John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| reply to TerryMiller
Re: New DC ++ Version : Watch out
said by TerryMiller  :I only have KAV so I downloaded and submitted to jotti. I trust McAfee so I wonder if this is really a false positive. File: DCPlusPlus-0.668.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: PE_PATCH, TELOCK This may be the reason. BOCLean detected a trojan in Autostream because of TELOCK. This is the explanation.
QUOTE
"Greetings ... interesting indeed. Well ... it's a false positive, but then again it is *NOT* a false positive. BOClean triggered on a behavioral basis for that one since it was somehow STUPIDLY compacted with the same whacky version of the trojan compactor known as TELock ... that's what BOClean triggered on, last known sighting of this particular version of TELock was back in late 2003 with the SOBIG worms."
"Autostreamer" itself is clean, but the programmers stupidly used TELock which is ONLY used with trojans to obscure them from file scanners. I'm going to have to guess that this was the author's idea of securing himself from "reverse engineering" - I can't imagine any legitimate reason to have used that otherwise, and it IS a known trojan packer.
Since the SOBIG.F virus is EXTINCT, we'll remove that definition from the BOClean database as the SOBIG.F "worm" cannot function any longer and thus the definition is no longer required. Howver, the author(s) of this utility DID use a trojan packer and that's what BOClean alerted on as the particular output was HIGHLY unique."
ENDQUOTE
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
