Page 1 of 1

Symantec and others find trojan in v4.0

Posted: Tue Feb 13, 2007 11:57 am
by troutfisher465
SAV Corp flagged NC.EXE as a trojan. I submitted to a muti-hone system and many other AV apps flag it as well.
File: nc.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 ab41b1e2db77cebd9e2779110ee3915d
Packers detected:
-
Scanner results
Scan taken on 13 Feb 2007 19:43:09 (GMT)
AntiVir
Found SPR/Delf.1.A.2 riskware
ArcaVir
Found Riskware.Hacktool.Diskwin.A
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Tool.Netcat
F-Prot Antivirus
Found W32/Backdoor.ADNA
F-Secure Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat (6, 2, 606)
Fortinet
Found HackerTool/Nt110
Kaspersky Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat
NOD32
Found Win32/RemoteAdmin.NetCat application
Norman Virus Control
Found nothing
VirusBuster
Found Backdoor.NetCat32.C
VBA32
Found Backdoor.Delf.2 (probable variant)
:?:

Posted: Wed Feb 14, 2007 3:21 am
by Constance
Where is that nc.exe file supposed to be ? (In some archive ?)
Couldn't find it in UBCD4.0 beta 1 ISO ...

Anyway if you carefully read the report you posted, it seems like it is not a virus but a remote administration tool.

Location of nc.exe

Posted: Thu Feb 15, 2007 5:29 am
by troutfisher465
It is in the compressed UBCD4WINv30.exe as well as the extracted location of plugin\Network\netcat\files\nc.exe. Several flag it as a trojan and several don't.

Posted: Thu Feb 15, 2007 6:50 am
by baronvonfoxbat7734
1) wrong forum. You need to go see ubcd4win.com/forum for that info.

2) That is not a trojan at all. It is a tool that is very valuable but could be used by the bad guys to do bad things. It gets flagged by most AV companies due to its possibly being used for bad things. It is one reason why i hate NAV as we use it here at work and it flags it here all the time. In all actuality, it is flagged as a grey malware but not as an actual virus. NAV by default deletes/quarantines the file until it is told to ignore files like that.