Advertisement

Virus warning, HiPiHi may contain trojan [UPDATED]

Users of the HiPiHi virtual world are reporting that the application uninstaller for the virtual world client may be infected with a malicious trojan, identified as BackDoor.Bifrose.YM aka BDS/Bifrose.Gen.

It is not presently confirmed as to whether this is a genuine threat or a false-positive, but you need to be cautious. Not all virus scanners are reporting this - which says little about whether the threat is genuine or not.

Update: Wikipedia suggests that there is usually a trojan embedded in the uninstaller.

[Thanks to Massively reader ZATZAi for the heads-up, and the image]

Update:

We performed an independent test to see if this could be the result of pre-existing trojans or software threats on people's machines.

Our test setup:

Procedure:

We freshly installed Ubuntu and while we waited for that we downloaded the HiPiHi 40011 installer on a spare linux box and burned that to a rewritable CD to avoid potentially contaminating anything.

We loaded the HiPiHi installer, onto the fresh linux install, and unpacked it by the simple expedient of installing it using wine.

Once it was all installed, we checked it out with two virus scanners, which we freshly installed and updated: Clam Antivirus, and Grisoft's AVG (Free Edition).

Results:

  • Clam Antivirus did not find any problems.

  • AVG reported the trojan signature from the bifrost family, as the story originally reported.

Conclusion:

This could still, honestly, be a false positive - in which case, we urge (and have urged) the HiPiHi people to get in touch with Grisoft to clear it up. The mention in the Wikipedia article casts some doubt on the matter.

"The uninstall routine of HIPIHI tends to be infected with a Trojan. With releases up to 30014 it was BDS/Bifrose.Gen from the Bifrost family. The new releases 40011 and 40012 feature the backdoor program Packed.64. The change indicates that the Trojan is deliberately inserted in the code." -- from Wikipedia.

Either the uninstaller is being routinely infected (we don't believe for a moment that that would be condoned or intended by the HiPiHi company), or AVG's scanner is a bit hypersensitive.

Until it is confirmed either way, you should exercise caution. The family of trojans that are claimed to be involved are quite rude strangers to have on your machine, and you want to avoid them. By all means, take a look at HiPiHi, but be careful.