 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Vista / Security / April 2007Virus from camera?
Can you get a virus from importing photos from a digital camera? We had a Trojan Pop up the other day when we imported some photos from a concord digital camera. Ever time we opened the windows photo gallery from that certain user, the Trojan would come up and Macaffee could not quarentine it. I think I deleted it when I deleted the Picture files? I have ran 2 scans since and it has not showed up. It could be a false positive. I bought and downloaded a program on the internet and it stated that I might get a warning of a trojan and to ignore it. It was a known problem. That Very well could be. I tried to find the file that it gave as the infested file and I could not locate it. I even ran three different Anti-Virus programs and they did not locate it?..... Thanks for the post......It could very well be that! > It could be a false positive. I bought and downloaded a program on the > internet and it stated that I might get a warning of a trojan and to ignore > it. It was a known problem. Was the trojan bloodhound.exploit.13? I think that's a false positive from Symantec Anti Virus. Others have reported the same thing. > That Very well could be. I tried to find the file that it gave as the > infested file and I could not locate it. I even ran three different [quoted text clipped - 4 lines] > > internet and it stated that I might get a warning of a trojan and to ignore > > it. It was a known problem. > It could be a false positive. I bought and downloaded a program on the > internet and it stated that I might get a warning of a trojan and to ignore > it. It was a known problem. An awful lot of trojans tell you in the readme that you may get a security warning that you are about to install a trojan and that you should ignore such a warning. Are you sure you didn't just pay for a trojan? I have a digital camera and all I did was import some pictures I had taken. When my daughter opened her Windows Photo Gallery, the Trojan warning from Mcaffee popped up! It said it could not quarentine it would I like to remove it. I deleted the Photos from her gallery and Now I can't find any kind of Trojan warning or I could not find the file path the warning gave......Which was "ExploitMS04-028"....Or something of that sort! > > It could be a false positive. I bought and downloaded a program on the > > internet and it stated that I might get a warning of a trojan and to ignore [quoted text clipped - 3 lines] > warning that you are about to install a trojan and that you should ignore > such a warning. Are you sure you didn't just pay for a trojan? > I have a digital camera and all I did was import some pictures I had taken. > When my daughter opened her Windows Photo Gallery, the Trojan warning from > Mcaffee popped up! It said it could not quarentine it would I like to remove > it. I deleted the Photos from her gallery and Now I can't find any kind of > Trojan warning or I could not find the file path the warning gave......Which > was "ExploitMS04-028"....Or something of that sort! Did it say "ExploitMS04-028"? That's the same thing as the bloodhound.exploit.13. It's a really old vuln. I'm geting worried here though. Either both Symantec and McAfee use the same detection logic and find the same false positive, or there really is a problem. I have a hard time believing that though. That issue was hardly exploited in the first place. What kind of camera is it? I think you should place a support call to the AV vendor and ask them. The camera is a Concord Q, 3042F. I ran the AVG AV, I also ran Mcaffee AV, and I downloaded the Mcaffee Stinger, and Ran it, and now the Trojan can't be found!.....It was the MS04-028, It said it was from 2004??? I can't find it anywhere now? > > I have a digital camera and all I did was import some pictures I had taken. > > When my daughter opened her Windows Photo Gallery, the Trojan warning from [quoted text clipped - 13 lines] > What kind of camera is it? I think you should place a support call to the AV > vendor and ask them. > The camera is a Concord Q, 3042F. > I ran the AVG AV, I also ran Mcaffee AV, and I downloaded the Mcaffee > Stinger, and Ran it, and now the Trojan can't be found!.....It was the > MS04-028, It said it was from 2004??? I can't find it anywhere now? Well, that's good. I suppose it could happen that the camera software itself has malware, but I hold that for reasonably unlikely. It has happened in the past though. Apple once spread a virus by including it with the iPod. What bothers me about this is that two different AV manufacturers suddenly start detecting the same, three year old, low-risk threat. This can't be coincidence. Their detection mechanisms must use some property of the jpg file that is being set by certain new cameras. I may need to clarify a little! Mcaffee was the First and Only one to Detect the trojan. Since I