Wednesday, November 24, 2010

WARNING! P3GO GT-Break contains a trojan!

Sorry for not posting for awhile, but this blog was just meant to be alive in the period of time with conflicting information and downtime of other information sites. However I thought that this really deserve it's own post. I'm alive and kicking on Twitter where you can follow me and get the latest news from all around the globe.




After using my Nexus One and Klutsh's superb psfMod as a jailbreaking device, I decided that it was time to upgrade to a stand alone solution so I didn't need to reboot my phone all the time. After reading some reviews and user opinions I found that the P3GO GT-Break would suit my needs and ordered it. When I inserted the device to my computer I got a trojan/virus warning from Microsoft Security Essentials. Here is my full report on the issue:

I ordered the device from PriceAngels.com (official reseller) on the 14th of November, it was shipped from them the 16th of November, and I received it yesterday November 23. If you don't know, the P3GO is a very advanced device compared to most other jailbreaks. It acts as a USB memory when connected to a computer so you can place pkg-files and such there. The process of upgrading is quite simple, you insert the device in your computer and copy the update file to a inserted MicroSD card (yes, the device has a slot for that!). It is when inserting the device to your computer that the trojan hits. The virus consist of a hidden autorun.inf and an executable file with a random name as seen below:
The autorun-file launches the executable file that infects the computer. The trojan is then trying to upload your passwords and banking information to a remote server. It also makes the computer copy the virus to all other USB-devices inserted to the computer from thereon, and thats how the trojan spreads.
I submitted the file to Jotti's malware scan to make sure that it wasn't a false positive, and it seems like most antivirus software should find the trojan as seen below (you can find the full report on the file from Jotti here):

Now, as you can see on the first screenshot above, the autorun-file was created on the 11th of November, just a couple of days before the device got shipped to me. This is most likely the date the device got infected, but it is impossible to know if this device actually was infected directly from the manufacturer or after that. As you can see on the picture below, the retail packaging isn't sealed, so it's easy to get the device out, use it and place it back again with nobody noticing:

Anyway, I have informed the manufacturer Gamebox of my findings, and hope that they will sort this out. I think it would be great if we could collect more data about this to see how widespread this is, so please post if you have the P3GO, when you bought it, from where and if it contained the trojan. Also please spread this to warn other users that might get infected otherwise.

I really wish that Gamebox will fix this in a good way, as the device is superb in all other ways and I really recommend it!