DiamondCS

[lucas1985]

Quote:

Originally Posted by Pedro

Popcorn please.

LOL

[terminal velocity]

Is it the belief of the site administrators, that Waynes account has been hijacked and that this thread is hosting links to malicious software?

[BlueZannetti]

Quote:

Originally Posted by terminal velocity

Is it the belief of the site administrators, that Waynes account has been hijacked and that this thread is hosting links to malicious software?

Just a couple of comments:

• Public discussion of the status of individual members is rather inappropriate, please keep the discussion focused on products and vendors. I realize that the distinction can be blurred with respect to the latter.
• If we have reason to believe that any member account has been compromised, appropriate action is taken.
• Links to malicious software are routinely removed from the site on a regular basis, with comment to that effect.

Blue

[terminal velocity]

So members can reasonably infer from your response, the unchanged nature of Waynes account and the continued presence of the link below, that you are confident it is Wayne that is posting and that the file is genuine and not malicious?

http://www.diamondcs.com.au/freeutil...orexplorer.php

[LowWaterMark]

Quote:

Originally Posted by terminal velocity

So members can reasonably infer from your response, the unchanged nature of Waynes account and the continued presence of the link below, that you are confident it is Wayne that is posting and that the file is genuine and not malicious?

http://www.diamondcs.com.au/freeutil...orexplorer.php

No, you are going too far with your conclusions. We have no reason to believe Wayne's account was hijacked, as you asked in your previous post. But, that is all that can be said from here.

The forum owners and staff have no special knowledge of the condition or circumstances of either Wayne or DiamondCS. We have not heard from Wayne (via any form of private communication) since Fall 2006 which is why we closed the DCS forum sections. We know no more than is posted by members in this thread.

Not having reason to think the "Wayne - DiamondCS" account has been hijacked is not the same as being sure that it definitely is Wayne and not a friend, employee, someone he sold his company to, or whoever. As for the software hosted at some vendor's website, we can not speak to that at all. We have no relationship with DiamondCS, so, just as we don't certify and assure people about the software at any other "anti-malware" vendors website posted in this section, we make no statements about DCS software either.

[Longboard]

@Blue and LWM:

Quote:

The forum owners and staff have no special knowledge of the condition or circumstances of either Wayne or DiamondCS. We have not heard from Wayne (via any form of private communication) since Fall 2006 which is why we closed the DCS forum sections. We know no more than is posted by members in this thread.

Appreciate your candour.

Remember this:
http://www.wilderssecurity.com/showp...7&postcount=11
Any updates sought..

I was in Perth on another matter recently ( over Easter) and did a quick search = nuttin'

Not saying I couldn't be wrong and I hope I am, but this is smelling a bit.

The real tragedy is: What REALLY happened ??

We may think we are 'connected' but if DCS can just drop off the map and and a "person" who must have had contacts elsewhere, employees, friends, secretaries, bank accounts etc etc etc has just gone.

Almost feel like putting some $ into some tracking just for my peace of mind.

[Inspector Clouseau]

Quote:

Originally Posted by Mele20

Almost all detect it.

And almost all detect that wrongly. That file is as much as dangerous as flyshit on your office desk. It's packed with a PRIVATE(!) version of Pec2 (Bitsum) hence a lot of "incorrect" heuristic detections, especially because the file is also small and makes some "strange" registry activity. However, the registry activity is based on the way how wayne reads/accesses the bootsector. Via Registry physicaldevice. Nothing wrong with that.

[Inspector Clouseau]

@Longboard: Just relax Let's have a few drinks in ALB (Aqua Luna Bar, East Circular Quay) PM me for appointment/phone number. Alone the female waiters are worth going to over there

[spy1]

Have to agree there's nothing hinky about the program - I installed it on both this NOD32-protected computer and the wife's Norton360-protected computer.

Neither AV made a peep. I'll check TH, run a full in-depth scan with NOD, etc. later. Pete

[terminal velocity]

Quote:

Originally Posted by LowWaterMark

No, you are going too far with your conclusions.

Not a conclusion - a question, & I appreciate your response.

Quote:

Originally Posted by Inspector Clouseau

And almost all detect that wrongly.

It's also at odds with the tests I made which shows approx 25% hit rate and not the

Quote:

Originally Posted by Mele20

Almost all detect it

that has been offered.

