mungouk Posted February 23, 2021 at 01:26 PM Report Posted February 23, 2021 at 01:26 PM I was reading about the Silver Sparrow malware today and decided to do a deep system scan on my Mac. Bitdefender Virus Scanner found this apparent trojan, Trojan.GenericKD.45748640, in the Windows HSK exam client program from October 2020, and deleted it. I'm not a Windows user (I use Parallels to run Windows 10, almost exclusively so I could do the online HSK exam). Googling "Trojan.GenericKD.45748640" comes up with only ONE result, in Korean, at https://www.estsecurity.com/public/security-center/db-update There must be plenty of you guys who know about Windows malware (I don't)... do you think this is a false positive, or has Hanban been distributing a trojan? 1 Quote
Luxi Posted February 23, 2021 at 03:12 PM Report Posted February 23, 2021 at 03:12 PM I no longer know about Windows' malware, I used to but now (very unwisely) tend to leave it all in Windows Defender's hands. My searches for your bug were equally unsuccessful, even my go to place, the Trend Micro database, turned no results. But thanks for the warning, even if it may well be a false positive. I'd still treat the suspect file as a threat, plenty of nasties about: Latest malware news and attacks | The Daily Swig (portswigger.net) Quote
alantin Posted February 23, 2021 at 06:22 PM Report Posted February 23, 2021 at 06:22 PM I may not be surprised if there was a trojan in there. They have been found for example in some software meant for tax declarations.. https://www.cyber.nj.gov/alerts-advisories/chinese-government-mandated-tax-software-contains-malware-enabling-backdoor-access When I took the at-home-test I had a clean install of windows 10 too and wiped it afterwards. Felt like good hygiene to me at the time. Quote
arrow Posted February 24, 2021 at 02:21 AM Report Posted February 24, 2021 at 02:21 AM Try this web tool Quote
JinWenSen Posted March 2, 2021 at 05:48 AM Report Posted March 2, 2021 at 05:48 AM Wanting to sign up for the test on March 13, but my computer is warning me of Trojan:Win32/Tnega!ml when downloading the exam client. I found this on it online https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Tnega!ml&ThreatID=2147763770 It's kind of ridiculous, yet I'm not even surprised... But it's frustrating. Not sure what to do, just take it anyway ? Anyone else having second thoughts ? Quote
JinWenSen Posted March 2, 2021 at 06:06 AM Report Posted March 2, 2021 at 06:06 AM @mungouk How do you like Parallels for the HSK exam? Not sure if I should do it on parallels of on a PC.. I wonder if it's safer vs using a PC for the test because of the trojan? Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test? Quote
roddy Posted March 2, 2021 at 06:48 AM Report Posted March 2, 2021 at 06:48 AM Are these possibly false positives, given that the HSK software *intends* to take over your computer, which is basically what some malware does. Eg Trojan:Win32/Tnega!ml is suggested here to be "NetSupport, a RAT. " (remote access tool) which is a legitimate tool to remotely manage computers - which is what the HSK software wants to do. Although possibly what they should be doing is monitoring rather than managing, although not sure what the practical difference is. That said, I wouldn't trust whoever's programmed the thing on their side to have kept it secure, especially given how quickly it's been coded, or to make sure it's properly removed after uninstall, and would be inclined to use a clean install as suggested. Also, I'm very much not an expert. "Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?" This software I don't know, but other remote proctoring software I've used has insisted there be only one screen. Quote
Takeshi Posted March 2, 2021 at 07:01 AM Report Posted March 2, 2021 at 07:01 AM I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat. As roddy said, it may be malware by design. Probably the best thing to do is to take the test on a burner computer and clean wipe the hard drive after. Quote
杰.克 Posted March 2, 2021 at 08:28 AM Report Posted March 2, 2021 at 08:28 AM On 2/23/2021 at 1:26 PM, mungouk said: has Hanban been distributing a trojan Intentionally? nahhhhhh, I think highly highly highly unlikely. It's the Department of Education, and solely tasked with building bridges with other countries through culture and language. If there is one, it's more likely your PC is just flagging up Chinese software as malware as it isn't use to it or something. Quote
mungouk Posted March 2, 2021 at 09:32 AM Author Report Posted March 2, 2021 at 09:32 AM 19 hours ago, Takeshi said: I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat. I used Parallels on my mac to run the software and do HSK 4 last June with no problem. 20 hours ago, JinWenSen said: Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test? Someone reported that if you have 2 monitors connected the software asks you to remove the second one. Quote
Recommended Posts
Join the conversation
You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.