Go Back   FlashFXP Forums > > > >

! Other Scripts Support Support for all other scripts...

Reply
 
Thread Tools Rate Thread Display Modes
Old 11-01-2003, 05:59 PM   #1
richto
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Jan 2003
Posts: 59
Exclamation Trojan Warning - hidewndw.exe

I just scanned my PC with the the latest 4.x version of The Cleaner (Free for 30 days from www.moosoft.com) and found that a couple of ioFTPD sites that I had backed up to .RAR files contained the 'Aristotles' Mirc trojan in the program hidewndw.exe - which was used for hiding the eggdrop bot window.

I didnt setup these sites, so i dont know where this file was sourced from, but if you use this program, please scan it with a proper trojan detector like Moosoft. Dont rely on your normal AV software to pick this up.
richto is offline   Reply With Quote
Old 11-01-2003, 06:05 PM   #2
ADDiCT
Senior Member
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: Aug 2003
Posts: 517
Default

if some trojan uses that (legimate) exe for bad purposed, antivirus companies will mark that file as a virus/worm/trojan... while it's not... sounds to me like this is the case here
ADDiCT is offline   Reply With Quote
Old 11-01-2003, 06:09 PM   #3
richto
Member
FlashFXP Registered User
ioFTPD Foundation User
 
Join Date: Jan 2003
Posts: 59
Lightbulb

Antivirus companies dont do anything of the sort. They would detect malicious code by its unique digital signature.
richto is offline   Reply With Quote
Old 11-01-2003, 06:43 PM   #4
neoxed
Too much time...
FlashFXP Beta Tester
ioFTPD Scripter
 
Join Date: May 2003
Posts: 1,326
Default

Quote:
Originally posted by richto
Antivirus companies dont do anything of the sort. They would detect malicious code by its unique digital signature.
No, ADDiCT is correct. McAfee and Norton have tagged legitmate software as viruses/trojans. SlimFTPd and FireDaemon are two examples of legitimate software being tagged as malware.

This is the result of script kiddies from bundling software like these apps in their trojans and other lame crap.
neoxed is offline   Reply With Quote
Old 11-01-2003, 07:19 PM   #5
bounty
Senior Member
ioFTPD Scripter
 
Join Date: Aug 2002
Posts: 529
Default

i personnaly tested that archive of hidewndw.exe before adding it into dzsbot package

hidewndw.exe is clean but can be used by malicious guyz so i think it's the reason some AV mark it as virus like addict explained


have fun
bounty
bounty is offline   Reply With Quote
Old 11-02-2003, 02:09 AM   #6
fr0z3n
Registered User
 
Join Date: Sep 2003
Posts: 46
Default

hey,

yes.. it probably isn't a trojan, but if you're that worried i just put together a small app that does essentially the same thing; included source files for those interested.

Code:
usage: hiddenExec <command-line>
command line being the line to be executed hidden, length and spaces dont matter

hope this helps,
fr0z3n
Attached Files
File Type: zip hiddenexec.zip (11.1 KB, 69 views)
fr0z3n is offline   Reply With Quote
Old 11-02-2003, 10:16 AM   #7
wooolF[RM]
Senior Member
ioFTPD Foundation User
 
Join Date: Oct 2003
Posts: 411
Default

thanx for the alternative, fr0z3n
wooolF[RM] is offline   Reply With Quote
Reply

Tags
hidewndw.exe, program, sites, sourced, trojan

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:39 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)