Hoversnap.zip Infected??

Hi All, I have downloaded from LockerGnome a screen capture application called Hoversnap 8 Beta.

Having scanned this computer with NAV and etrust online got clean bill of health.

Scanning with RAV online generates the following:

HoverSnap_v08.zip->HoverKHook.dll is infected with Backdoor:Momaker

It reports same of program file. Since NAV and etrust do not find this and I would trust LockerGnome not to send out infected files, I wonder if this is a false positive.

Can anybody enlighten me on this? All replies are appreciated.

Martin

 

Why not just take a gander through your system and see if you have anything amiss?
Have a look at this.

 

Hi Daizy: Thanks a lot for the response. Went to Pest Patrol site and read that scary info on Momar & RAT.

I have Pest Patrol with the latest updates installed on this machine.

I ran full machine scan, it turned up a couple of adware entries, but thats all.

Then I ran it on the specific hoversnap files and here is the result:

Scan of 03/12/2004 11:28:39 AM
User Name: Bob Martin
MAC Address: 00-50-2C-06-DF-06
Computer Name: CATASTROPHY
Volume Name: XP 1/2-35
File System Name: NTFS
Volume Serial No: 1173506155
Windows Version: 5.1.2600
PestPatrolCL.exe version: 4.4.0.0 Alpha Freeport 3

Scanning controlled from the command line with these parameters:
- /NotifyAlways
- C:\unzipped\HoverSnap_v08


PestPatrolCL scanned C:\unzipped\HoverSnap_v08 checking 3 files in this area as well as checking for
0 Spyware registry entries, 0 Spyware files, and 0 Spyware directories.
Did not check for Spyware Cookies. Use /SpyCookie or /SpyCookieNoAlert to check.

Found 0 pests!
12 Seconds
Exited with error level of 0
~~~

Then I tried to scan the dll file which was in that same unzipped folder and the Pest Patrol scan is missing from the dropdown menu. The dll file is one of the ones RAV reported infected.

I also scanned the zip file, same results, no pests found.

I hate to loose a program that does the job I want with screen captures. Since neither RAT or momar was found, I wonder??

What do you think??

Martin

 

Hi again
I think you've double checked, and that's about as best as one can do.

 

It is too scary to think that this machine could, even the remotest possibility, be acting as a server to somebody in the Czek or whatever republic.

I'm going to delete the program and see if I can get a dialog started with LockerGnome.

Thanks for your help.

Martin

 

Good idea as well.

 

I too have the program HoverSnap and use it often. If I have it loaded, in the taskbar and ready to run and with nothing else open I see the CPU is staying between 0 and 2%, mostly stays on 0% all time. Doesn't this mean that the machine is doing nothing, like not being used by someone or something outside? If a machine is being unknowingly used as a server, would it not show the activity on the Processor?

I like the program as it is easy to capture what I want from the screen and in the file association I want.

An opinion or answer would be appreciated.

 

Did you check for the registry entries or files listed associated with Momaker? If infected, I doubt removing the program would remove the infection.

 

I did check and come up with nothing. I did notife that when I first installed the program it tried to see permission to access the Internet according to Zone Alarm. I denied that, remove the entry and it has not sought permission since.

I'm going to just cruise along with this until I know something more definite. Got a lot of things in life to worry about, no room for this!

 

Alot of applications will ask for internet access, for auto updates and such, and I'm not at all surprised by that. If none of the files or reg entries associated with the virus are present, you should, as you put it, just cruise along and worry about other things.

 

noahdfear

Thanks for the advice To many important things in life that come before that. Again, thanks for the good info.

 

Hi All:

Since I do a lot of financial stuff online, this is a serious worry for me.

I did a file search for Momar, come up empty.

Is adding the Hoversnap.exe file to Zone Alarm program control with all internet access blocked sufficient to negate any security threat?

Unlike Mudd's copy the one I have has never requested permission to access the net.

I did add it to program control in Zone Alarm, blocked any access.

Like Mudd, I would like to keep the program as I like and use it.

Martin