Jump to content
Chinese-forums.com
Learn Chinese in China

Trojan in the Windows HSK exam client .exe?


Recommended Posts

mungouk

I was reading about the Silver Sparrow malware today and decided to do a deep system scan on my Mac.

 

Bitdefender Virus Scanner found this apparent trojan, Trojan.GenericKD.45748640, in the Windows HSK exam client program from October 2020, and deleted it.

 

I'm not a Windows user (I use Parallels to run Windows 10, almost exclusively so I could do the online HSK exam).  

 

Googling "Trojan.GenericKD.45748640" comes up with only ONE result, in Korean, at https://www.estsecurity.com/public/security-center/db-update

 

There must be plenty of you guys who know about Windows malware (I don't)... do you think this is a false positive, or has Hanban been distributing a trojan? 

 

 

  • Thanks 1
Link to post
Share on other sites
Site Sponsors:
Pleco for iPhone / Android iPhone & Android Chinese dictionary: camera & hand- writing input, flashcards, audio.
Study Chinese in Kunming 1-1 classes, qualified teachers and unique teaching methods in the Spring City.
Learn Chinese Characters Learn 2289 Chinese Characters in 90 Days with a Unique Flash Card System.
Hacking Chinese Tips and strategies for how to learn Chinese more efficiently
Popup Chinese Translator Understand Chinese inside any Windows application, website or PDF.
Chinese Grammar Wiki All Chinese grammar, organised by level, all in one place.

I no longer know about Windows' malware, I used to but now (very unwisely) tend to leave it all in Windows Defender's hands. My searches for your bug were equally unsuccessful, even my go to place, the Trend Micro database, turned no results. But thanks for the warning, even if it may well be a false positive.

 

I'd still treat the suspect file as a threat, plenty of nasties about:

Latest malware news and attacks | The Daily Swig (portswigger.net)

Link to post
Share on other sites
alantin

I may not be surprised if there was a trojan in there.
They have been found for example in some software meant for tax declarations..

 

https://www.cyber.nj.gov/alerts-advisories/chinese-government-mandated-tax-software-contains-malware-enabling-backdoor-access

 

When I took the at-home-test I had a clean install of windows 10 too and wiped it afterwards. Felt like good hygiene to me at the time.

Link to post
Share on other sites
JinWenSen

Wanting to sign up for the test on March 13, but my computer is warning me of Trojan:Win32/Tnega!ml when downloading the exam client. I found this on it online https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Tnega!ml&ThreatID=2147763770

 

It's kind of ridiculous, yet I'm not even surprised... But it's frustrating.

 

Not sure what to do, just take it anyway ? Anyone else having second thoughts ?

Link to post
Share on other sites
JinWenSen

@mungouk How do you like Parallels for the HSK exam? Not sure if I should do it on parallels of on a PC.. I wonder if it's safer vs using a PC for the test because of the trojan?  

 

Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?

Link to post
Share on other sites
roddy

Are these possibly false positives, given that the HSK software *intends* to take over your computer, which is basically what some malware does. Eg Trojan:Win32/Tnega!ml is suggested here to be "NetSupport, a RAT. " (remote access tool) which is a legitimate tool to remotely manage computers - which is what the HSK software wants to do. Although possibly what they should be doing is monitoring rather than managing, although not sure what the practical difference is. 

 

That said, I wouldn't trust whoever's programmed the thing on their side to have kept it secure, especially given how quickly it's been coded, or to make sure it's properly removed after uninstall, and would be inclined to use a clean install as suggested.  Also, I'm very much not an expert.

 

"Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?"

This software I don't know, but other remote proctoring software I've used has insisted there be only one screen. 

Link to post
Share on other sites
Takeshi

I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat. As roddy said, it may be malware by design. Probably the best thing to do is to take the test on a burner computer and clean wipe the hard drive after.

Link to post
Share on other sites
杰.克
On 2/23/2021 at 1:26 PM, mungouk said:

has Hanban been distributing a trojan

 

Intentionally? nahhhhhh, I think highly highly highly unlikely. It's the Department of Education, and solely tasked with building bridges with other countries through culture and language.  

 

If there is one, it's more likely your PC is just flagging up Chinese software as malware as it isn't use to it or something. 

Link to post
Share on other sites
mungouk
19 hours ago, Takeshi said:

I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat.

 

I used Parallels on my mac to run the software and do HSK 4 last June with no problem.

 

20 hours ago, JinWenSen said:

Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?

 

Someone reported that if you have 2 monitors connected the software asks you to remove the second one.

 

Link to post
Share on other sites

Join the conversation

You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Click here to reply. Select text to quote.

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...