deleted the folder and have been running all the scans, It has yet to rear it's ugly head. I hope it's gone! Thank you for continued correspondence, It's nice to have someone interestd in helping. > > The camera is a Concord Q, 3042F. > > I ran the AVG AV, I also ran Mcaffee AV, and I downloaded the Mcaffee [quoted text clipped - 9 lines] > coincidence. Their detection mechanisms must use some property of the jpg > file that is being set by certain new cameras. > I may need to clarify a little! Mcaffee was the First and Only one to Detect > the trojan. Since I deleted the folder and have been running all the scans, > It has yet to rear it's ugly head. I hope it's gone! > Thank you for continued correspondence, It's nice to have someone interestd > in helping. No, I got that. It's just that someone else, on a different thread last week, had the same exact experience using Symantec. That's what bothers me. Let me know if it recurs. I'm really interested. Well, the problem happened again today! I started to import some more pictures to my computer, and as soon as I began to import the warning popped up again........."MS04-028." So I immediately stopped the import and deleted what had been downloaded, and ran the scans......'NO Viruses Found" SO..... The Trojan is in the camera I suppose? Is there a way to scan the camera or remove the Trojan from the camera? "Again...the camera is a "Concord Q eye 3042AF. Any help or suggestions will be appreciated. > > I may need to clarify a little! Mcaffee was the First and Only one to > Detect [quoted text clipped - 7 lines] > > Let me know if it recurs. I'm really interested. Sorry it happened again, BalRocket ... this might not be a virus ... maybe it has something to do with EXIF info, or new kinds of metadata that is not yet recognized as such by the AV vendors ... until we all find out what is going on, I think you have the right idea about scanning the files before importing. This will be fairly easy to do with memory cards but not sure how to stop, scan and then restart with USB or firewire imports. As far as scanning the camera itself, I have no idea how that might be done ... would be surprised to find out it was possible. vanilla > Well, the problem happened again today! I started to import some more > pictures to my computer, and as soon as I began to import the warning [quoted text clipped - 24 lines] >> >> Let me know if it recurs. I'm really interested. Back in December, while I was still running XP Pro, a friend asked me to help with getting her pictures from a Secure Digital card onto a CD. So, I brought her SD card home, put it in the reader, and began the transfer. While the thumbnails were drawing, I noticed that two of the files had heavily pixelated thumbs ... there was sudden network activity ... then those two files disappeared. I thought about this for a long time. Steganographic phoning home to camera manufacturer? Is that even possible? I won't mention the other really paranoid thoughts ... anyway, you guys are not alone with weird photo uploads. ... vanilla ... > I have a digital camera and all I did was import some pictures I had > taken. [quoted text clipped - 15 lines] >> warning that you are about to install a trojan and that you should ignore >> such a warning. Are you sure you didn't just pay for a trojan? I have a client with similar circumstances: - Windows Vista - Photos downloaded directly from a camera - Using MS Photo Gallery to open them - Latest version of McAfee installed - McAfee pop-ups referring to Exploit MS04-028 when an image is opened McAfee reports the exploit only when the picture file is viewed (not by using thumbnails to view them). That is, when the picture is double-clicked on, hovered over, attached to an email, etc a .tmp file is created and McAfee generates the trojan pop-up notice but when the AV scanner scans the original image file, it reports no problems with it (it's only when the .tmp file is created that it complains). Further, the exact same file opened on a Windows XP workstation (using the native MS Picture and Fax viewer) generates no AV messages. I'm not one to bash Microsoft but this sounds like a Vista bug to me since this is not only affecting McAfee users but Norton AV users too. I'd be interested to see how other AV scanners handle the same situation on Vista PCs. My guess is that they'll have the same problems mentioned in this thread that NAV and McAfee users have already reported. The challenge will be getting Microsoft to patch it due to the small number of users that are currently complaining about it as a real problem. Sadly, most people probably don't know any better and are simply deleting the image files assuming their AV tool is correctly reporting it as a virus when the issue is more of file formatting problem within Vista's underlying code rather than an actual trojan.  SignatureMyG Tech |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.