It is currently Thu Oct 23, 2014 1:14 pm

All times are UTC - 8 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 
Author Message
 Post subject: Found a Trojan (Not)
PostPosted: Sun Jan 07, 2007 10:50 pm 
Offline

Joined: Sun Jan 07, 2007 10:38 pm
Posts: 5
I was posting on another forum about an install that I was doing and a budy showed me http://www.ultimatebootcd.com/ . It sounds like a top notch set of tools and I can't wait to ad it to my collection. I'm posting here today as an FYI sort of as a thank you for such great work.


I downloaded UBCD4Win from generalcomputersupport.com and got a
Trojan.PWS.Ras.A

Found it with Bitdefender

_________________
Noobe with a cause


Last edited by BGH on Tue Jan 09, 2007 2:40 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 12:39 am 
Offline

Joined: Fri Sep 23, 2005 1:21 am
Posts: 336
Location: France
Well, 2 things :
- these here website and forum are not affiliated in any way with UBCD4Win
- this may be a false positive... but you're not supposed to download UBCD4Win, you're supposed to build it using tools provided. I'd recommend to download from the official website or one of its official mirrors, listed here : http://ubcd4win.com/downloads.htm

Do not trust any other website about this, unless you know it's a website you can trust in general.
You may also compare the md5 hash for the file you already downloaded with the one written on the page I provided a link to, to check if your download is ok or corrupted by any mean...

See also : http://ubcd4win.com/faq.htm#false

_________________
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 1:10 am 
Offline

Joined: Sun Jan 07, 2007 10:38 pm
Posts: 5
I wasn't sure if it was a false positive since I couldn't find any information
about the Trojan found.

As for building it, I kind of discovered that after I found a disk image.
Thanks for the response.

_________________
Noobe with a cause


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 2:01 am 
Offline

Joined: Fri Sep 23, 2005 1:21 am
Posts: 336
Location: France
Well, did your anti-virus tell you in which precise file it supposedly had found this trojan ?
Looks like there is something about this particular "trojan" in their FAQ.

Anyway, I downloaded the file from the website you said and checked the MD5 hash using Hashtab : seems ok, so the file isn't corrupted.

_________________
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 6:06 am 
Offline

Joined: Thu Sep 29, 2005 5:44 am
Posts: 90
Due to several of the utilities that are included in the UBCD4Win, many times a year several AV vendors accidentally detect trojans and such when there is none. Another thing that pops up is that some files are flagged as hacktools and some people confuse that for trojans as well. Not that you have, just a info statement.

As Constance mentioned, if in doubt double check the hash before running to double check it has not been tampered with. If it says exactly what file is offensive, you can upload the file to http://virusscan.jotti.org/ and have it check the file against all the other AV vendors out there. Sometimes it is just one that flags that file and sometimes several vendors flag the file. It is a good benchmark to test the file.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 12:15 pm 
Offline

Joined: Sun Jan 07, 2007 10:38 pm
Posts: 5
I believe it was a keystroke logger of some kind. I'll see if I can't find some reference to it. I've had false positives before and no big deal. What made me curious about this one was that windows would not delete it to the recycle bin. I had to use the virus software to yank it out.


k:\temp folder\plugin\system-info\information\keyfinderpe\keyfinder.exe infected: Trojan.PWS.Ras.A

I am not a programmer and what I know about computers can fit into a thimble. By that, I'm saying that I know way more than Forest Gump, but less than a motivated teenager.

Thanks for the help.

_________________
Noobe with a cause


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 12:25 pm 
Offline

Joined: Thu Sep 29, 2005 5:44 am
Posts: 90
keyfinder... gotcha. What that nice little tool is all about is simply allowing you to see what product keys are installed for your MS products and maybe a few others as well. It is not malicious by itself. If in the wrong hands (1337 h4x0rz) it can be used to steal the product keys of valid products and post them on warez sites.

Summary, no worries big buddy on that little gem of a file. It is not going to harm you more than M$ already has. ;-)

-=EDIT=-

It can also be used by SysAdmins to copy out a key that someone has lost the key to. Such as if the system is dead and needs to be rebuilt but the office key is missing, this little tool can get the key to re-install the office product back onto the machine and such. Very handy in those types of situations and of which is why it is included.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 4:23 pm 
Offline

Joined: Sun Jan 07, 2007 10:38 pm
Posts: 5
THank you for the follow up.
Could someone please put false alarm in the thread subject or something so this wonderful piece of work doesn't get an undeserved bad rep.

:oops:

_________________
Noobe with a cause


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jan 08, 2007 4:59 pm 
Offline

Joined: Sun Jan 07, 2007 10:38 pm
Posts: 5
Constance wrote:
Well, 2 things :
- these here website and forum are not affiliated in any way with UBCD4Win
- this may be a false positive... but you're not supposed to download UBCD4Win, you're supposed to build it using tools provided. I'd recommend to download from the official website or one of its official mirrors, listed here : http://ubcd4win.com/downloads.htm

Do not trust any other website about this, unless you know it's a website you can trust in general.
You may also compare the md5 hash for the file you already downloaded with the one written on the page I provided a link to, to check if your download is ok or corrupted by any mean...

See also : http://ubcd4win.com/faq.htm#false



After doing some reading on one of the links you posted, I realized that the solution was there for me to find. I just didn't look close enough. Thumbs up Cola.

_________________
Noobe with a cause


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jan 09, 2007 11:09 am 
Offline

Joined: Fri Sep 23, 2005 1:21 am
Posts: 336
Location: France
:)
BTW I think you can edit the thread title yourself by editing the first message.

_________________
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group