Jump to content

Please read the Forum Rules before posting.

Photo

RNJKV Backdoor.IRCBot/Variant


  • Please log in to reply
14 replies to this topic

#1 AllanDale

AllanDale

    New to Bible Support

  • Veterans
  • Pip
  • 11 posts
Offline

Posted 24 June 2017 - 04:55 PM

I recently installed a module RNJKV and after running my daily malware programs, I noticed that in the module noted (RNKJV) there was a Backdoor.IRCBot/Variant that it found in this module. I had problems over a year5 or two ago with this same problem and someone answered that it didn't come from this site and must have come from  the e-sword installer. I have downloaded virtually every single module that is pertinent to my study life, and this is the only module that the malware was found in. It absolutely could not be installed any other way. This malware is one where someone can over-ride your computer. I checked and it is dangerous. Please, you need to run some malware precautions before allowing the public to get infected by your site. RNNKJV,EXE is the one to watch out for.



#2 Josh Bond

Josh Bond

    Administrator

  • Administrators
  • PipPipPipPipPip
  • 2,890 posts
  • LocationGallatin, TN
Offline

Posted 25 June 2017 - 12:26 PM

I just downloaded the file and the file is not infected.

 

It's possible the file became infected after you downloaded. But it's more likely you saw a false positive, which certain malware programs infamously generate. Malware, anti-virus, anti-adware programs sometimes produce a warning for software that they do not recognize, especially software whose sole purpose appears to be to copy a file from one location to another. Although this is valid within an e-Sword context, copying files to other locations is also how backdoors are established and how malware replicates. From the anti-malware's prospective, it sees an unpopular program and it can see the program copies files from one location to another. It then simply guesses that it's malware. A few brands of anti-malware are famous for this.

 

Although I believe that you believe your statement, "It absolutely could not be installed any other way", that statement is incorrect as well. There are many ways malware can be installed without you ever installing or even (knowingly) downloading a program. If this site truly served malware, Google would delist us within a matter of hours.



#3 APsit190

APsit190

    e-Sword Tools Developer

  • Members (T)
  • PipPipPipPipPip
  • 2,861 posts
  • LocationLand of the Long White Cloud (AKA New Zealand)
Offline

Posted 25 June 2017 - 03:36 PM



I just downloaded the file and the file is not infected.

 

It's possible the file became infected after you downloaded. But it's more likely you saw a false positive, which certain malware programs infamously generate. Malware, anti-virus, anti-adware programs sometimes produce a warning for software that they do not recognize, especially software whose sole purpose appears to be to copy a file from one location to another. Although this is valid within an e-Sword context, copying files to other locations is also how backdoors are established and how malware replicates. From the anti-malware's prospective, it sees an unpopular program and it can see the program copies files from one location to another. It then simply guesses that it's malware. A few brands of anti-malware are famous for this.

 

Although I believe that you believe your statement, "It absolutely could not be installed any other way", that statement is incorrect as well. There are many ways malware can be installed without you ever installing or even (knowingly) downloading a program. If this site truly served malware, Google would delist us within a matter of hours.

Huh! Thought as much. Could most definitely not have been anything else.

 

Thanks for the info, mate. Most appreciated as you have put everyone's mind at ease and peace.

 

Blessings,

Autograph.png

Edited by APsit190, 25 June 2017 - 03:37 PM.

X (formerly Twitter)

 


#4 AllanDale

AllanDale

    New to Bible Support

  • Veterans
  • Pip
  • 11 posts
Offline

Posted 16 July 2017 - 06:49 PM

Greetings. I just put a negative response on the site but had not read the article by Josh Bond. I am still getting the same Backdoor Trojan alert and still wonder why I only get it with this module. Sorry if you think me out of line. I don't mean to be. I am just a big fan of this site and it puts a little trepidation in my spirit to see this type of Trojan alert. I've installed many modules from the site and this one is the only one that alerts to a Trojan...Thanx!



#5 journey

journey

    Resource Builder

  • Members (T)
  • PipPipPipPipPip
  • 638 posts
  • LocationOklahoma
Offline

Posted 17 July 2017 - 12:09 AM

Greetings. I just put a negative response on the site but had not read the article by Josh Bond. I am still getting the same Backdoor Trojan alert and still wonder why I only get it with this module. Sorry if you think me out of line. I don't mean to be. I am just a big fan of this site and it puts a little trepidation in my spirit to see this type of Trojan alert. I've installed many modules from the site and this one is the only one that alerts to a Trojan...Thanx!

