Sudo Vanished! Was it Kaspersky? Is it a Trojan? [Ans: No]

Having problems with the forum software, or suggestions for improvements

Sudo Vanished! Was it Kaspersky? Is it a Trojan? [Ans: No]

Postby Ken » Thu Jul 07, 2005 12:31 pm

I purchased sudoku on 7/2/2005, installed it, entered the key and name, and the program functioned as advertised.

This morning, 7/7/2005, it gave me an error message that "sudo.exe" was missing and gave an old-fashioned Windows 3 pathname. Despite that, I managed to find the directory it was referring to and verified that indeed, sudo.exe was not there. There was a sudo.exe.manifest file. Changing its name to sudo.exe did not solve the problem.

I uninstalled sudoku and deleted the appropriate references to it in the registry in case there was spurioius information there about a trial period. I redownloaded the software and attempted to install it. The process aborted. It complained that the source file "sudo.exe" was missing from the same screwy path name.

I have Kaspersky Antivirus.

I paid full price but I only got a six-day trial period!

Can you deliver a functioning version of this product? If not, how do I get my money back?[img][/img]
Ken
 
Posts: 11
Joined: 07 July 2005

Postby Nisse » Thu Jul 07, 2005 1:09 pm

the sudo.exe is detected as a Virus by "Kaspersky AV" (it got detected today), thats why your exe file gets deleted.
Maybe the developer has placed a virus inside the program.
Nisse
 
Posts: 2
Joined: 07 July 2005

Postby Ken » Thu Jul 07, 2005 1:14 pm

That being the case, the developer is obligated to produce a Trojan-free version or refund everyone's money.

They made an offer, we accepted, there was consideration (the money we paid), that constitutes a legal contract. The developer is now in contract default because the delivered product doesn't match his offer. He has to make a correct delivery or issue a refund, his choice.
Ken
 
Posts: 11
Joined: 07 July 2005

Postby angusj » Thu Jul 07, 2005 1:31 pm

Nisse wrote:Maybe the developer has placed a virus inside the program.

What utter rubbish. Why one earth would he want to do that?

It's almost certainly just an over zealous virus scanner. Why don't you give Pappocom the respect he deserves by explaining your problem and asking for help without jumping to conclusions.
angusj
 
Posts: 306
Joined: 12 June 2005

Postby Ken » Thu Jul 07, 2005 1:40 pm

I don't think the developer would want to include a virus in his program. However, it is still his responsibility to deal with this problem. It potentially affects all his customers, present and future.
Ken
 
Posts: 11
Joined: 07 July 2005

Postby scrose » Thu Jul 07, 2005 2:13 pm

Ken wrote:...it gave me an error message that "sudo.exe" was missing ...
Nisse wrote: the sudo.exe is detected as a Virus...

Are you sure it was the Pappocom software that you downloaded? The only executable I have is "sud.exe", not "sudo.exe".

Using Norton AntiVirus 2005 with definitions dated 6 July 2005, I was unable to detect any viruses. I agree with angusj's assessment that the Kaspersky Antivirus product is being overzealous.

Ken wrote:However, it is still [the developer's] responsibility to deal with this problem.

I would expect that Pappocom has already contacted Kaspersky Antivirus to inform them of the potential problem with their software.
scrose
 
Posts: 322
Joined: 31 May 2005

Yes, It's "Sud.exe"

Postby svinoly » Thu Jul 07, 2005 2:21 pm

It is "Sud.exe" and it is a trojan. My antivirus detected it as: "Trojan-Dropper.Win32.Agent.pa." and I deleted the program, downloaded again, and my antivirus detected the same Trojan again.
svinoly
 
Posts: 5
Joined: 07 July 2005

Re: Yes, It's "Sud.exe"

Postby scrose » Thu Jul 07, 2005 2:24 pm

svinoly wrote:It is "Sud.exe" and it is a trojan. My antivirus detected it as: "Trojan-Dropper.Win32.Agent.pa." and I deleted the program, downloaded again, and my antivirus detected the same Trojan again.

What is the exact URL you are downloading the software from and what antivirus software are you using?
scrose
 
Posts: 322
Joined: 31 May 2005

To scrose

Postby svinoly » Thu Jul 07, 2005 2:31 pm

I'm downloading it from http://www.sudoku.com
My antivirus is Kaspersky Anti-Virus Personal 5.0.325
svinoly
 
Posts: 5
Joined: 07 July 2005

Postby scrose » Thu Jul 07, 2005 2:40 pm

svinoly wrote:My antivirus detected it as: "Trojan-Dropper.Win32.Agent.pa." and I deleted the program, downloaded again, and my antivirus detected the same Trojan again.

