NOTICE: Possible Virus in Poker Software (RBCALC)

[Unabridged]

[ QUOTE ]
Yes it is not raketrackers fault that this happened. No compensation needed.

[/ QUOTE ]

[img]/images/graemlins/confused.gif[/img]
how is it not their fault?

[forshure]

[ QUOTE ]
This virus could also come bundled with other poker applications

[/ QUOTE ]

What other applications can/is it bundled with?

[joe c]

personally I find it commendable that you are coming forward with this information. Seems like it could have been easily hidden, denied, covered-up or whatever.

FWIW, I downloaded this program in February, and am not infected. I still have a copy if it would be helpful for anything.

[ColdCaller]

[ QUOTE ]
[ QUOTE ]
Yes it is not raketrackers fault that this happened. No compensation needed.

[/ QUOTE ]

[img]/images/graemlins/confused.gif[/img]
how is it not their fault?

[/ QUOTE ]

Ultimately the user is responsible for all programs they download. RakeTracker probably never guaranteed the third-party program to be free of viruses or trojan horses.

[Unabridged]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
Yes it is not raketrackers fault that this happened. No compensation needed.

[/ QUOTE ]

[img]/images/graemlins/confused.gif[/img]
how is it not their fault?

[/ QUOTE ]

Ultimately the user is responsible for all programs they download. RakeTracker probably never guaranteed the third-party program to be free of viruses or trojan horses.

[/ QUOTE ]

yes, we all at fault for installing this. but this is not third party software raketracker put up on its site, it is their software with their name on it and on their reputation i assumed it was safe(ie they reviewed the source code)

[*TT*]

Here is the response from my submission to Symantec this morning when the claim was first made. RBCalc.exe's signature is now added to their anti-virus definitions.

Contrary to RT's statement, the version I submitted was downloaded on 4/22 Rev 1.6 if I recall correctly.

[ QUOTE ]
We have analyzed your submission. The following is a report of our findings for each file you have submitted:

filename: D:\Poker\Installers\RBCalc.exe
machine: XXXXXXXX (edited for my security)
result: This file is detected as Trojan.Dropper. http://www.symantec.com/avcenter/ven...n.dropper.html

Developer notes:
D:\Poker\Installers\RBCalc.exe is non-repairable threat. Please delete this file and replace it if necessary.

The submitted file drops comclg32.dll (Backdoor.Trojan), d3dclsrv.dll (infostealer), utlsrv.exe (infostealer), and ndsdavsrv.sys (Hacktool.Rootkit).

Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created RapidRelease definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest RapidRelease definitions.
Symantec is now building a new set of definitions to include the threat you have submitted. The approximate time to complete this process is one hour. We recommend checking the ftp site periodically over the next 60 to 90 minutes to download these definitions as soon as they are available.

Downloading and Installing RapidRelease Definitions:
1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/
2. Copy and paste the address ftp://ftp.symantec.com/public/english_us...lease/sequence/ into the address bar of your Web browser and then press Enter.(this could take a minute or so if you have a slow connection) 3. Now select 53989 folder or a higher. Open the folder.
4. Select the file symrapidreleasedefsx86.exe 5. When a download dialog box appears, save the file to the Windows desktop.
6. Double-click the downloaded file and follow the prompts.


Virus definition detail:

Sequence Number: 53989
Defs Version: 80512an
Extended Version: 05/12/2006 rev.40
----------------------------------------------------------------------
This message was generated by Symantec Security Response automation

Should you have any questions about your submission, please contact our regional technical support from the Symantec website
(http://www.symantec.com/techsupp/)
and give them the tracking number in the subject of this message.


[/ QUOTE ]

TT [img]/images/graemlins/club.gif[/img]

[Inthacup]

Here is the response from my submission to Symantec this morning when the claim was first made. RBCalc.exe's signature is now added to their anti-virus definitions.

Awesome. It's good to know that AV companies are already responding. Thanks for sharing TT.

Cup

[rt1]

Thanks TT. I took the dates out of my post... since we are no longer supporting this software we will assume that ALL version are bad.

[*TT*]

Question:

Since theft was involved over the internet this is a federal crime, in fact it may be an international crime. What is Rake Tracker doing to assure the proper authorities are aware? Is Rake Tracker notifying their vendor partners so they can do their best to track any third party beneficiaries?

Lets not beat around the bush, your developer is a criminal in my eyes.
TT [img]/images/graemlins/club.gif[/img]

PS: I'm not accusing Ryan or the rest of the RT staff of committing a criminal act... only the developer.

[Gator519]

\WINDOWS\system32\utlsrv.exe

This is the only file I found on my computer. I then went into the registry and saw both of the keys that you guys said, and deleted those as well. Is it normal for the other files not to show up but this one does?