Quote:

Originally Posted by Inspector Clouseau

That file is as much as dangerous as flyshit on your office desk. It's packed with a PRIVATE(!) version of Pec2 (Bitsum) hence a lot of "incorrect" heuristic detections, especially because the file is also small and makes some "strange" registry activity. However, the registry activity is based on the way how wayne reads/accesses the bootsector. Via Registry physicaldevice. Nothing wrong with that.

Thanks Inspector Clouseau, grateful to you for working through some of the fog.

[spy1]

And here's the one from my wifes' computer.

BTW - I haven't a clue as to what any of it means so if anyone sees anything "off" in either screenshot, feel free to let me know! Pete

[lordpake]

Thanks to Inspector Clouseau for bringing something sensible in what I perceive to be mostly a paranoia-laden thread.

But then again, this is a security forum so I guess the paranoia comes with the territory

[Threedog]

I don't know if I would term it paranoia, more like extreme caution in a mysterious situation. Let's face it, this forum is probably the most respected security forum on the whole internet. It would be an awfully big feather in some hackers hat if he could get a baddie on our computers. And here you have a perfect scenario to do it. The social engineering by impersonating a respected member of our community to get us to download and run software that unknown to us is really there to comprimise our systems.

[PROROOTECT]

Hi everybody , It's a good sign of life from Wayne : look to Rootkit.com , " Show me new threads! " . Thanks, PROROOTECT.

[HURST]

Hi... I've never used any DCS product, nor did I knew them before I joined Wilders. But I followed this thread and read all posts.

If Wayne did come back, I'm guessing that's a good thing. But I can't help to be suspicious on this. The idea that the one posting wasn't the real wayne has crossed my mind more than once. If someone else is running his company now, and had access to the webpage and all that, why not have access to WSF account info?

There are far to many strange things here: the "wrong versions" of programs on the webpage, the AV's detecting malware, the absolute absense of an explanation during a whole year or more, etc...

I find another thing strange:
Wayne (or who is posting with his username), says that he was involved in an accident, and couldn't explain because he was in a hospital. Let's forget for a moment that anybody could have written a short statement on his webpage (a coworker, a relative, even the secretary), and have avoided a lot of problems. Let's say it was impossible for him. Why does he then say that they have spend the last year developing the new tool? If you can code an application, you can write a short sentence, or not?

Quote:

Originally Posted by DCS on rootkit.com

Well it seems that the pace of the rootkit/anti-rootkit communities has slowed down somewhat over recent months as fresh ideas become harder to come by, but we hope to add a bit of spice into that mix.

We have spent the last year developing a new anti-rootkit/anti-hook program ... it's much more than just that though - it will show you all sorts of hooks and various anomalies and attacks against your system, with the aim of putting you - the user - in control of your system while making the exploration of such security issues as easy as exploring files in Windows Explorer.

I really hope I'm wrong, that Wayne really is back, and that this will turn out good for everybody: Wayne, DiamondCS and most of all, users who put their faith in this company.

[Mele20]

Quote:

Originally Posted by Inspector Clouseau

And almost all detect that wrongly. That file is as much as dangerous as flyshit on your office desk. It's packed with a PRIVATE(!) version of Pec2 (Bitsum) hence a lot of "incorrect" heuristic detections, especially because the file is also small and makes some "strange" registry activity. However, the registry activity is based on the way how wayne reads/accesses the bootsector. Via Registry physicaldevice. Nothing wrong with that.

Mike, I NEVER said I thought it was malicious. I reported that most detect it. That is all. I didn't submit it to Jotti's or Virus Total either. ~~snipped off-topic forum policy comments~~ I googled instead and saw that a bunch of AV detect it. So, I stated that here. I never said though that I personally thought the file had a virus. I will apologize though for the font size in that second screenshot I made. It has been like that (gigantic) since the upgrade to ver 8 but I always saw a normal sized font with ver 7. It has to be caused by some change on Avira's part as I have not changed anything on my default browser.

What I have said about all this is that I don't think that is Wayne and if it is why didn't he have the AV companies whitelist the file? I don't have Application or Security Privacy Risk checked under extended threat categories in Avira as that is generally where the FP's come from. This is not a heuristic detection either from Avira. It is signature and probably an FP.

But this is all moot unless we can somehow know this is actually Wayne. Besides, what we all want is PG updated not some new program offered before an update to PG. Plus, we'd like something as simple as the correct last version of PG be posted on the DiamondCS site for download. If this is Wayne, why hasn't he contacted Wilders owners? That is rude as hell. Why hasn't he been back to this thread? I, as much or more than anyone, want Wayne back but I don't think he is back.

