DiamondCS

Discussion in 'other anti-malware software' started by G1111, Sep 19, 2007.

Thread Status:
Not open for further replies.
  1. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    LOL :thumb:
     
  2. terminal velocity

    terminal velocity Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    24
    Is it the belief of the site administrators, that Waynes account has been hijacked and that this thread is hosting links to malicious software?
     
  3. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Just a couple of comments:
    • Public discussion of the status of individual members is rather inappropriate, please keep the discussion focused on products and vendors. I realize that the distinction can be blurred with respect to the latter.
    • If we have reason to believe that any member account has been compromised, appropriate action is taken.
    • Links to malicious software are routinely removed from the site on a regular basis, with comment to that effect.
    Blue
     
  4. terminal velocity

    terminal velocity Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    24
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,247
    Location:
    New England
    No, you are going too far with your conclusions. We have no reason to believe Wayne's account was hijacked, as you asked in your previous post. But, that is all that can be said from here.

    The forum owners and staff have no special knowledge of the condition or circumstances of either Wayne or DiamondCS. We have not heard from Wayne (via any form of private communication) since Fall 2006 which is why we closed the DCS forum sections. We know no more than is posted by members in this thread.

    Not having reason to think the "Wayne - DiamondCS" account has been hijacked is not the same as being sure that it definitely is Wayne and not a friend, employee, someone he sold his company to, or whoever. As for the software hosted at some vendor's website, we can not speak to that at all. We have no relationship with DiamondCS, so, just as we don't certify and assure people about the software at any other "anti-malware" vendors website posted in this section, we make no statements about DCS software either.
     
  6. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,227
    Location:
    Sydney, Australia
    @Blue and LWM:
    Appreciate your candour.

    Remember this:
    https://www.wilderssecurity.com/showpost.php?p=898317&postcount=11
    Any updates sought..

    I was in Perth on another matter recently ( over Easter) and did a quick search = nuttin'

    Not saying I couldn't be wrong and I hope I am, but this is smelling a bit.

    The real tragedy is: What REALLY happened ??

    We may think we are 'connected' but if DCS can just drop off the map and and a "person" who must have had contacts elsewhere, employees, friends, secretaries, bank accounts etc etc etc has just gone. :(

    Almost feel like putting some $ into some tracking just for my peace of mind.
     
  7. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    And almost all detect that wrongly. That file is as much as dangerous as flyshit on your office desk. It's packed with a PRIVATE(!) version of Pec2 (Bitsum) hence a lot of "incorrect" heuristic detections, especially because the file is also small and makes some "strange" registry activity. However, the registry activity is based on the way how wayne reads/accesses the bootsector. Via Registry physicaldevice. Nothing wrong with that.
     
  8. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    @Longboard: Just relax :D Let's have a few drinks in ALB (Aqua Luna Bar, East Circular Quay) PM me for appointment/phone number. Alone the female waiters are worth going to over there :D
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Have to agree there's nothing hinky about the program - I installed it on both this NOD32-protected computer and the wife's Norton360-protected computer.

    Neither AV made a peep. I'll check TH, run a full in-depth scan with NOD, etc. later. Pete
     

    Attached Files:

    Last edited: May 5, 2008
  10. terminal velocity

    terminal velocity Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    24
    Not a conclusion - a question, & I appreciate your response.

    It's also at odds with the tests I made which shows approx 25% hit rate and not the
    that has been offered.

    Thanks Inspector Clouseau, grateful to you for working through some of the fog.
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    And here's the one from my wifes' computer.

    BTW - I haven't a clue as to what any of it means :eek: so if anyone sees anything "off" in either screenshot, feel free to let me know! Pete
     

    Attached Files:

  12. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Thanks to Inspector Clouseau for bringing something sensible in what I perceive to be mostly a paranoia-laden thread.

    But then again, this is a security forum so I guess the paranoia comes with the territory :)
     
  13. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I don't know if I would term it paranoia, more like extreme caution in a mysterious situation. Let's face it, this forum is probably the most respected security forum on the whole internet. It would be an awfully big feather in some hackers hat if he could get a baddie on our computers. And here you have a perfect scenario to do it. The social engineering by impersonating a respected member of our community to get us to download and run software that unknown to us is really there to comprimise our systems.
     
  14. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi everybody:thumb: , It's a good sign of life from Wayne : look to Rootkit.com , " Show me new threads! " . Thanks, PROROOTECT.
     
  15. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi... I've never used any DCS product, nor did I knew them before I joined Wilders. But I followed this thread and read all posts.

    If Wayne did come back, I'm guessing that's a good thing. But I can't help to be suspicious on this. The idea that the one posting wasn't the real wayne has crossed my mind more than once. If someone else is running his company now, and had access to the webpage and all that, why not have access to WSF account info?

    There are far to many strange things here: the "wrong versions" of programs on the webpage, the AV's detecting malware, the absolute absense of an explanation during a whole year or more, etc...

    I find another thing strange:
    Wayne (or who is posting with his username), says that he was involved in an accident, and couldn't explain because he was in a hospital. Let's forget for a moment that anybody could have written a short statement on his webpage (a coworker, a relative, even the secretary), and have avoided a lot of problems. Let's say it was impossible for him. Why does he then say that they have spend the last year developing the new tool? If you can code an application, you can write a short sentence, or not?

