Re: New DC ++ Version : Watch out

Author	All Replies
TerryMiller Premium join:2003-10-23	reply to Franfreluche Re: New DC ++ Version : Watch out I only have KAV so I downloaded and submitted to jotti. I trust McAfee so I wonder if this is really a false positive. File: DCPlusPlus-0.668.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: PE_PATCH, TELOCK AntiVir No viruses found (0.19 seconds taken) Avast No viruses found (1.51 seconds taken) BitDefender Trojan.Downloader.IstBar.ER (2.62 seconds taken) ClamAV No viruses found (0.78 seconds taken) Dr.Web No viruses found (0.54 seconds taken) F-Prot Antivirus No viruses found (0.07 seconds taken) Kaspersky Anti-Virus Trojan.Win32.Krepper.ag, Trojan-Dropper.Win32.Agent.el (1.89 seconds taken) mks_vir No viruses found (0.24 seconds taken) NOD32 No viruses found (0.40 seconds taken) Norman Virus Control No viruses found (0.13 seconds taken) -- Michelle Graduates
TerryMiller Premium join:2003-10-23	to forum · permalink · · 2005-01-24 22:48:48 · (locked)
Wildcatboy Premium,Mod join:2000-10-30 Toronto, ON	Thanks Terry. I have a feeling it's a false positive too.
Wildcatboy Premium,Mod join:2000-10-30 Toronto, ON	to forum · permalink · · 2005-01-24 23:02:25 · (locked)
Franfreluche @sympatico.ca	reply to TerryMiller I seriously doubt that a false positive would try to mess my registry settings and drop the cserv32.exe file in the C:\Windows folder. Also , the guy that wrote the first review on download.com said that it had installed bargain , ist search and a browser hijacker.I definitively think that it's true. It's too bad that i have deleted the cserv32.exe in a haste though.I could have submitted it to NOD32 and the other AV companies because it look like only 2 of them can detect it.(according to your tests).
Franfreluche @sympatico.ca	to forum · permalink · 2005-01-24 23:08:12 · (locked)
amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA ·RoadRunner Cable 1 edit	reply to Wildcatboy The copy of Ad-aware that I downloaded from download.com last night was reeking havoc on my computer and I tested it again just now at Jotti after reading this thread: File: Ad-Aware.exe Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: ASPACK NOTE: I had problems trying to download same file from Major Geeks and the download.com site download left a strange dll in my temp folder that Norton picked up when I rebooted my computer.
	to forum · permalink · · 2005-01-25 00:25:23 · (locked)
John2g Qui Tacet Consentit Premium join:2001-08-10 England	reply to TerryMiller said by TerryMiller : I only have KAV so I downloaded and submitted to jotti. I trust McAfee so I wonder if this is really a false positive. File: DCPlusPlus-0.668.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: PE_PATCH, TELOCK This may be the reason. BOCLean detected a trojan in Autostream because of TELOCK. This is the explanation. QUOTE "Greetings ... interesting indeed. Well ... it's a false positive, but then again it is NOT a false positive. BOClean triggered on a behavioral basis for that one since it was somehow STUPIDLY compacted with the same whacky version of the trojan compactor known as TELock ... that's what BOClean triggered on, last known sighting of this particular version of TELock was back in late 2003 with the SOBIG worms." "Autostreamer" itself is clean, but the programmers stupidly used TELock which is ONLY used with trojans to obscure them from file scanners. I'm going to have to guess that this was the author's idea of securing himself from "reverse engineering" - I can't imagine any legitimate reason to have used that otherwise, and it IS a known trojan packer. Since the SOBIG.F virus is EXTINCT, we'll remove that definition from the BOClean database as the SOBIG.F "worm" cannot function any longer and thus the definition is no longer required. Howver, the author(s) of this utility DID use a trojan packer and that's what BOClean alerted on as the particular output was HIGHLY unique." ENDQUOTE -- Better to remain silent and be thought a fool, than to speak and remove all doubt.
	to forum · permalink · · 2005-01-25 05:05:53 · (locked)


Sunday, 08-Nov 15:03:01	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF