SDL Trados 2007 installation files contain Trojan.Blackmailer.10 virus!
Thread poster: arterm

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
Sep 10, 2008

Dear Colleagues,

I was reinstalling my fully legitimate SDL Trados 2007 and my DR. Web scanner reported that
SDL Trados 2007 installation files contain Trojan.Blackmailer.10 virus.

The same virus was found in in the program folder after installation.

I have downloaded official Trados SP2 Freelance files from SDL.com website last week.

Antivirus deletes the infected file and XLS files cant be saved from TagEditor anymore.

Any suggestions or experience with this issue?


Thank you in advance
Arterm


Direct link Reply with quote
 
kimjasper  Identity Verified
Denmark
Local time: 00:34
Member (2006)
English to Danish
+ ...
Contact SDL support Sep 10, 2008

Hi Artem,

If you suspect that there is a virus in installations files from SDL then I would recommend you to contact SDL support as soon as possible in order to get the issue resolved.

Best regards
Kim


Direct link Reply with quote
 

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
TOPIC STARTER
I would but SDL support is not Free of charge Sep 10, 2008

I would but SDL support is not Free of charge
I have to buy some support package from them to get any interaction.
This is what is written on their website:

You do not have a current Premium Software Maintenance Agreement. If you wish to use the online support portal and be able to interact with our team of experienced support engineers you need to have a valid Premium Software Maintenance Agreement. If you do not have one you will only be able to use the Knowledge Base.
Buy an SDL Trados Technologies Premium Software Maintenance Agreement

To purchase PSMA for your licenses please request a quotation.


Direct link Reply with quote
 

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
TOPIC STARTER
SingletonResource.exe file is infected also in Multiterm 2007 distribution Sep 10, 2008

SingletonResource.exe file is infected also in Multiterm 2007 distribution

I think that this is a new virus as it was not detected until the latest virus database update

Please be aware of this issue


Direct link Reply with quote
 

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
TOPIC STARTER
this virus is indded added today to the AV database Sep 10, 2008

This means that virtually any user of SDL Trados 2007 Freelance might be infected!

Can I somehow bring this to SLD attention?

Or maybe someone at proz.com could?

Other files on my machine are not affected only the SDL ones


Direct link Reply with quote
 

Grzegorz Gryc  Identity Verified
Local time: 00:34
French to Polish
+ ...
False alarm? Sep 10, 2008

ARTEM SEDOV wrote:

I was reinstalling my fully legitimate SDL Trados 2007 and my DR. Web scanner reported that
SDL Trados 2007 installation files contain Trojan.Blackmailer.10 virus.

The same virus was found in in the program folder after installation.

I have downloaded official Trados SP2 Freelance files from SDL.com website last week.

Antivirus deletes the infected file and XLS files cant be saved from TagEditor anymore.

Any suggestions or experience with this issue?


Are you sure it's not a false alarm?

It happens.
E.g. recently Trend Micro reported false positives in Windows system files
http://www.theregister.co.uk/2008/09/08/trend_security_false_alarm

I remember this kind of problems with Symantec, Nod32 and other tools...

Send the quarantined file(s) to Dr Web guys and/or wait for updated signatures.

Cheers
GG


Direct link Reply with quote
 

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
TOPIC STARTER
we shall see Sep 10, 2008

thanks for the hint

Direct link Reply with quote
 

Grzegorz Gryc  Identity Verified
Local time: 00:34
French to Polish
+ ...
False alarm? (2) Sep 10, 2008

Grzegorz Gryc wrote:


Are you sure it's not a false alarm? [/quote]

BTW.
I vaguely remember some Trados files were already detected some years ago by my antivirus software, I don't remember exactly, probably CA or Symantec (?).

Trados is a copy protected software and the code may be deliberately obfuscated.
In this case, some scaners (especially the heuristic ones) may report strange behavior and the file may be considered as infected.

PS.
I worked for a company using some smart software copy protection procedures, they had a damn bad day when a false positive was detected by Symantec 6 or 7 years ago

Cheers
GG

[Edited at 2008-09-10 08:58]


Direct link Reply with quote
 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 00:34
Member (2005)
English to Spanish
+ ...
Happened with NOD 32 some time ago Sep 10, 2008

I reported a similar situation some time ago.

It was fixed by NOD 32. You might want to contact Trados and the maker of your antivirus software. Looks like a false alarm.


Direct link Reply with quote
 

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
TOPIC STARTER
reported this case to DR. Web Sep 10, 2008

reported this case to DR. Web

Direct link Reply with quote
 

SDL Community  Identity Verified
United Kingdom
Local time: 00:34
English
SDL Support Team... Sep 10, 2008

Hello Artem,

Yes, this is a false alarm. I would recommend following this up with DR Web as SDL Trados 2007 is not infected.

Many Thanks,

Gareth Powell
SDL Support Team

[Edited at 2008-09-10 12:51]


Direct link Reply with quote
 

arterm  Identity Verified
Russian Federation
Local time: 02:34
Member (2002)
English to Russian
TOPIC STARTER
DRWEB claims they have fixed their database now after my report Sep 10, 2008

DRWEB claims they have fixed their database now after my report

SDL Support wrote:

Hello Artem,

Yes, this is a false alarm. I would recommend following this up with DR Web as SDL Trados 2007 is not infected.

Many Thanks,

Gareth Powell
SDL Support Team

[Edited at 2008-09-10 12:51]


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

SDL Trados 2007 installation files contain Trojan.Blackmailer.10 virus!

Advanced search







memoQ translator pro
Kilgray's memoQ is the world's fastest developing integrated localization & translation environment rendering you more productive and efficient.

With our advanced file filters, unlimited language and advanced file support, memoQ translator pro has been designed for translators and reviewers who work on their own, with other translators or in team-based translation projects.

More info »
Across v6.3
Translation Toolkit and Sales Potential under One Roof

Apart from features that enable you to translate more efficiently, the new Across Translator Edition v6.3 comprises your crossMarket membership. The new online network for Across users assists you in exploring new sales potential and generating revenue.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search