx. 600kb.
Well, at least I warned you. Of course I'm happy that you don't get this virus, but it would be interesting to know if I really am the only one who finds it in that particular file.

Thank you very much for the link with the other Polar Bears ^__^

[Tsuka]

Yes, as I said before I would also be interested by antivirus tests made by other persons (like with Norton Antivirus, which I don't have).

Gif in direct download :
http://www.catsuka.com/focuson_anim/gif ... imal02.gif

Anyway, I really think that there's no problem.
Sometimes antivirus can bug (for example I remember some bugs with the automatic antivirus scan applied on attached files through Hotmail webmail, few years ago ...)

[Chron]

Nothing found with the latest Norton...
@+
Chron

[Klaim]

Nothing found with Kaspersky here...

Paradoxone> You should :

1) Update your virus definition if it's not done
2) Then launch a full scan of all your disks
3) If there are dome viruses, kill them then retry to get the gif from this site and check again
4) If not, use AdAware and SpyBot to check all your system : you might have a Spyware in your explorer or in antoher application running in back (you'll not see the spywares by checking in task/process list...)

[Paradoxone]

Hmmyeah, I guess I should do that. Thanks for the tip, and sorry for creating such a fuss. Maybe it's thanks to this Dead Karl gif that the virus was even detected?

I still don't understand the connection though. Ah, computers, they are such a mistery, now aren't they?

[Klaim]

Not for me

[Paradoxone]

About the Polar Bears video, you're right, there's an audio problem in the RealVideo file, I will try to correct it, or to put another Polar Bears episode.
While waiting, you can find many other episodes of this tv-series here :
http://www.pyercoffin.com/movies_polar.html

Er, I just tried to download a clip from there, I need a user / password. Do you have one I could use? If not then I will just have to wait until you have fixed the file. Please keep me informed about the progress on that, if you have the time.

Thanks a lot in advance!

:-Daniel

[Tsuka]

That's strange, I just tried to download videos from this page, and it's working. But after 3 or 4 clicks on download-links, the videos came unavailable. The files are on a FTP perhaps there's a limit of downloads at the same time per user (IP). But I didn't have a user/password request.
Try to download with simple right-clik/save-as, I use softwares for downloading (like Getright), and sometimes ftp-downloads don't work with this kind of software ...

Anyway, I will keep you informed about the upgrade of the video on Catsuka.

[Klaim]

*snif* *snif*

...hmm...spywares...