CyberGhost 5 VPN Malware Alert!

луноход

луноход

New Member
Thread author
Verified
Mar 12, 2015
15
Hi, all. I downloaded CyberGhost 5 VPN today from their site, and my AV (Norton) did not detect anything unusual and allowed the download to proceed. However, my other program, SpyShelter, went crazy and prevented the program from installing certain portions of it, though I did manage to use CG-5 for a little while with no problems. But upon checking SpyShelter's logs, I discovered something very disturbing:
SpyShelter stopped one of CG-5 actions which appears to be trojan.malware.Obscu.Gen.001 according to TotalVirus ByteHero antivirus engine.

I don't know much about these things, but I know many here use CG5 and SS together, so perhaps you have encountered this action before. I've scanned my PC with a few on-demand scans, but they have detected nothing. Don't know what else to do. So far, everything is behaving well. But I fear CG-5 could potentially have an embedded trojan on their product and you should be alerted of it. I await your help/response.

Thanks.
 
луноход

луноход

New Member
Thread author
Verified
Mar 12, 2015
15
Hello viktik,

This is the the report I get from SpyShelter when I click on the virustotal check function for the CyberGhost 5 file that it stopped today when I downloaded product:

16177087694_8a705db54b_z.jpg
 
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
You can safely ignore the detection, it's a false positive.
 
frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
I think you will find it is a false positive with those scan results.
 
луноход

луноход

New Member
Thread author
Verified
Mar 12, 2015
15
Thank you, Enju & frogboy. I feel much better already. Have you guys had this issue? I wish to know more. Or if you can point me to a thread addressing it. I've spent my evening running on-demand scanners looking for a non-existent trojan. I forgot to mention in my OP that when I downloaded CyberGhost5, it also tried to install Skype, which I promptly uninstalled along with CG5. Is this a typical behaviour of this program? The reason I tried CG5 is because my other VPN (VPNinja) sometimes takes an hour to connect me. I learning all of this, so any help/advice is appreciated.
 
frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
It tried to install skype ia a bit strange. Where did you download it from may i ask?
 
луноход

луноход

New Member
Thread author
Verified
Mar 12, 2015
15
Yes, frogboy. Very weird. This is the site: http://www.cyberghostvpn.com/en_us

I also have McAfee site advisor installed in my Firefox browser and did notice that CG5 rating is grey according to McAfee. But since I've read about so many people here using it and giving it away, I thought I should try it. Perhaps they are bundling their product now? But why Skype?? That's just too weird.

A HitmanPro window just popped up with this:

advertiser.cyberghostvpn.com
C:\PCNAME\AppData\Roaming\Microsoft\Windows\Cookies\B5OL98VQ.txt. Tracking Cookie

advertiser.cyberghostvpn.com
C:\PCNAME\AppData\Roaming\Mozilla\Firefox\Profiles\mn812qoi.default\cookies.sqlite


 
frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
I just downloaded from your link and install had no Skype or any warnings have scanned file and all is good. This is a bit strange for sure not sure what is going on at your end. :eek:o_O:)
 
луноход

луноход

New Member
Thread author
Verified
Mar 12, 2015
15
Well, I'm glad that it worked out for you. Do you have SpyShelter, too? Because they don't seem to get along. I was thinking of maybe shutting down SpyShelter and try to install CG5 to see if there are no more problems at installation, but if CyberGhost comes with a trojan attached.. who is going to detect it? Norton certainly didn't complain while the Ghost was installing additional apps on my PC. The CyberGhost file in question had precise instructions to attach itself to some win64 system or some such. I sent that file to a notepad and it was a bunch of gibberish. I had it scanned, but the AV said it was ok. Oh, well.
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
луноход said:
This is the the report I get from SpyShelter when I click on the virustotal check function for the CyberGhost 5 file
Click to expand...

Those results are from over a month ago, according to the Analysis date. If you upload the most recent file to VT, it should appear as Clean. As far as I know, ByteHero is based on using Heuristics only for detections, no Definitions/Signatures like traditional Antivirus software.
 
  • Like
Reactions: Jack
M

Malware1

Level 76
Sep 28, 2011
6,545
луноход said:
Yes, frogboy. Very weird. This is the site: http://www.cyberghostvpn.com/en_us

I also have McAfee site advisor installed in my Firefox browser and did notice that CG5 rating is grey according to McAfee. But since I've read about so many people here using it and giving it away, I thought I should try it. Perhaps they are bundling their product now? But why Skype?? That's just too weird.

A HitmanPro window just popped up with this:

advertiser.cyberghostvpn.com
C:\PCNAME\AppData\Roaming\Microsoft\Windows\Cookies\B5OL98VQ.txt. Tracking Cookie

advertiser.cyberghostvpn.com
C:\PCNAME\AppData\Roaming\Mozilla\Firefox\Profiles\mn812qoi.default\cookies.sqlite
Click to expand...
What wrong do you see here?
 
луноход

луноход

New Member
Thread author
Verified
Mar 12, 2015
15
Huracan said:
Those results are from over a month ago, according to the Analysis date. If you upload the most recent file to VT, it should appear as Clean. As far as I know, ByteHero is based on using Heuristics only for detections, no Definitions/Signatures like traditional Antivirus software.
Click to expand...

Hello, yes, but that report was submitted today. And I still get directed to that same page with that same date. I thought it was odd, but then maybe the date represents when that trojan was first discovered? I don't know.
 
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Do not follow the links from SpyShelter, manually upload them yourself for the true results. Post a link.
 
You must log in or register to reply here.

Similar threads

Cleo
    • Like
Advice Request Wanted: Vpn Hotspot Router
Replies
10
Views
532
Hardware Discussions
Cleo
Cleo
A
Kaspersky, questions vpn and firewall
Replies
2
Views
223
Kaspersky
Aktiffiso
A
Cleo
    • Like
Advice Request Google One VPN
Replies
36
Views
1,710
VPN and DNS
Cleo
Cleo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top