 

If you don't believe the information given to you, remove the file from your system and forget about it. I've gotten false positives from several files on this site and am still using them with no problem. Results also vary with different security software. In other words, I'm not worried about it.


Philippians 4:6-7 (KJV)
6 Be careful for nothing; but in every thing by prayer and supplication with thanksgiving let your requests be made known unto God. 7 And the peace of God, which passeth all understanding, shall keep your hearts and minds through Christ Jesus.

 


#6 APsit190

APsit190

    e-Sword Tools Developer

  • Members (T)
  • PipPipPipPipPip
  • 2,861 posts
  • LocationLand of the Long White Cloud (AKA New Zealand)
Offline

Posted 17 July 2017 - 01:59 PM



Greetings. I just put a negative response on the site but had not read the article by Josh Bond. I am still getting the same Backdoor Trojan alert and still wonder why I only get it with this module. Sorry if you think me out of line. I don't mean to be. I am just a big fan of this site and it puts a little trepidation in my spirit to see this type of Trojan alert. I've installed many modules from the site and this one is the only one that alerts to a Trojan...Thanx!

 



If you don't believe the information given to you, remove the file from your system and forget about it. I've gotten false positives from several files on this site and am still using them with no problem. Results also vary with different security software. In other words, I'm not worried about it.

Hi Allan,

I don't totally go along with what Journey said. Only about 50%. That said, it is as obvious as the skin on your nose that you are getting a false positive result from the Anti-virus program you are using. If you do not wish to accept what Josh said, then I would suggest you test that file with another anti-virus program and see if you get the same result. And if you get the same result, then your claim is valid, and then remove the file your system, and report the file. Name the anti-virus programs you used that gave the result, and from there, other tests can be done by Josh Bond and/or others using those programs and see if they come up with the same results.

 

I trust this helps you and sets your mind at ease.

 

Blessings,

Autograph.png

X (formerly Twitter)

 


#7 AllanDale

AllanDale

    New to Bible Support

  • Veterans
  • Pip
  • 11 posts
Offline

Posted 17 July 2017 - 07:34 PM

I have contacted esword and he said there's no way to delete the module and I didn't get it from the esword module. I don't know one way or the other. But, if anyone out there knows how I can delete it from my esword program, I'd appreciate it. I only see that there's a way to hide the module in the resource area. There ought to be some way to delete it completely from my esword program. I just can't figure out how to do that. Sorry to anyone I may have offended about this. I mean no harm. Just want a clean Bible program. Thax all!



#8 Tj Higgins

Tj Higgins

    e-Sword Fanatic

  • Members (T)
  • PipPipPipPipPip
  • 1,448 posts
Offline

Posted 17 July 2017 - 08:08 PM

I have contacted esword and he said there's no way to delete the module and I didn't get it from the esword module. I don't know one way or the other. But, if anyone out there knows how I can delete it from my esword program, I'd appreciate it. I only see that there's a way to hide the module in the resource area. There ought to be some way to delete it completely from my esword program. I just can't figure out how to do that. Sorry to anyone I may have offended about this. I mean no harm. Just want a clean Bible program. Thax all!

Right click the module in resource list and pop up box will open asking if you want delete the module 



#9 AllanDale

AllanDale

    New to Bible Support

  • Veterans
  • Pip
  • 11 posts
Offline

Posted 18 July 2017 - 08:08 PM

TJ Higgins. Thank you. Wish I would have known that before. It would have saved me a lot of trouble.



#10 AllanDale

AllanDale

    New to Bible Support

  • Veterans
  • Pip
  • 11 posts
Offline

Posted 18 July 2017 - 08:48 PM

It is 7:22pm July 18, 2017. I just clicked on RNKJV module and saved it. Before anything else, I went to my Downloads section and left clicked the RNKJV listed there that is not installed as yet. When I left clicked it, a pop-up displayed where I pointed my pointer to SuperAntimalware and another small pop up appeared where it says Scan selected files. And, clicked on it. When it scanned the file, it immediately displayed the Backdoor.IRC,Bot/Variant.  Now, I am asking you to do what I did and tell me that it's an OK module!  I contacted the SuperAntiSpyware company telling them, about the continuing false positives this module alerts it to or? I am waiting for a response. I would really like to have this module but am not that positive it is not actually infected. It may seem I'm going to a lot of trouble over this, but I've had a Trojan before and had to do a complete OS recovery. I do believe Josh and the man from the long white clouds which I think may be New Zealand and appreciate your input. I'm just trying to be sure. I will let you know what the Superantispyware folks have to say about the false positive soon, I hope.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users




Similar Topics



Latest Blogs