It is currently Sat Nov 22, 2014 6:17 am

All times are UTC - 8 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: Symantec and others find trojan in v4.0
PostPosted: Tue Feb 13, 2007 11:57 am 
Offline

Joined: Tue Feb 13, 2007 11:51 am
Posts: 2
SAV Corp flagged NC.EXE as a trojan. I submitted to a muti-hone system and many other AV apps flag it as well.
File: nc.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 ab41b1e2db77cebd9e2779110ee3915d
Packers detected:
-
Scanner results
Scan taken on 13 Feb 2007 19:43:09 (GMT)
AntiVir
Found SPR/Delf.1.A.2 riskware
ArcaVir
Found Riskware.Hacktool.Diskwin.A
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Tool.Netcat
F-Prot Antivirus
Found W32/Backdoor.ADNA
F-Secure Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat (6, 2, 606)
Fortinet
Found HackerTool/Nt110
Kaspersky Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat
NOD32
Found Win32/RemoteAdmin.NetCat application
Norman Virus Control
Found nothing
VirusBuster
Found Backdoor.NetCat32.C
VBA32
Found Backdoor.Delf.2 (probable variant)
:?:


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 14, 2007 3:21 am 
Offline

Joined: Fri Sep 23, 2005 1:21 am
Posts: 336
Location: France
Where is that nc.exe file supposed to be ? (In some archive ?)
Couldn't find it in UBCD4.0 beta 1 ISO ...

Anyway if you carefully read the report you posted, it seems like it is not a virus but a remote administration tool.

_________________
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.


Top
 Profile  
 
 Post subject: Location of nc.exe
PostPosted: Thu Feb 15, 2007 5:29 am 
Offline

Joined: Tue Feb 13, 2007 11:51 am
Posts: 2
It is in the compressed UBCD4WINv30.exe as well as the extracted location of plugin\Network\netcat\files\nc.exe. Several flag it as a trojan and several don't.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Feb 15, 2007 6:50 am 
Offline

Joined: Thu Sep 29, 2005 5:44 am
Posts: 90
1) wrong forum. You need to go see ubcd4win.com/forum for that info.

2) That is not a trojan at all. It is a tool that is very valuable but could be used by the bad guys to do bad things. It gets flagged by most AV companies due to its possibly being used for bad things. It is one reason why i hate NAV as we use it here at work and it flags it here all the time. In all actuality, it is flagged as a grey malware but not as an actual virus. NAV by default deletes/quarantines the file until it is told to ignore files like that.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group