Trojan in the Windows HSK exam client .exe?

[mungouk]

I was reading about the Silver Sparrow malware today and decided to do a deep system scan on my Mac.

 

Bitdefender Virus Scanner found this apparent trojan, Trojan.GenericKD.45748640, in the Windows HSK exam client program from October 2020, and deleted it.

 

I'm not a Windows user (I use Parallels to run Windows 10, almost exclusively so I could do the online HSK exam).  

 

Googling "Trojan.GenericKD.45748640" comes up with only ONE result, in Korean, at https://www.estsecurity.com/public/security-center/db-update

 

There must be plenty of you guys who know about Windows malware (I don't)... do you think this is a false positive, or has Hanban been distributing a trojan? 

 

 

[Luxi]

I no longer know about Windows' malware, I used to but now (very unwisely) tend to leave it all in Windows Defender's hands. My searches for your bug were equally unsuccessful, even my go to place, the Trend Micro database, turned no results. But thanks for the warning, even if it may well be a false positive.

 

I'd still treat the suspect file as a threat, plenty of nasties about:

Latest malware news and attacks | The Daily Swig (portswigger.net)

[alantin]

I may not be surprised if there was a trojan in there.
They have been found for example in some software meant for tax declarations..

 

https://www.cyber.nj.gov/alerts-advisories/chinese-government-mandated-tax-software-contains-malware-enabling-backdoor-access

 

When I took the at-home-test I had a clean install of windows 10 too and wiped it afterwards. Felt like good hygiene to me at the time.

[arrow]

Try this web tool

[JinWenSen]

Wanting to sign up for the test on March 13, but my computer is warning me of Trojan:Win32/Tnega!ml when downloading the exam client. I found this on it online https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Tnega!ml&ThreatID=2147763770

 

It's kind of ridiculous, yet I'm not even surprised... But it's frustrating.

 

Not sure what to do, just take it anyway ? Anyone else having second thoughts ?

[JinWenSen]

@mungouk How do you like Parallels for the HSK exam? Not sure if I should do it on parallels of on a PC.. I wonder if it's safer vs using a PC for the test because of the trojan?  

 

Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?

[roddy]

Are these possibly false positives, given that the HSK software *intends* to take over your computer, which is basically what some malware does. Eg Trojan:Win32/Tnega!ml is suggested here to be "NetSupport, a RAT. " (remote access tool) which is a legitimate tool to remotely manage computers - which is what the HSK software wants to do. Although possibly what they should be doing is monitoring rather than managing, although not sure what the practical difference is. 

 

That said, I wouldn't trust whoever's programmed the thing on their side to have kept it secure, especially given how quickly it's been coded, or to make sure it's properly removed after uninstall, and would be inclined to use a clean install as suggested.  Also, I'm very much not an expert.

 

"Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?"

This software I don't know, but other remote proctoring software I've used has insisted there be only one screen. 

[Takeshi]

I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat. As roddy said, it may be malware by design. Probably the best thing to do is to take the test on a burner computer and clean wipe the hard drive after.

[杰.克]

On 2/23/2021 at 1:26 PM, mungouk said:

has Hanban been distributing a trojan

 

Intentionally? nahhhhhh, I think highly highly highly unlikely. It's the Department of Education, and solely tasked with building bridges with other countries through culture and language.  

 

If there is one, it's more likely your PC is just flagging up Chinese software as malware as it isn't use to it or something. 

[mungouk]

19 hours ago, Takeshi said:

I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat.

 

I used Parallels on my mac to run the software and do HSK 4 last June with no problem.

 

20 hours ago, JinWenSen said:

Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?

 

Someone reported that if you have 2 monitors connected the software asks you to remove the second one.