mungouk 1,026 Posted February 23 Report Share Posted February 23 I was reading about the Silver Sparrow malware today and decided to do a deep system scan on my Mac. Bitdefender Virus Scanner found this apparent trojan, Trojan.GenericKD.45748640, in the Windows HSK exam client program from October 2020, and deleted it. I'm not a Windows user (I use Parallels to run Windows 10, almost exclusively so I could do the online HSK exam). Googling "Trojan.GenericKD.45748640" comes up with only ONE result, in Korean, at https://www.estsecurity.com/public/security-center/db-update There must be plenty of you guys who know about Windows malware (I don't)... do you think this is a false positive, or has Hanban been distributing a trojan? 1 Quote Link to post Share on other sites
Luxi 870 Posted February 23 Report Share Posted February 23 I no longer know about Windows' malware, I used to but now (very unwisely) tend to leave it all in Windows Defender's hands. My searches for your bug were equally unsuccessful, even my go to place, the Trend Micro database, turned no results. But thanks for the warning, even if it may well be a false positive. I'd still treat the suspect file as a threat, plenty of nasties about: Latest malware news and attacks | The Daily Swig (portswigger.net) Quote Link to post Share on other sites
alantin 32 Posted February 23 Report Share Posted February 23 I may not be surprised if there was a trojan in there. They have been found for example in some software meant for tax declarations.. https://www.cyber.nj.gov/alerts-advisories/chinese-government-mandated-tax-software-contains-malware-enabling-backdoor-access When I took the at-home-test I had a clean install of windows 10 too and wiped it afterwards. Felt like good hygiene to me at the time. Quote Link to post Share on other sites
arrow 38 Posted February 24 Report Share Posted February 24 Try this web tool Quote Link to post Share on other sites
JinWenSen 0 Posted March 2 Report Share Posted March 2 Wanting to sign up for the test on March 13, but my computer is warning me of Trojan:Win32/Tnega!ml when downloading the exam client. I found this on it online https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Tnega!ml&ThreatID=2147763770 It's kind of ridiculous, yet I'm not even surprised... But it's frustrating. Not sure what to do, just take it anyway ? Anyone else having second thoughts ? Quote Link to post Share on other sites
JinWenSen 0 Posted March 2 Report Share Posted March 2 @mungouk How do you like Parallels for the HSK exam? Not sure if I should do it on parallels of on a PC.. I wonder if it's safer vs using a PC for the test because of the trojan? Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test? Quote Link to post Share on other sites
roddy 5,481 Posted March 2 Report Share Posted March 2 Are these possibly false positives, given that the HSK software *intends* to take over your computer, which is basically what some malware does. Eg Trojan:Win32/Tnega!ml is suggested here to be "NetSupport, a RAT. " (remote access tool) which is a legitimate tool to remotely manage computers - which is what the HSK software wants to do. Although possibly what they should be doing is monitoring rather than managing, although not sure what the practical difference is. That said, I wouldn't trust whoever's programmed the thing on their side to have kept it secure, especially given how quickly it's been coded, or to make sure it's properly removed after uninstall, and would be inclined to use a clean install as suggested. Also, I'm very much not an expert. "Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test?" This software I don't know, but other remote proctoring software I've used has insisted there be only one screen. Quote Link to post Share on other sites
Takeshi 125 Posted March 2 Report Share Posted March 2 I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat. As roddy said, it may be malware by design. Probably the best thing to do is to take the test on a burner computer and clean wipe the hard drive after. Quote Link to post Share on other sites
杰.克 148 Posted March 2 Report Share Posted March 2 On 2/23/2021 at 1:26 PM, mungouk said: has Hanban been distributing a trojan Intentionally? nahhhhhh, I think highly highly highly unlikely. It's the Department of Education, and solely tasked with building bridges with other countries through culture and language. If there is one, it's more likely your PC is just flagging up Chinese software as malware as it isn't use to it or something. Quote Link to post Share on other sites
mungouk 1,026 Posted March 2 Author Report Share Posted March 2 19 hours ago, Takeshi said: I wouldn't trust using a virtual desktop to run it, because their tracking software might flag you as trying to cheat. I used Parallels on my mac to run the software and do HSK 4 last June with no problem. 20 hours ago, JinWenSen said: Does anyone know if we can use a monitor hooked up to a laptop instead of using the laptop screen for the test? Someone reported that if you have 2 monitors connected the software asks you to remove the second one. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.