[EraserHW]

Quote:

Originally Posted by Mele20

This is not a heuristic detection either from Avira. It is signature and probably an FP

Already replied by Mike

Quote:

Originally Posted by Inspector Clouseau

It's packed with a PRIVATE(!) version of Pec2 (Bitsum) hence a lot of "incorrect" heuristic detections, especially because the file is also small and makes some "strange" registry activity

TR/Crypt.XPACK.gen is a generic definition, that would mean a kind of heuristic detection too

[Longboard]

Hey Inspector: I am relaxed
Just one of those vexing things: stone in my shoe stuff.
Little bait dangled here by "Wayne"..hard not to get hopes up a bit..

I aint worried about that generic detection stuff.
LOL every rootkit scanner has been FP'd some where or another.

Just one bean to another stuff now, dont really care if DCS is gone forever, just like to know the conclusion.

[PROROOTECT]

I repeat : look to message from Wayne for Rootkit.com : /General discussion /New anti-rootkit introduction, last post: May/05 : 2008 ...THANKS

[HURST]

Quote:

Originally Posted by PROROOTECT

I repeat : look to message from Wayne for Rootkit.com : /General discussion /New anti-rootkit introduction, last post: May/05 : 2008 ...THANKS

So what? Its the same anouncement he did here, that doesn't prove anything...

[EASTER]

Hello Again Group:

This is really of non effect for me since i haven't been as closely involved with this vendor's product or any of the discussions per apps not once i can recall, but one can't help noticing that this same Topic is been bumped up more times then carter has liver pills over the past MANY months, maybe not daily like now, but i became curious why attention kept coming back to it so long after the vendor apparently closed up shop for whatever reason.

So in essence although i can't add anything of real substance to this current discussion it does become obvious of what others are alluding to from these quotes below and...........

Quote:

I find another thing strange:
Wayne (or who is posting with his username), says that he was involved in an accident, and couldn't explain because he was in a hospital. Let's forget for a moment that anybody could have written a short statement on his webpage (a coworker, a relative, even the secretary), and have avoided a lot of problems. Let's say it was impossible for him. Why does he then say that they have spend the last year developing the new tool? If you can code an application, you can write a short sentence, or not?

Sure would be nice to finally get to the heart of this matter wouldn't you agree?

btw, i had already tried that MBR app days before the findings were brought up but found nothing out of the ordinary on this end from it, just incomplete, as other utilities allow manipulations of the MBR and such from theirs.

EASTER

[Mele20]

Here's Avira's report:

~Private info removed. See the TOS - Ron~

Please do not post private exchanges on these forums without the permission of both parties.

However, to help you out, here is what you should have posted: "I sent a message to Avira support about the detection of the DCS file bsectexp.exe. They replied that it was indeed a false positive and would be fixed soon in an upcoming definition release." There's really no need to post a copy of a private email when you can just summarize it in your own words.

[Mele20]

That wasn't private information! It was on their WEBSITE FOR ANYONE TO SEE.

http://analysis.avira.com/samples/de...identid=147243

I didn't send a message to Avira support. I submitted a file that was suspected to be a False Positive ON THEIR WEBSITE. There is NO OTHER WAY TO SUBMIT FP's to Avira.

I received a reply on Avira's website and an email which stated the very same thing the website states. There was NO PRIVATE CONVERSATION BETWEEN ME AND AVIRA. THERE CANNOT BE SUCH A THING WHEN SUBMITTING FP'S.

Avira believes in something called TRANSPARENCY. Obviously that has escaped Wilders attention. Further, THERE IS NO SUCH THING AS EMAIL SUPPORT WITH AVIRA. IT DOES NOT EXIST.

[ronjor]

Quote:

I didn't send a message to Avira support.

Hi Mele, somebody did.

Quote:

Thank you for your email to Avira's virus lab.

I would use a link in the future.

[LowWaterMark]

No, don't bother with any future. Mele is banned. (The shear number of complaints that have come in regarding her posts is more than enough to earn her of a ban worse than the guy she quotes as being the worst ever banned member from Wilders. Look at her posts and you'll she who she's talking about.)

100 times I explained forum policy and 100 times she would not understand it. Enough is enough! Go back to your "home forum" for now and forever. Let DSLR deal with you! Mele you are never welcome here again!