Skilgannon wrote:Look what this nonce posted on -[RTK]-, doesn't he know a false positive when he sees one? I have two av's on this machine, and the file in question. NOT A VIRUS.
hdd21 wrote:Hitman was correct about that one:
After an AV update, here goes:
(different AV to the one hotmans saw it as:)
So what do u lot think?
I have the firm personal new believe that Hitman should have a cock shoved down his
throat for being a complete idiot jackass. This is why below:
Virus scanners work by finding "unique" signatures on trojans/viruses that are submitted
or found elsewhere. This is generally a unique set of bits to the program or a combination
of them. It is very possible for them to show up due to the vast number of them out
there
today as false positives. This is when say an image shows up because some guy
took a picture and the compressed bits came close to a definition/series of bits.
The 2nd method know as Heuristic scanner "predicts" by looking inside and seeing
what system calls it uses, if winsock32 loads, etc. This does not mean that it is a
false positive like the scanner says which is the instance above. If it happens to call
a certain number of calls or any that it deems as evil it will freak out and say its an
evil trojan! Oh My! This happens in pretty funny cases against pieces of software that
are pretty obviously not trojans. This point being that depending the scanner it is
sometimes flawed and points out fake positives.
Netcat Windows NT Version 111
http://www.securityfocus.com/cgi-bin/in ... e=threaded
This file always shows up as a deadly dangerous trojan for usually the two reason
above I have listed. It is not one. This is similar to the unix command cat only it works
through TCP and UDP connections. It is called the Swiss knive of networking for a reason..
It is standard to have this on all versions of BSD and universally on most linux distributions. Solaris has their versions as well.
Generally it is listed as such because you can spawn a shell and pipe the I/O over
a connection using TCP or UPD on a windows box. Allows remote command.com
access. You have to invoke this on a command prompt to do this. You can also do
this in any unix system if you really felt like it.
I was transferring files between computers the other day using this command:
"nc 192.168.1.104 666 | tar -cjvf - *"
and on the other:
"nc -l -p 666 | tar -xjvf -"
This is evil trojan behavior because it comes with Unix Operating systems!
Also a note:
Using obscure metabolic end product software made by moronic jackasses increases the chance of
a false positive. Believing in Hitman deserves to be shot, run over with a car, and
forcefully sodomized with a broom stick and even that is too light.
Even more added note:
Hitman has been banned on all Deus Ex forums to my knowledge or is not welcome
on any of them.
The Ultimate added note:
Malware rarely gets picked up by any type of scanner. As soon as it does they usually
drop using it and back to the re-write block to make it not detectable again. Some
uses random encryption on themselves with generated keys to fool scanners as
well. The only thing that a scanner can pick up is something it knows about or can
intelligently guess.
A added example:
Uplink
http://www.introversion.co.uk/uplink/
This game uses the UPX packer to pack its executable to make it smaller. This is
sometimes used by trojans so this game even on the CD shows up as a false positive.
)
