Solved Is redsn0w a trojan? Is my computer infected?

August 6, 2012 at 11:09:45
Specs: Windows 7
I downloaded redsn0w_win_0.9.10b5c (iPhone jail breaking sw) from redsn0w.us and ran it as Administrator as it states that is needed.
COMODO scanned it and found no virus in it.
When I executed redsn0w COMODO reporter a number of actions that seems to show it has a malware payload. It changed a lot in the registry, for example registry for certs.
I ran a COMODO system scan which found nothing. I the ran online virus scanners which found no viruses.
I also uloaded the redsn0w file to virustotal which found now virus in it.

Below excerpt from COMODO Internet Security Logs which shows redsn0w is doing very strange and probably very bad things.
Is my computer infected? Why does not the online AVs show anything?

Defence+ Logs

Date Created

:

2012-08-06 19:57:59

Log Scope

:

Last 30 Days

Records count

:

14
Date/Time Application Action Target
8/4/2012 6:30:01 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:34:16 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:37:04 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:54:29 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Windows\System32\dwm.exe
8/4/2012 6:54:35 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Windows\explorer.exe
8/4/2012 6:54:52 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
8/4/2012 6:55:14 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
8/4/2012 6:55:37 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
8/4/2012 6:55:50 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files\Windows Sidebar\sidebar.exe
8/4/2012 6:56:17 AM C:\Users\Ola\Downloads\redsn0w_win_0.9.10b5c\redsn0w.exe Access Memory C:\Program Files (x86)\VoipDiscount.com\VoipDiscount\voipdiscount.exe
8/4/2012 7:44:42 AM C:\Windows\System32\services.exe Modify Key HKLM\SYSTEM\ControlSet001\services\USBAAPL64\Type
8/5/2012 7:55:52 PM C:\Program Files\COMODO\COMODO Internet Security\cfp.exe Changes Defense+ Mode Safe Mode
8/5/2012 7:58:42 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
8/5/2012 8:00:42 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
End of The Report

redsn0w_win_0.9.10b5c


See More: Is redsn0w a trojan? Is my computer infected?

Report •


#1
August 7, 2012 at 00:01:41
✔ Best Answer
Comodo is a VERY weak AV.
Try running a quick scan with Malwarebytes and fix all it finds.
If that doesn't rectify the problem, run Trojan Remover and Hitman Pro untill they run clean.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#2
August 7, 2012 at 02:44:07
Googling redsn0w dos'nt show any nasties, assuming you got it from a legit site, I reckon you can mark the Comodo report as safe or a false positive.

http://bit.ly/Mq3BxS


Report •

#3
August 7, 2012 at 02:54:22
But why does redsn0w ask access to memory of a lot of applications, and why is it doing a LOT of changes in registry of a lot of apps? Comodo reports in realtime what apps like redsn0w asks permission to do, and I think Comodo reports that correct, or?
Why should Comodo report that an app asks for permission to access memory of other apps and resgistry of other apps, if it does not?

I downloaded from redsn0w.us which I do not know if it is a OK site or not. Seems OK but........


Report •

Related Solutions

#4
August 7, 2012 at 03:05:00
redsn0w access to memory of a lot of applications
http://is.gd/9keVGw

I downloaded from redsn0w.us which I do not know if it is a OK site or not. Seems OK but........
Google the site you got the download from.


Report •

#5
August 7, 2012 at 04:52:28
I already googled redsn0w.us but found no negative reports.

I now ran malwaerebytes which did find nothing.

Still it is VERY strange that redsn0w.exe does a lot of stuff that has nothing to do with jailbreaking.

I am still quite sure it is a trojan inside it as asking for access to all running applications memory + changing hundreds of registrys for diffrent applications is typical behavior for malicious software.


Report •

#6
August 7, 2012 at 05:09:31
"I am still quite sure it is a trojan"

Ok, lets start by running TDSS & post the log please.

http://support.kaspersky.com/faq/?q...


Report •


Ask Question