Symantec and others find trojan in v4.0

Report new bugs here, or look at known issues of current and previous releases of UBCD.

Moderators: Icecube, StopSpazzing

Posts: 2
Joined: Tue Feb 13, 2007 11:51 am

Symantec and others find trojan in v4.0

#1 Post by troutfisher465 » Tue Feb 13, 2007 11:57 am

SAV Corp flagged NC.EXE as a trojan. I submitted to a muti-hone system and many other AV apps flag it as well.
File: nc.exe
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 ab41b1e2db77cebd9e2779110ee3915d
Packers detected:
Scanner results
Scan taken on 13 Feb 2007 19:43:09 (GMT)
Found SPR/Delf.1.A.2 riskware
Found Riskware.Hacktool.Diskwin.A
Found nothing
AVG Antivirus
Found nothing
Found nothing
Found nothing
Found Tool.Netcat
F-Prot Antivirus
Found W32/Backdoor.ADNA
F-Secure Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat (6, 2, 606)
Found HackerTool/Nt110
Kaspersky Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat
Found Win32/RemoteAdmin.NetCat application
Norman Virus Control
Found nothing
Found Backdoor.NetCat32.C
Found Backdoor.Delf.2 (probable variant)

Posts: 338
Joined: Fri Sep 23, 2005 1:21 am
Location: France

#2 Post by Constance » Wed Feb 14, 2007 3:21 am

Where is that nc.exe file supposed to be ? (In some archive ?)
Couldn't find it in UBCD4.0 beta 1 ISO ...

Anyway if you carefully read the report you posted, it seems like it is not a virus but a remote administration tool.
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.

Posts: 2
Joined: Tue Feb 13, 2007 11:51 am

Location of nc.exe

#3 Post by troutfisher465 » Thu Feb 15, 2007 5:29 am

It is in the compressed UBCD4WINv30.exe as well as the extracted location of plugin\Network\netcat\files\nc.exe. Several flag it as a trojan and several don't.

Posts: 90
Joined: Thu Sep 29, 2005 5:44 am

#4 Post by baronvonfoxbat7734 » Thu Feb 15, 2007 6:50 am

1) wrong forum. You need to go see for that info.

2) That is not a trojan at all. It is a tool that is very valuable but could be used by the bad guys to do bad things. It gets flagged by most AV companies due to its possibly being used for bad things. It is one reason why i hate NAV as we use it here at work and it flags it here all the time. In all actuality, it is flagged as a grey malware but not as an actual virus. NAV by default deletes/quarantines the file until it is told to ignore files like that.