Re: PP's "PestScan"

Discussion in 'other security issues & news' started by spy1, Jul 25, 2003.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Your machine is far too clean, in dutch we would say "geen pest aan!" which is double meaning here:
    in english it would mean "not interesting at all!" but the other meaning is "no pest around there!"
    Was it worth the risk of all those uncertified files installed for ever deep into your system or are they away again now?
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Well, Jooske, the whole thing for me was an exercise that attempted to show people what not to do. (Or the consequences if they did).

    It was the only way I could think of to do that and since Pete unfortunately isn't wealthy enough to afford a "test" machine....

    I'll get it all off later. Still would love to have someone with some know-how packet-sniff the whole thing and report on exactly what gets sent and received.

    Scans carrying that much baggage are enough to turn people off all "scans" from the Internet. Pete
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you try some with the socket spy in Port Explorer? You could run it some time (might grow fast if there is much traffic) Might give some indication.
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I sniffed my traffic while doing an on-line scan and it shows NO traffic at all, but instead came up with two false positives...
    Dolf
     
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I decided to test it out on a clean machine, and I had a program's uninstall exe identified as a trojan. :rolleyes:

    I'm sure more false-positives are possible - I should try substituting another file to see if it scans by filename.

    Best regards,

    -Javacool
     
  7. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re: PP's "Pest"

    I know it does, one of the fp was called capture.dll :D but it is a legitimate part of Macro Express
    Dolf
     
Loading...
Thread Status:
Not open for further replies.