A Generic Turtle virus?

[AMDave]

Just a heads up to see if anyone else running the Marmot/The Turtle has see this virus message pop up lately?

<rec time="2007/06/06 15:14:53" user="SYSTEM" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">J:\APPS\dc\TheTurtle\TheTurtle.exe </attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Generic4.VTK</attr>
</rec>

AVG detected it and the cleaning succeeded by moving the exe into the virus vault where I deleted the file altogether.

That's the last time Marmot gets onto any of my machines. The previous version was buggy beyond belief and this version got infected.

What is puzzling me is that I couldn't locate it in the PANDA Virus Encyclopedia, the McAfee Threat Centre library, the SophosLabs Threat Analyses, the Symantec Threat Explorer. Even my Google search came back with nothing!

It looks like it could be a pervasive version of "Generic Trj" which is potentialy nasty, but since I killed the file in the vault I can't do any work on it or send it in.

I HIGHLY suspect it came out of the a zip file I downloaded from 321download and unpacked and installed. The exe that I suspect it was lodged inside didn't do what I wanted so I removed the download from my disk.

AVG did scan the zip file but failed to pick up a virus pattern and still didn't pick it up when the files were unpacked. It didn't even pick it up when the exe was run and installed. It wasn't until Marmot got infected that AVG decided to say "Halt! Who goes there" which is a little bit late once the foe has already had a guided tour, cased the joint and planted the incendiaries! Grrrr!!!!

Anyway. Watch out.

[NeoGen]

I downloaded mine from the project website and also have AVG, it has the same problem.

I was wondering if anyone had other anti-virus apps to test it with, in order to see if it's true or just false alarm.

I remember Distributed.net having a similar problem some time ago, its client app being detected as virus and it was false alarm.