Torrent infected with groupmanager.exe

[akashneo]

hey frnds

user : BrassCahones
link : http://h33t.com/userdetails.php?id=129731
comments link : http://h33t.com/details.php?id=caf46426323bcd61fdeb3264855980b30db97b93

groupmanger.exe image :



my comments :

Beware!!!
warning---
"groupmanager.exe" file runs in background although application doesnt needs  this exe for work.
setup is not original and it is repack with setup factory and 100 % add something like "wrong scrip".
this is not trusted apps. and uploaders
all of the apps uploads by this user is not safe and trusted. (i have tested myself) they all are repack with setup factory and added  "groupmanager.exe". and kaspersky warns about its hidden installation. which is instaled hidden and modify registry. and running in background.
LD ,anum, plz check this users all of apps. this guy is making bad impression of  h33t purity.

this user is spreding spyware/malware groupmanager.exe
i have checked myself almost 90% uploads from this users. and all torrents are infected with groupmanager.exe which he has repacked with setupfactory

pls anum, LD stop this user or ban him

[MAMBO04]

Thank you for informing us about this. I have looked at the comments and it seems like this does contain a virus, BUT have you uploaded the groupmanager.exe to www.virustotal.com? May you please do so and post the results here? LD is away for now, but anum and blazer will handle it

[bigolebeemer]

This is too bad to seem true. I didn't go to description on this torrent when downloading, so missed akashneo's banner! i hit it 3/7/09, 5 days later 3/12/09 my ISP mailed me a copyright infringement notice reported by the BSA for downloading CyberLink PowerDVD. this is the first time i've seen something like this and didn't think it was possible. please act fast to nuke this torrent and investigate all the torrents by this user! on a side note i called my isp and they claimed they note/flag it on the account; if they get multiple notices they suspend you, and will eventually ban you.

[Naughty Knights]

Give me a few minutes I will run it past virustotal.
Make that an hour 

[Dark Demon]

i got a question here may not be really related to the topic,
who do you extract the groupmanger.exe from the package?
i tried different unpackers but couldn't

[Naughty Knights]

the keygen got a few hits, but that's not unusual:
http://www.virustotal.com/analisis/c4aa6deeabb90004560116409b2f5835

Setup program only got one hit :
http://www.virustotal.com/analisis/7303e1f56fde66b13bf5fdd0896181e0
------------------------------------------------------------------
The fact that a program is running in background does not mean a virus is involved.
Did you get any symptoms, akashneo ? If so what are they and how did you discover this ?
Virustotal uses Kaspersky as part of their arsenal
---------------
groupmanager.exe does sound a worry read here:
 http://thepiratebay.org/torrent/4661659/Diskeeper_Pro_Premier_2009_-_13.0.835.0(32bit)_-_Activated_Forev

Is groupmanager.exe in the same folder as the suspect or in another folder.
Might be a good idea to send it to virustotal.

[akashneo]

mambo04
Thank you for informing us about this. I have looked at the comments and it seems like this does contain a virus, BUT have you uploaded the groupmanager.exe to www.virustotal.com? May you please do so and post the results here? LD is away for now, but anum and blazer will handle it Smiley

Bro mambo04
i have deleted all the files from this uploaders include groupmanager.exe. so i cant upload to virustotal. if possible u or any one of us pls send groupmanager.exe to virus total.

Dark Demon
i got a question here may not be really related to the topic,
who do you extract the groupmanger.exe from the package?
i tried different unpackers but couldn't

bro dark demon,
there is no need to unpack it, change ur installation folder to any junk folder and uncheck system hidden files and folder option to show all. done! u will get groupmanager.exe in the installation folder.

Naughty Knights
the keygen got a few hits, but that's not unusual:
http://www.virustotal.com/analisis/c4aa6deeabb90004560116409b2f5835

Waiting on results of the installer.

bro Naughty Knights
keygen is not matter, but the real matter is groupmanager.exe so have u upload groupmanager.exe? if not pls do for us.

as we see this uploader has uploaded all torrent with this exe, so what is the reason to upload this exe? and all torrents are repack with setup factory and add this exe. when u install repack exe after installation groupmanager exe runs in background and burn ur 10,000 k memory, u can see it in task manager also.

hope we all guys solve this as soon as and surly LD or Anum ban that uploaders from our h33t.

[Naughty Knights]

Dark Demon, don't do it 

I just noticed there have been quite a few comments about this guy's uploads
containing same groupmanager.exe, but no one complained until now
http://www.h33t.com/details.php?id=47d493a002088708ef9d1c5bc153e5af33ef66e5

Akashneo, you wouldn't still have one in your recycle bin would you ?
Sorry, but I almost never download programs that need keyloggers,
especially when someone has told me it has a virus


 

[akashneo]

once more time he has uploaded 2 infected repacked torrents with groupmanager.exe
comment link:1
http://h33t.com/details.php?id=42198506e97a4cb5a2a36f5a00d4412012b3367c
comment link:2
http://h33t.com/details.php?id=4013e2d7d48f173d3b887cc5f8b11ff3113d0cde

here is the pics of exe



want more?
i have upload to virustotal that groupmanager.exe and virustotal says nothing.
thats why i called this is unknown exe. what ever says virustotal, we know it is runing in background and what is the purpose to pack with any exe? he is spreading this exe means he wants something to spread out to torrent network.
anyone here can analysis this exe? solve now this issue pls.

[Dark Demon]

Strange result  no hits for groupmanager.exe
http://www.virustotal.com/analisis/5f3c2f72e8e4a84f5b5aec5fb19560fa

[Dark Demon]

Analysis result for groupmanager.exe

http://www.virustotal.com/analisis/5f3c2f72e8e4a84f5b5aec5fb19560fa

no hits

[Naughty Knights]

Yep, already heard that, but thanks. OOPS it was you I read it from 


 It's prolly not a virus, that's why A?V programs aren't catching it, but it is surely doing some unwanted things.
Read my links in the other thread. It's not only on this site.
I would advise a group PM  telling everyone to see if they have this groupmanager.exe and if so to halt it with process explorer until the bottom of this is gotten to. That way no harm done.

[BlackAngelDoom]

I don't know this infected or not but some of his torrent always ask email for password.
I think mod need confirm this to uploader.

[Naughty Knights]

I don't know this infected or not but some of his torrent always ask email for password.
I think mod need confirm this to uploader.

Soliciting a person's email is a violation of your privacy and of forum rules.
Please point a link to the offending upload ASAP.

[tejasrnbr]

If all his uploads has got the .exe then either his ZPC is infected by some galactus humungus virus/spyware or he's adding them...

Someonme said that it was added with setup factory...

I agree with Naughty...
I also recommend that we keep check on the user's uploads till the matter is investigated and a decision is made.