I just uninstalled the Pappocom software, deleted any folders and files that remained behind, downloaded the software and reinstalled it. My virus scan (Norton AntiVirus 2005 definitions 6 July 2005) was unable to detect any virus.

svinoly wrote:My antivirus is Kaspersky Anti-Virus Personal 5.0.325

It seems like it is only the Kaspersky antivirus software that is making a detection. Have you tried scanning your "sud.exe" file using the VirusTotal service?
scrose
 
Posts: 322
Joined: 31 May 2005

Yes, I did

Postby svinoly » Thu Jul 07, 2005 3:06 pm

and this is the result:
Avira 6.31.0.7 07.07.2005 no ha encontrado virus
BitDefender 7.0 07.07.2005 no ha encontrado virus
ClamAV devel-20050501 07.07.2005 no ha encontrado virus
DrWeb 4.32b 07.07.2005 no ha encontrado virus
eTrust-Iris 7.1.194.0 07.07.2005 no ha encontrado virus
eTrust-Vet 11.9.1.0 07.07.2005 no ha encontrado virus
Fortinet 2.36.0.0 06.07.2005 suspicious
Ikarus 2.32 07.07.2005 no ha encontrado virus
Kaspersky 4.0.2.24 07.07.2005 no ha encontrado virus
McAfee 4529 06.07.2005 no ha encontrado virus
NOD32v2 1.1162 06.07.2005 no ha encontrado virus
Norman 5.70.10 07.07.2005 no ha encontrado virus
Panda 8.02.00 07.07.2005 no ha encontrado virus
Sybari 7.5.1314 07.07.2005 no ha encontrado virus
Symantec 8.0 06.07.2005 no ha encontrado virus
TheHacker 5.8.2.067 07.07.2005 no ha encontrado virus
VBA32 3.10.4 06.07.2005 no ha encontrado virus
07/07/2005
Only Fortinet marks the file as "suspicious".
I installed again the program, and now the Kaspersky doesn't detect the file as a virus.
I don't know what to think.
svinoly
 
Posts: 5
Joined: 07 July 2005

Postby Ken » Thu Jul 07, 2005 4:45 pm

Kaspersky updates its virus definitions hourly. The default setting in the software is to update them every three hours. My last virus update was today at 11 am and the next one will be at 2pm.

So if something is genuinely wrong, it is entirely possible for Kaspersky software to detect it before Norton software does.

Could it be that Sudoku uses a clever programming technique that is deprecated and has been adopted by virus writers? If so, Norton users might find Sudoku unusable after the next Norton udpate.

Of course it could be a false positive.

In either event, the developer has to contact Kaspersky so they can determine who is doing something wrong and correct it. I can't represent either side to the other. The Sudoku developer has to take the initiative.
Ken
 
Posts: 11
Joined: 07 July 2005

Postby Ken » Thu Jul 07, 2005 5:03 pm

It cannot be Kaspersky. I turned off realtime protection and Sudoku still refuses to install because sud.exe is not present.

Of course it isn't. I'm installing it!

I need an update or a refund, please.
Ken
 
Posts: 11
Joined: 07 July 2005

Postby Pappocom » Thu Jul 07, 2005 6:47 pm

Hello All.

First to explain my apparent silence. I am in New Zealand at the moment, and as all these posts came in I was - quite literally - asleep! As I write this, it is 6.36 a.m. (Friday) here in New Zealand - so I am onto this as fast as I can.

2. I am locking the other threads on similar topics, so that all discussion gets concentrated in this Topic.

3. My program does not contain a file called "sudo.exe". Was that just a typo on someone's behalf? (but, if so, several people seem to have had the same typo)

4. A correspondent (whom I think may be svinoly, and who had previously emailed me about the Kaspersky trojan problem) has sent me a private email saying:
Hello: Sorry, but the third time I installed Sudoku, the antivirus didn’t detect a virus. I’m going to continue with my copie.

5. It goes without saying - but I will say it, anyway - that there is no Trojan in my software.

These are my initial reactions, whilst still a bit bleary-eyed. I will post again when I have more news.

- Wayne
Pappocom
 
Posts: 599
Joined: 05 March 2005

Postby Ken » Thu Jul 07, 2005 7:09 pm

I believe sudo.exe was my typo. It was sud.exe.

I'm sure there is no Trojan in your software. I did not get that report from Kaspersky, someone else did. All that happened to me is that this morning the software didn't work, complained that sud.exe didn't exist (which it didn't) and after uninstalling it the installation fails because sud.exe is not present--even if the anti-virus software is not active.

If you are in New Zealand, I guess you have to turn your monitor upside down to read this. Sorry for the inconvenience <grin>
Ken
 
Posts: 11
Joined: 07 July 2005

Next

Return to Forum questions and feedback