3 replies to this topic

[cdmaker]

Hi..
this is my first post to the forum
i have just made a cd with winbuilder : LiveXP
everything went fine but when i boot with it a
blue screen appeared in my Acer 5740G....i feel is cause
my laptop has SATA drive and maybe this LiveXP doesnt work with
it. Also I noticed that the following files has trojans :


D:\I386\SYSTEM32\deskadp.dll (Malware.Packer.Gen) -> No action taken.
D:\I386\SYSTEM32\deskmon.dll (Trojan.Agent) -> No action taken.
D:\I386\SYSTEM32\deskperf.dll (Trojan.Agent) -> No action taken.
D:\I386\SYSTEM32\themeui.dll (Malware.Packer.Gen) -> No action taken.

this results were passed by Malwarebytes...which seems to be a really nice antivirus.

with virtual pc it works fine..but not when booting directly from it....apart of the trojans, that i will like to know were to get these files but clean....

thanks to all in advance
cdmaker

[Lancelot]

Hi cdmaker,

files you mention are not coming from livexp, they come from your source cd .

[pscEx]

For 99,9% Lancelot is right.

But maybe that, in addition to the LiveXP apps, you included a 3rd party app script in your project which overwrites the files in question with infected files.

To be sure, please use Debug Log functionality.

In WB, click "Tools" in the upper right, then check 'Debug log' in the middle right, and rebuild the project.

If there is no warning about overwriting the files in question, your source CD seems really to be infected (Is it any Warez or Torrent product?)
If there is a warning, you propably found the 'bad boy'.

Peter

[dera]

in \Components\Tweaks\DisplayProperties.script
in section [Process]
try to comment out the line #47:
//Run,%ScriptFile%,Process-UPX

in this case do you still get the virus alert?