Trojan in JauntePE?!

Message

castman · #1 Post by **castman** » Mon Jun 30, 2008 6:29 pm

People here must know that Avast and GData started detecting all versions of JauntePE as a Trojan

The problem is that I use Avast

Win32:Bifrose-DJV [Trj] - People can see it at VirusTotal site

Firewrath · #2 Post by **Firewrath** » Mon Jun 30, 2008 9:55 pm

yeah, AVG did this a while back, see these thread for info:

http://portablefreeware.com/forums/viewtopic.php?t=1934

http://portablefreeware.com/forums/viewtopic.php?t=2491

AVG called it "Backdoor.Bifrost"
but i think it was submitted as a false positive by some users here and AVG doesnt flag it anymore,

either way, its a false alert,

Kranor · #3 Post by **Kranor** » Tue Jul 01, 2008 3:38 am

The madchook dll has been used in the past by virus and trojan writers to exploit machines. it is because of this that it flags up in many antivirus and antispyware products. Just so you know madchook was not written to create viruses it just happens that is what some people have used it for. This is one of the reasons that madashi asked redllar to remove madchook from his builds.

castman · #4 Post by **castman** » Tue Jul 01, 2008 3:57 am

However, where is the source code of JauntePE (not madCHook) ??
I only have the original JauntePE015 from the broken links and the JauntePE020

It's some kind of mistery!!

Kranor · #5 Post by **Kranor** » Tue Jul 01, 2008 7:06 am

???????
Please explain what you mean??????

As far as I know version 0.1.5 is the only one out in the wild. Version 0.2.0 was being worked on by redllar but has not been re3leased to joe public.

JauntePE or madChook do not trigger any antivirus on their own. But any apps that you have made portable will trigger AV due to the api calls and dll hooking which is symptomatic of trojan behaviour

castman · #6 Post by **castman** » Tue Jul 01, 2008 1:02 pm

I mean to be informed about sources =P ??

I also thought it was PortableFreeware effort...

And explaining JauntePE020, I got it from the web and only used it to Discovery Registry Usage.

Queue · #7 Post by **Queue** » Tue Jul 01, 2008 3:10 pm

I don't believe JauntePE source code was ever available. It was and is Redllar's project.

Queue

castman · #8 Post by **castman** » Tue Jul 01, 2008 4:55 pm

Sorry, I'm a noobie =P

I understand now who built JauntePE. I think it was only the way Kranor explained me that confused me.

Don't bother yourselfs about me. I visit this site (portablefreeware.com) more than Google

castman · #9 Post by **castman** » Tue Jul 01, 2008 6:39 pm

Kranor wrote:As far as I know version 0.1.5 is the only one out in the wild. Version 0.2.0 was being worked on by redllar but has not been re3leased to joe public.

This JauntePE020 package I downloaded from the web has 2 extra DLLs (jpeCrypto 0.1.0 and jpeShade 0.1.0)

I thought it was a new package but the JauntePE.dll says its version 0.1.1.

It has extra files. In addition of extra folders: Filesystems and Plugins.

Edit: Oh wait! You missed the new package!!

http://portablefreeware.com/forums/viewtopic.php?t=1849

But Someone can explain me why its written version 0.1.1??

I can't forget, Thanks Redllar for his great work

Kranor · #10 Post by **Kranor** » Wed Jul 02, 2008 3:27 am

Ahh now you have posted that link we know what you are talking about!!

that 020 version is just an experimanetal plugin that redllar released. It is to do with fake drives and drive encyrption. It does not have the ability to make stand alone portable software but will work as a launchpad. this was released back in the early days of JauntePE. We are currently in limbo as far as jauntePE is concerned the latest news we had was that 030 was on its way. But like i say that was a fair while back.