    I really hope I'm wrong, that Wayne really is back, and that this will turn out good for everybody: Wayne, DiamondCS and most of all, users who put their faith in this company.
     
  16. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Mike, I NEVER said I thought it was malicious. I reported that most detect it. That is all. I didn't submit it to Jotti's or Virus Total either. ~~snipped off-topic forum policy comments~~ I googled instead and saw that a bunch of AV detect it. So, I stated that here. I never said though that I personally thought the file had a virus. I will apologize though for the font size in that second screenshot I made. It has been like that (gigantic) since the upgrade to ver 8 but I always saw a normal sized font with ver 7. It has to be caused by some change on Avira's part as I have not changed anything on my default browser.

    What I have said about all this is that I don't think that is Wayne and if it is why didn't he have the AV companies whitelist the file? I don't have Application or Security Privacy Risk checked under extended threat categories in Avira as that is generally where the FP's come from. This is not a heuristic detection either from Avira. It is signature and probably an FP.

    But this is all moot unless we can somehow know this is actually Wayne. Besides, what we all want is PG updated not some new program offered before an update to PG. Plus, we'd like something as simple as the correct last version of PG be posted on the DiamondCS site for download. If this is Wayne, why hasn't he contacted Wilders owners? That is rude as hell. Why hasn't he been back to this thread? I, as much or more than anyone, want Wayne back but I don't think he is back.
     
    Last edited by a moderator: May 5, 2008
  17. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Already replied by Mike :)

    TR/Crypt.XPACK.gen is a generic definition, that would mean a kind of heuristic detection too :)
     
    Last edited: May 5, 2008
  18. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,227
    Location:
    Sydney, Australia
    Hey Inspector: I am relaxed ;)
    Just one of those vexing things: stone in my shoe stuff.
    Little bait dangled here by "Wayne"..hard not to get hopes up a bit..

    I aint worried about that generic detection stuff.
    LOL every rootkit scanner has been FP'd some where or another.

    Just one bean to another stuff now, dont really care if DCS is gone forever, just like to know the conclusion.
     
  19. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    I repeat:) :) : look to message from Wayne for Rootkit.com : /General discussion /New anti-rootkit introduction, last post: May/05 : 2008 ...THANKS
     
  20. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    So what? Its the same anouncement he did here, that doesn't prove anything...
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,998
    Location:
    U.S.A. (South)
    Hello Again Group:

    This is really of non effect for me since i haven't been as closely involved with this vendor's product or any of the discussions per apps not once i can recall, but one can't help noticing that this same Topic is been bumped up more times then carter has liver pills over the past MANY months, maybe not daily like now, but i became curious why attention kept coming back to it so long after the vendor apparently closed up shop for whatever reason.

    So in essence although i can't add anything of real substance to this current discussion it does become obvious of what others are alluding to from these quotes below and...........




    Sure would be nice to finally get to the heart of this matter wouldn't you agree?

    btw, i had already tried that MBR app days before the findings were brought up but found nothing out of the ordinary on this end from it, just incomplete, as other utilities allow manipulations of the MBR and such from theirs.

    EASTER
     
  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Here's Avira's report:

    ~Private info removed. See the TOS - Ron~

    Please do not post private exchanges on these forums without the permission of both parties.

    However, to help you out, here is what you should have posted: "I sent a message to Avira support about the detection of the DCS file bsectexp.exe. They replied that it was indeed a false positive and would be fixed soon in an upcoming definition release." There's really no need to post a copy of a private email when you can just summarize it in your own words.
     
    Last edited by a moderator: May 6, 2008
  23. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    That wasn't private information! It was on their WEBSITE FOR ANYONE TO SEE.

    http://analysis.avira.com/samples/d...dALt8ZbP8fzP39Ph91w38c5PgNj&incidentid=147243

    I didn't send a message to Avira support. I submitted a file that was suspected to be a False Positive ON THEIR WEBSITE. There is NO OTHER WAY TO SUBMIT FP's to Avira.

    I received a reply on Avira's website and an email which stated the very same thing the website states. There was NO PRIVATE CONVERSATION BETWEEN ME AND AVIRA. THERE CANNOT BE SUCH A THING WHEN SUBMITTING FP'S.

    Avira believes in something called TRANSPARENCY. Obviously that has escaped Wilders attention. Further, THERE IS NO SUCH THING AS EMAIL SUPPORT WITH AVIRA. IT DOES NOT EXIST.
     
    Last edited: May 8, 2008
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    112,647
    Location:
    Texas
    Hi Mele, somebody did.
    I would use a link in the future.
     
    Last edited: May 8, 2008
  25. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,247
    Location:
    New England
    No, don't bother with any future. Mele is banned. (The shear number of complaints that have come in regarding her posts is more than enough to earn her of a ban worse than the guy she quotes as being the worst ever banned member from Wilders. Look at her posts and you'll she who she's talking about.) :isay:

    100 times I explained forum policy and 100 times she would not understand it. Enough is enough! Go back to your "home forum" for now and forever. Let DSLR deal with you! Mele you are never welcome here again!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.