Post Reply 
Trojan on X-Philes CD1?
09-02-2019, 04:31 PM
Post: #1
Trojan on X-Philes CD1?
I installed some new AV software today and in a system scan it highlighted PB19.EXE from the X-Philes(*) CD1/HP95 directory as containing a trojan. Does anyone know if this is a genuine or false indication?

As the file is from 1992 and I've no idea what it does, I've deleted it anyway to stop it being copied around my machines and backups.

(*) X-Philes is described in http://faqs.cs.uu.nl/na-dir/hp/hp48-faq/part1.html
Find all posts by this user
Quote this message in a reply
09-02-2019, 06:24 PM
Post: #2
RE: Trojan on X-Philes CD1?
(09-02-2019 04:31 PM)Mark Power Wrote:  I installed some new AV software today and in a system scan it highlighted PB19.EXE from the X-Philes(*) CD1/HP95 directory as containing a trojan. Does anyone know if this is a genuine or false indication?

As the file is from 1992 and I've no idea what it does, I've deleted it anyway to stop it being copied around my machines and backups.

(*) X-Philes is described in http://faqs.cs.uu.nl/na-dir/hp/hp48-faq/part1.html

Almost certainly a false-positive, but you can upload the file to a site that uses multiple scanners to see what the consensus is. Here's a well-known and easy to use site:

https://www.virustotal.com/gui/home/upload

But treat the file carefully when handling, since it is unknown, though more than likely it could not run on your machine anyhow (it's a 16-bit app so too old to run on Win-7, Win-10, etc.)

Did you get this as an .ISO from archive.org ? I tried to download that .ISO and my security s/w will not even download it since it's malware infected.

Maybe it's a honey pot to spread malware, though I've not heard of that on archive.org before.

--Bob Prosperi
Find all posts by this user
Quote this message in a reply
09-02-2019, 10:21 PM (This post was last modified: 09-02-2019 10:23 PM by ijabbott.)
Post: #3
RE: Trojan on X-Philes CD1?
(09-02-2019 06:24 PM)rprosperi Wrote:  
(09-02-2019 04:31 PM)Mark Power Wrote:  I installed some new AV software today and in a system scan it highlighted PB19.EXE from the X-Philes(*) CD1/HP95 directory as containing a trojan. Does anyone know if this is a genuine or false indication?

As the file is from 1992 and I've no idea what it does, I've deleted it anyway to stop it being copied around my machines and backups.

(*) X-Philes is described in http://faqs.cs.uu.nl/na-dir/hp/hp48-faq/part1.html

Almost certainly a false-positive, but you can upload the file to a site that uses multiple scanners to see what the consensus is. Here's a well-known and easy to use site:

https://www.virustotal.com/gui/home/upload

I just downloaded the pb19.exe file from http://ftp.funet.fi/pub/misc/hp95lx/tools/

and submitted it to VirusTotal for analysis. Here is a link to the results:

https://www.virustotal.com/gui/file/3973.../detection

It gets detected as SillyC.338, SillyC.338 (B), or Trojan.Playback, depending on the engine, but only 6 out of 46 engines detected anything.

SillyC is described as a DOS virus. If it matched a Windows virus it would be easy to call it a false positive. But since it's a 16-bit MS-DOS executable, I'd assume it's a true positive.

Quote:But treat the file carefully when handling, since it is unknown, though more than likely it could not run on your machine anyhow (it's a 16-bit app so too old to run on Win-7, Win-10, etc.)

Don't worry, I used Linux. Smile

Quote:Did you get this as an .ISO from archive.org ? I tried to download that .ISO and my security s/w will not even download it since it's malware infected.

Maybe it's a honey pot to spread malware, though I've not heard of that on archive.org before.

I'm sure a lot of old CD-ROM images have viruses on them somewhere.

— Ian Abbott
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)