UnrealIRCd Forums

I downloaded the file Unreal3.2.8.1.exe and when I virus scanned it at virusscan.jotti.org some of the scanners said it had a virus:

[ArcaVir] 2009-08-30 Found nothing
[G DATA] 2009-08-31 Generic.Malware.GI!!.FF039CF5
[A-Squared] 2009-08-31 Win32.SuspectCrc!IK
[Ikarus] 2009-08-31 Win32.SuspectCrc
[Avast! antivirus] 2009-08-30 Found nothing
[Kaspersky Anti-Virus] 2009-08-31 Found nothing
[Grisoft AVG Anti-Virus] 2009-08-30 Found nothing
[ESET NOD32] 2009-08-30 Found nothing
[Avira AntiVir] 2009-08-30 Found nothing
[Norman Virus Control] 2009-08-29 Found nothing
[Softwin BitDefender] 2009-08-30 Generic.Malware.GI!!.FF039CF5
[Panda Antivirus] 2009-08-30 Found nothing
[ClamAV] 2009-08-30 Found nothing
[Quick Heal] 2009-08-29 Found nothing
[CPsecure] 2009-08-29 Found nothing
[Sophos] 2009-08-31 Found nothing
[Dr.Web] 2009-08-31 Found nothing
[VirusBlokAda VBA32] 2009-08-29 Found nothing
[Frisk F-Prot Antivirus] 2009-08-30 Found nothing
[VirusBuster] 2009-08-30 Found nothing
[F-Secure Anti-Virus] 2009-08-30 Found nothing

This site documents the virus - http://www.aladdin.com/AircBlog/post/20 ... users.aspx

So what is going on?

And the SSL Windows version also is infected.

[ArcaVir] 2009-08-10 Found nothing
[G DATA] 2009-08-11 Found nothing
[A-Squared] 2009-08-11 Win32.SuspectCrc!IK
[Ikarus] 2009-08-11 Win32.SuspectCrc
[Avast! antivirus] 2009-08-10 Found nothing
[Kaspersky Anti-Virus] 2009-08-11 Found nothing
[Grisoft AVG Anti-Virus] 2009-08-10 Found nothing
[ESET NOD32] 2009-08-11 Found nothing
[Avira AntiVir] 2009-08-10 Found nothing
[Norman Virus Control] 2009-08-10 Found nothing
[Softwin BitDefender] 2009-08-10 Found nothing
[Panda Antivirus] 2009-08-10 Found nothing
[ClamAV] 2009-08-10 Found nothing
[Quick Heal] 2009-08-11 Found nothing
[CPsecure] 2009-08-11 BackDoor.W32.IRCBot.sd
[Sophos] 2009-08-11 Found nothing
[Dr.Web] 2009-08-11 Found nothing
[VirusBlokAda VBA32] 2009-08-10 Found nothing
[Frisk F-Prot Antivirus] 2009-08-10 Found nothing
[VirusBuster] 2009-08-10 Found nothing
[F-Secure Anti-Virus] 2009-08-11 Found nothing


BackDoor.W32.IRCBot.sd - http://en.wikipedia.org/wiki/Backdoor.Win32.IRCBot

Some virus scanners do see parts of Unreal as a virus.

There is no virus in Unreal, these are false positives that virus scan makers refuse to remove from their virus databases. The components from Unreal triggering those particular virus scanners probably were used by some kiddie who hacked up Unreal to run as a backdoor server on someone's computer and someone reported it to those antivirus teams. Without knowing the file names of the "infected" files from BOTH scans, I cannot tell you how/why they are coming up as infected.

I'd also like to point out the inconsistencies in the results returned to you. The SSL version of Unreal includes the same files as the non-ssl version of Unreal. The "G Data" scanner found something in the non-SSL version, but didn't on the SSL version. This inconsistency is there with the "CPsecure" scanner as well. In the modern world of the Internet, these mass scanning services will probably find some kind of "virus signature" in most executables, especially IRC servers, IRC clients, and even in lightweight FTP or SSH clients.