Ok, I'll give you a little background before I start. I have a US PSP downgraded using the downgrader from US 2.0 to downgraded 1.50. (EDIT: I DOWNGRADED ABOUT 2 WEEKS AGO AND THE TROJAN JUST SHOWED UP TODAY)

I have also installed an NES and a SNES emulator off this site (I forget which... JesterNES or JNES and SNES 9x or something like that I think).

Anyway, today my Symantic AntiVirus pops up showing me that there is a virus called PSPBrick on my hard drive. So I plug in my PSP in USB mode and scan it too and find the the same virus on my PSP...I quarantined it and the virus scan no longer finds it...anyway, check out the following windows, check your own PSPs and help me if you can:

http://img.photobucket.com/albums/v137/Justin_Dailey/PSPVirus.jpg

**************
------------------
**************

What should I do now? It was quarantined off my PSP and deleted off my hard drive...but am I still safe?

PS...I'm willing to upgrade to 2.5 if it will save my PSP.

Yeah I'll lose the ability to play emulators, but at least I'll have a working PSP.

Let me know if you think that'll help! :)

Found this on Symantic's site:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.pspbrick.html

It reads:

Trojan.PSPBrick is a Trojan horse that deletes critical system files on a Playstation Portable device, preventing the device from restarting correctly. It does this by exploiting the Sony PSP Photo Viewer TIFF Image Handling Remote Buffer Overflow Vulnerability (as described in Bugtraq ID 14938).

dont worry about it(and you should delete all files from downgrader off the mem stick cause it wastes space once you're done)
it identifies it because it is named exactly the same as the psp.brick trojan and does similar things(one changes values to make the psp think its a 1.0 then you can "upgrade" it to 1.5, and the other deletes some values that let your psp properly start up)
so if you downloaded it off a trusted site(like this one) and already downgraded, so its not a virus, its just detected as one

As times go on there will be more and more threats.

As your mother said 'always use protection' :D

i just scanned mine, it did the same. i wouldnt worry, if anyone scans there with the latest nortons or so, it will happen. Symantic probably consider any overflow.tif to be dangerous, whether it is or not to the psp.

this should be a sign to you to change your virus-scanner.
seriously, the norton scanner eats system resources and there are plenty of free scanner that are doing at least the same job.

PS...I'm willing to upgrade to 2.5 if it will save my PSP.

Yeah I'll lose the ability to play emulators, but at least I'll have a working PSP.

Let me know if you think that'll help! :)


All you need do is delete it after you downgrade.
You have nothing to worry about.
It's normal because it's what flashed your PSP to dowgrade (it writes) So it looks like a virus

After you downgrade to 1.50 Delete all the files you used.
Then get the Version changer from here http://www.sonyxteam.com/


and change your Firmware to 2.01

You can play emulators and Hombrew plus any Sony game that requires the upgrade

Thanks everyone for calming me everyone...

And by the way...Symantic antivirus is free with my Penn State Education (well...included with my tuition so I'm paying for it whether I use it or not).

And this version only takes up 14 meg of ram out of my ~1000 meg. I'm not really too worried about it.

Overflow.tif would definitely seem suspicious to a virus detector - it's an image file with a bunch of attached data that edits an operating system. However, if you follow the directions right, it should safely downgrade you to 1.5. I've heard a few cases of virus detection on overflow.tif, but I've never heard reports of it actually screwing up their PSP.

Privateer has the right idea I think. The tif exploit is not just used for the psp. Because sony left an old libTIFF. this allows for POSSIBLE malicious code to be added inside TIF and TIFF files. Your scanner detected it simply because it COULD be used to do harm.

The word Trojan actually comes from the Trojan horse. Its simply somthing you would not expect inside somthing else, whether it be somthing desired or not. In this case more then likely the Trojan is desired.

A horse is brought into a city with men inside. When the city is asleep the men come out of the horse and attack.

or in our case

A TIF is brought into the psp with a code inside. When the system is not looking for signed code the TIF executes its own.

This TIF exploit is certainly not somthing that is directly related to the PSP. The reason it works is once again an old libTIFF that allows for the exploit to occur. SO YOUR RIGHT! THIS IS A TROJAN! But a desired one... thats generally how exploits work.

read more about the TIFF and TIF exploit here. http://www.kb.cert.org/vuls/id/539110