Possible false positive Phant0m's ruleset installer

Discussion in 'other security issues & news' started by storm119, Dec 11, 2005.

Thread Status:
Not open for further replies.
  1. storm119

    storm119 Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    39
    Location:
    `Land Below The Wind'
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re: Phant0m's ruleset

    ...
    ....
     

    Attached Files:

    • AVs.png
      AVs.png
      File size:
      14.9 KB
      Views:
      419
  3. ita?

    ita? Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    6
    Re: Phant0m's ruleset

    so do i...KAV 5.0.390 o_O
     
  4. lilo

    lilo Guest

    Re: Phant0m's ruleset

    http://virusscan.jotti.org/
    File: Phant0m`s-v6-Final.zip
    Status: INFECTED/MALWARE (Note: this file has been scanned before.

    Therefore, this file's scan results will not be stored in the database)
    MD5 d8905ef7479a847f415725314924b1a2
    Packers detected: -
    Scanner results
    AntiVir Found Trojan/Packed.CryptExe
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Packed.Win32.CryptExe
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found Malware.Agent.31 (probable variant)

    PhantOm ****y You!
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re: Phant0m's ruleset

    Thanks lilo…..

    Between mine and your posts, does yours offer anything new to bring to the table?

    Anyways, what you see there for an attachment image in my post #26, all scanners that flagged my program, all false positives.
    ..
     
    Last edited: Dec 11, 2005
  6. lilo

    lilo Guest

    Dear Phant0m! Are you sleeping tonight?I think NO!
    Bad start for a buisnes.
    5:1 !!!!!!!!!!!!

    READ THIS from http://virusscan.jotti.org/

    This service is by no means 100% safe. If this scanner says 'OK', it does not
    necessarily mean the file is clean. There could be a whole new virus on the
    loose. NEVER EVER rely on one single product only, not even this service,
    even though it utilizes several products. Therefore, We cannot and will not
    be held responsible for any damage caused by results presented by this
    non-profit online service.
    How you say nobody is perfect,change your code!
    How you say "Kn0wledge Is Thee P0wer!!!"
    Off you go...alone in the dark..
     
  7. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Firstly, why don’t you try using glasses, and perhaps you can see your posts aren’t bringing anything new to the table from what I already shown for an image attachment in my previous post…

    My program is packed, and as you can see there are some AntiVirus systems that automatically flag packed files with certain compressors used, thus called ‘generic detection’, look it up sometime…

    Just for the record lilo, I'll not be responding to your pathetic remarks any further.

    btw: lilo, I like how you like to hide behind Guest to direct me, always, this and previous times in the past.
     
    Last edited: Dec 12, 2005
  8. Thor1

    Thor1 Guest

    Im not going to go on any longer and bunch up this thread with a
    discussion so Phant0m many thanks for all your hard work on the Rules,
    I totally respect you and your post's but until exist possible threats
    I shall be using old Rules file.
    Thanks Phant0m,(change your compressors)
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Almost everything out there for good compressors, are flagged by those AntiVirus software. I’m not about to change compressors and purchase yet again another compressor software just to please bitching AV software, AV developers needs to better inform that these types of alerts doesn’t necessarily mean INFECTION but there's uncertainty due to not capable of scanning these types of packed files.
     
  10. Thor1

    Thor1 Guest

    Hmmo_O?
    From Kaspersky!!
    For maximum user protection, Kaspersky Anti-Virus recognizes more than 700 formats of archived and compressed files. This is essential for anti-virus security, because harmful executable code may be hidden inside files of any recognized format.
     
  11. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    You could contact Kaspersky support, for example.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Already had done that three days ago, and to all of those which are shown to detect in the image I provided....

     
  13. Thor1

    Thor1 Guest

    You have problem!
     
  14. hack

    hack Guest

    Re: Phant0m's ruleset

    If you open Ruleset-Installer.exe with edit...,
    and then you can see that problem is not with compressors packers.
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Re: Phant0m's ruleset

    Hack, you say this, but what I see from AntiVirus systems indicate otherwise, indicates that it is indeed bitching about my file that been packed up using compressor, AV systems bitches about this, ‘Packed.Win32.CryptExe’.

    I don’t mean this to be degrading, but please do some research before postering about something you obviously don’t know nothing about.
     
  16. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Re: Phant0m's ruleset

    Well, at least something good came out of this. I think I have came to the conclusion that pcInternetPatrol does not really authenticate their software, they just run it through virus scanning program(s). If they really authenticated things on their own there is no way they would call this a "Malicous Program"; Only a program with generic packer detection/false labeling would do so. There is no other valid explanation for this:

    http://www.pcinternetpatrol.com/forums/viewtopic.php?p=563#563
     

    Attached Files:

    • bs.JPG
      bs.JPG
      File size:
      31.7 KB
      Views:
      412
  17. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Re: Phant0m's ruleset

    Update - Notice how pcInternetPatrol labels Ruleset-Installer.exe as "Packed CryptExe.w32.". I smell something fishy about pcInternetPatrol, pay them and they will virusscan programs for you; Hah.
     

    Attached Files:

    • bs2.JPG
      bs2.JPG
      File size:
      46.3 KB
      Views:
      411
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Guest poster Thor1,

    Your post has been removed and future posts only offering comments such as 4:1, 5:1, 6:1....etc will be removed without further comment. If you wish to be part of this discussion Please bring to the table something other than your troll posts.

    Regards,
    Bubba
     
  19. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    NOD32 knows the truth (all advanced scanning options on, up-to-date):
     

    Attached Files:

    • cc.JPG
      cc.JPG
      File size:
      49 KB
      Views:
      408
  20. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi AJohn


    NOD32 actually unpacks/decrypts and scans, correct?
    The other Anti-Virus software basically detects packers/encryptors and flags the RED sign, or at least for packers/encryptors it doesn’t have support for.

    The question is; does NOD32 support unpacking/decrypting for what I had used?
    Assuming it does not, and it doesn’t inform of this, then perhaps there could be a possibility of a baddy and could explain why NOD32 is silent. ;)
     
  21. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    NOD32 returned no errors with the below settings (as advanced as NOD32 is, it would at least alert potential danger/unable to unpack):
     

    Attached Files:

  22. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Just an update(These are the results of both the "Looknstop_Ruleset.exe" scanned above, and the new version from MntOlympus.org):
     

    Attached Files:

    Last edited: Dec 26, 2005
Loading...
Thread Status:
Not open for further replies.