Symantec and others find trojan in v4.0

Report new bugs here, or look at known issues of current and previous releases of UBCD.

Moderators: Icecube, StopSpazzing

Locked
Message
Author
troutfisher465
Posts: 2
Joined: Tue Feb 13, 2007 11:51 am

Symantec and others find trojan in v4.0

#1 Post by troutfisher465 » Tue Feb 13, 2007 11:57 am

SAV Corp flagged NC.EXE as a trojan. I submitted to a muti-hone system and many other AV apps flag it as well.
File: nc.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 ab41b1e2db77cebd9e2779110ee3915d
Packers detected:
-
Scanner results
Scan taken on 13 Feb 2007 19:43:09 (GMT)
AntiVir
Found SPR/Delf.1.A.2 riskware
ArcaVir
Found Riskware.Hacktool.Diskwin.A
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Tool.Netcat
F-Prot Antivirus
Found W32/Backdoor.ADNA
F-Secure Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat (6, 2, 606)
Fortinet
Found HackerTool/Nt110
Kaspersky Anti-Virus
Found not-a-virus:RemoteAdmin.Win32.NetCat
NOD32
Found Win32/RemoteAdmin.NetCat application
Norman Virus Control
Found nothing
VirusBuster
Found Backdoor.NetCat32.C
VBA32
Found Backdoor.Delf.2 (probable variant)
:?:

Constance
Posts: 338
Joined: Fri Sep 23, 2005 1:21 am
Location: France

#2 Post by Constance » Wed Feb 14, 2007 3:21 am

Where is that nc.exe file supposed to be ? (In some archive ?)
Couldn't find it in UBCD4.0 beta 1 ISO ...

Anyway if you carefully read the report you posted, it seems like it is not a virus but a remote administration tool.
Hammerite Compendium of Precepts, Regimens and Rules of Conduct, Vol. 113 :
A stroke of thy chisel, once made, canst be undone, but a stroke thou dost not make from fear is a worse flaw.
Be not cautious - be correct.

troutfisher465
Posts: 2
Joined: Tue Feb 13, 2007 11:51 am

Location of nc.exe

#3 Post by troutfisher465 » Thu Feb 15, 2007 5:29 am

It is in the compressed UBCD4WINv30.exe as well as the extracted location of plugin\Network\netcat\files\nc.exe. Several flag it as a trojan and several don't.

baronvonfoxbat7734
Posts: 90
Joined: Thu Sep 29, 2005 5:44 am

#4 Post by baronvonfoxbat7734 » Thu Feb 15, 2007 6:50 am

1) wrong forum. You need to go see ubcd4win.com/forum for that info.

2) That is not a trojan at all. It is a tool that is very valuable but could be used by the bad guys to do bad things. It gets flagged by most AV companies due to its possibly being used for bad things. It is one reason why i hate NAV as we use it here at work and it flags it here all the time. In all actuality, it is flagged as a grey malware but not as an actual virus. NAV by default deletes/quarantines the file until it is told to ignore files like that.

Locked