Odd file in 6131 1K extender - please jog your memory

[ElizabethD]

I have 6131_1KEx1\ft.exe which is in my extenders directory for 6131 for 1K remotes.
Looks like it was made in 2004.
In the 2K extender for 6131 there is no such file. Nor in any other extenders.
Any idea what ft.exe was about?

[ElizabethD]

There is a suspicion that this file contains backdoor trojan.
I don't think so, but I'm not well versed in security.
It is a file date-time editor done in cmd window.
Not needed really. Perhaps removing this file inside this extender zip file would make sense so future users (if any) wouldn'tget security alerts.

[The Robman]

I'm no extender expert, but I don't recall any of them coming with any sort of .exe file, so I would also be suspicious. Is this just in your copy, or are you saying that it's part of a file over here?

[ElizabethD]

I just downloaded the zip file which I'm sure is the same what's on my XP. Mike's last updates were Jan 6, 2006, with that ft file from 2004.
http://www.hifi-remote.com/forums/dload ... le_id=1692
and it does include ft.exe.

It all started with a EEK (emsisoft) scan I did on a directory copied from XP.

M:\JP1\Extenders\6131_1KEx1.zip -> ft.exe detected: Backdoor.Generic.220498 (B) [krnl.xmd]
M:\JP1\Extenders\6131_1KEx1\ft.exe detected: Backdoor.Generic.220498 (B) [krnl.xmd]

I followed up on Virus Total where 33 engines claim backdoor. My file's MD5 and SHA1 hashes match what VT examined. They also reported that it loads rpcrt4.dll. Well, on XP it didn't load any such thing when I tried it. I never saw or used it before, hence this thread.

[The Robman]

Yeah, I read Mike's notes, there's no mention of ft.exe, so I have removed it from the zip file. Normally I'd say to ask Mike about it, but he last visited here back in 2015.

Here's some discussion that I found on the web:
https://discussions.apple.com/thread/4303162