HTASTOP is a RAT?

Discussion in 'privacy problems' started by Checkout, Jan 27, 2003.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    I've just run PestPatrol with the latest update, and it's alerted in HTASTOP - as a trojan.

    This is really hard to beleive, since I downloaded it from a link here at Wilders! It says SkdRemover 1.0 (whatever that is). PestPatrols Pest Verification Token is 1255152715.

    Can anyone confirm or disprove this, please?
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    lol!

    My money's on "Another FP from our friends at PP!" Pete
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Thanks, Pete - for a while there I thought I was in danger of either growing up or slipping back into reality. :)
     
  4. snowy

    snowy Guest

    Checkout

    echoing what Pete said.........the below may be of some interest.....it "MAY" be an aka for what you mentioned......not sure this is allowed....mods can remove if need be: I think there is "one" removal tool specifically for this trojan:......any AT should do it


    Name: SkyDance
    Aliases: SKD,
    Ports: 4000 (port can be changed)
    Files: Skydance2.16b.zip - 267,013 bytes Skydance2_20bf.zip - 292,637 bytes Skydance2.23b.zip - 296,332 bytes Skydance2_25bf.zip - 303,060 bytes Skydance2.29b.zip - Skyserver 2.16 beta release.exe - 163,840 bytes Skyserver 2.20 beta release.exe - 172,032 bytes Skydance 2.16 beta release.exe - 409,600 bytes Skydance 2.20 beta release.exe - 430,080 bytes Hskdl.dll - 36,864 bytes Skd.exe - Skd.dll - Skdl.dll - Mail.vbs - Activex-security-off.vbs - Starturl.vbs - Regkey.vbs - Regkey.txt - o_O bytes
    Created: April 2000
    Requires: N/A
    Actions: Remote Access
    Among the information this trojans steals is a copy of all registrysettings.
    Versions: 2.0, 2.01, 2.15b, 2.16b, 2.20b, 2.291b, 2.23b, 2.25b, 2.29b,
    Registers: HLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    Notes: Works on Windows 95, 98, ME and NT. Password = Skydance.
    Country: N/A
    Program: Written in C++.
     
  5. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Thanks, Snowman. I'm running a TDS3 Deep Scan right now, and I'm pretty confident that it won't find a thing. I find it easier to believe TDS than PP...
     
  6. snowy

    snowy Guest

    Checkout

    you are always most welcome....by the ways..last year on another machine I ran htaStop an never noticed any adverse traffic...........
     
  7. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    HTASTOP if I remember correctly is produced by the BOClean folks. No, it's not a RAT and think about it, it's not good for business for an AT company to either produce or be accused of producing a RAT. I'd trust the BOClean people over PP anyday.

    It is, however, if I recall correctly, not the first time I've seen reports that PP identifies a competitor's product (or a component thereof) as suspect.
     
  8. ZZZ7

    ZZZ7 Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    72
    http://www.nsclean.com/htastop.html

    why even use a program like PP........its pathetic!
     
  9. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    I have used HTAStop for over 2 years now and have run literally dozens upon dozens of scans with TDS3, Spybot [when I got it a few weeks ago] and I even had *PestPatrol* for a while and not one single peep.

    FALSE ALARM CONTROLLER, I WILL BET MY HOUSE KEYS ON IT.
     
  10. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hello all,

    I agree that HTAStop is a false positive. I have been using it for over a year with both TDS and TrojanHunter, and neither one has ever alarmed on it.

    I beleive the new version of PP has a problem with false positives. Patrick has been having a problem with PP alarming on parts of his SpyBot S&D and from what I have read PP does not seem to care to fix the problem as Patrick has been trying to get them to fix it for a while now...

    Just my two cents worth :D ....

    Regards,
    Kent
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    False positive - no need to worry ;).

    regards,

    paul
     
Thread Status:
Not open for further replies.