I trust TDS, but yet.....

Discussion in 'Trojan Defence Suite' started by Generix, Mar 9, 2003.

Thread Status:
Not open for further replies.
  1. Generix

    Generix Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    14
    Location:
    The Backwoods of the Appalachian Mtns.
    Having recently updated my Norton anti-virus definitions, I recieved an alert about a so called IRC trojan called 'nHTMLn.dll' located in my mIRC directory. This file isn't by any means new, and TDS does have any sort of idetification on the file. I've talked to a few people that have also gotten the same alert from Norton recently. Any ideas on if this is a virus/trojan or if it's harmful?
     

    Attached Files:

  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    hmm, did a search on Google on that one. Looks quite clean to me.
    Dolf
     
  3. xor

    xor Guest

    mIRC Explorer Trojan - generic detection needed - open source - popular versions are 2.9 and 2.92 :D
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi Generix,

    Please email me the file, gavin@diamondcs.com.au

    I'll get back to you as soon as I can
     
  5. Generix

    Generix Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    14
    Location:
    The Backwoods of the Appalachian Mtns.
    Sorry for the delays....ISP problems :(. Anyways, someone from Gladiator AV contacted me and requested the file. He claims that this is a genuine IRC backdoor, and GAV detects it as one. However, over the course of the next several days, I updated my Norton AV definitions again, rescanned, and came up negative. Also, I found that this file came from the zipped version of eXtreme for mIRC (a popular script), therefore making it less likely to be malicious. I also spoke with a reputable IRCop who stated that this file was completely harmless and had to do with the eXtreme script and browser integration. I've taken the file from quarantine and monitored it, yet found nothing. It looks like this was a false positive (hopefully).
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Generix,

    Did you supply a copy to DCS as requested by Gavin (see above?) - better to hear a comment from the horses mouth (not personal, Gavin ;).

    regards.

    paul
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    No problems Paul :D

    The only information I could find on this one was also that it seemed to be available in a few scripts and was probably a benign type of file - ok it could be used as a support file for a trojan but not be a trojan itself.. no sample yet but this was the thought at the time :)
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks Gavin - good news ;).

    regards.

    paul
     
  9. Generix

    Generix Registered Member

    Joined:
    Jan 24, 2003
    Posts:
    14
    Location:
    The Backwoods of the Appalachian Mtns.
    Paul,
    Yes, I was able to send Gavin a copy of the dll and he verified that it was trojan free :)
     
  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice job, Generix ;)

    regards.

    paul
     
Thread Status:
Not open for further replies.