LCDC Plugins Infected With Malware
| Hot: |  |  | | | |
I try to avoid software thats end of life but occasionally I get stuck with a few programs that just don’t have any updated versions or are tied to a piece of hardware that I need to use. LCDC is software designed to run little LCD displays you can buy for your computer. I have one in particular thats over 3 years old now but still runs great. However it hasn’t been updated well ever.
Today I took to scanning my PC and discovered that some of the plugins for LCDC were infected. I decided to check the web site http://www.lcdc.cc/downloads.htm for updates, it didn’t appear off hand that any were actually updated, but it does appear that some are not infected and others still are.
I found about 9 of the 16 plugin’s reporting infected, and redownloaded only 4 that were clean and I wanted. I would suspect that the site itself is getting repacked infected versions of these files somehow. Honestly I cannot confirm or deny my suspicion as some were fine, and others were still infected. For some reason some are downloadable as zip files and others are downloadable as dll’s.
If you use LCDC and any of the plugins downloaded from this site I highly recommend you check all the dll’s in your plugin directory using virustotal.com or some other online multi-antivirus checking site to see if you are using infected dll’s.
I did manage to replace most of the infected dll’s with clean ones but a couple were still reporting as infected directly from the site. Keep in mind using a web browser also resulted in cached items in the browser being infected also, so a clean up of the browser was necessary afterwards. I then proceeded to do a very paranoid anti-virus scan afterwards to see if anything else got infected along the way.
It’s important to note that SuperAntiSpyware, Spybot S&D, Malware Bytes Anti-Malware, Prevx 3.0, and Norman DID NOT find any of these infections. I’m not surprised as they are a bit generic in nature. Still a good reminder that you do need a good paranoid anti-virus tool to scan from time to time (if not real-time).
If you are interested in which plugins I had infected and which ones were STILL infected upon redownloading here is the list. My simple advise would be not to download any UNZIPPED dll’s from the site:
- LCDC\Plugins\HIS.dll TrojWare.Win32.TrojanDownloader.Banload.a Redownload OK
- LCDC\Plugins\FRA.dll Heur.Packed.Unknown Redownload OK
- LCDC\Plugins\HSM.dll Heur.Packed.Unknown Redownload OK
- LCDC\Plugins\IPA.dll Heur.Packed.Unknown Redownload INFECTED
- LCDC\Plugins\MM5.dll Heur.Packed.Unknown Redownload OK
- LCDC\Plugins\HOT.dll Heur.Packed.Unknown Redownload INFECTED IN ZIP
- LCDC\Plugins\ZOO.dll Heur.Packed.Unknown Did not redownload
- LCDC\Plugins\UDS.dll Heur.Packed.Unknown Did not redownload
- LCDC\Plugins\TRI.dll Heur.Packed.Unknown Did not redownload
The last 3 were plugins I was not using so I didn’t bother redownloading them. I also suspect that some of the detections may be ‘false positives’ but due to a lack of credibility by many of the authors of these plugins I simply took a ‘no chance’ approach. If anyone can provide confirmation that these are in fact false positives I’d enjoy your feedback.
There are probably other plugins available that may report infected, but I did not bother to check all of them. If you use any other plugins you may well want to check them out.
related post
- Unlocker 1.8.7 Infected with Trojan Adware
- Spam with a bonus -- 'Oops'
- Malware Discovered In Ubuntu -- Gnome Screensaver and Gnome Theme
- Unknown DOC file in email a7b207839f751a525f2328f3a07e7cb9
- Looking for Work - Qualityshopper.org wants you, but does it secure your data?
