From: idbeholda on
http://www.tot-ltd.org

Details are available on the front page.

Enjoy.
From: Lil' Abner on
idbeholda <idbeholda(a)gmail.com> wrote in news:36ed32ff-f024-48fb-8309-
0fdfd966e7f1(a)41g2000yqn.googlegroups.com:

> hxxp://www.tot-ltd.org
>
> Details are available on the front page.
>
> Enjoy.

Yeah, right. That's so obvious it stinks!
TR/Dropper.Gen.Trojan

--
--- Everybody has a right to my opinion. ---
From: FromTheRafters on
"Lil' Abner" <blvstk(a)dogpatch.com> wrote in message
news:Xns9DB97DC6897Dbutter(a)wefb973cbe498...
> idbeholda <idbeholda(a)gmail.com> wrote in news:36ed32ff-f024-48fb-8309-
> 0fdfd966e7f1(a)41g2000yqn.googlegroups.com:
>
>> hxxp://www.tot-ltd.org
>>
>> Details are available on the front page.
>>
>> Enjoy.
>
> Yeah, right. That's so obvious it stinks!
> TR/Dropper.Gen.Trojan

Huh?

Are you saying that your antibadware program detects a threat on that
site?


From: idbeholda on
On Jul 18, 1:32 pm, "FromTheRafters" <erra...(a)nomail.afraid.org>
wrote:
> "Lil' Abner" <blv...(a)dogpatch.com> wrote in message
>
> news:Xns9DB97DC6897Dbutter(a)wefb973cbe498...
>
> > idbeholda <idbeho...(a)gmail.com> wrote in news:36ed32ff-f024-48fb-8309-
> > 0fdfd966e...(a)41g2000yqn.googlegroups.com:
>
> >> hxxp://www.tot-ltd.org
>
> >> Details are available on the front page.
>
> >> Enjoy.
>
> > Yeah, right. That's so obvious it stinks!
> > TR/Dropper.Gen.Trojan
>
> Huh?
>
> Are you saying that your antibadware program detects a threat on that
> site?

Yes, it looks like everyone is entitled to Lil'Abner's opinion, no
matter how outlandish or farcical it may actually be. I'm wonder who
will step forward next, saying after they ran TT Livescan or The
Security Suite that they were abducted by space aliens and woke up
naked in a cornfield covered in rum. Really, if you're going to make
an accusation, back it up with statistical fact.

http://virusscan.jotti.org/en/scanresult/05c4a970207047724ed2f0581332800bf5f5ab5b
http://www.virustotal.com/analisis/40fcde139401b4a87156512de00d7163bdf3222628a163474bfe88dccfd4ca35-1279472728

Symantec picks up just about anything with a .vbs extension as
hostile. For instance, in The Security Suite, it uses vbscript to do
a quick 80MB defrag of the ram. How hostile is this piece of code,
you ask? Let's see.

Mystring = Space(80000000)

Yeah, that's really gonna hose your system. Way to go, Symantec.

a-squared, AntiVir, and Ikarius, from personal experience, usually cry
wolf on just about anything, which is why I avoid using them.

Anyone got any more questions they'd like cleared up?
From: idbeholda on
The alert you're getting for PortStub.exe would be a false positive.
When the scanner initializes, PortStub.exe is activated, which
produces a list of ACTIVE processes, and their active port numbers,
then it exits. The items in this list are checked against the online
whitelist database. The reason both The Security Suite and TT
Livescan are as small as they are is because a full local install of
the database AND the application will be close to 2GB. The only way
for me to make my project available to the public, is to make it to
where the current database format is remotely accessed.

The experimental, unreleased version that I have at my own personal
disposal has database access times that are only limited by the
physical speed of the hardware architecture that it's installed on.
The downside is, the way the unreleased database is formatted, it
takes up nearly 160GB. Yes, you read that correctly, and no, it's not
science fiction or an urban legend. The reason I bring this up, is
that if it were commercially viable for me to make this version
available to the public, I would. Unfortunately, I have neither the
time OR the resources to do so at this point in time. In the future,
it's a possibility.

Now, onto the second part... Since the last time I explained
something similar to this (the ftp uploader), and was accused of
writing a worm, again, unlike other companies, I will OPENLY discuss
my work if asked politely. The following code is the only part of the
code that "drops" anything. And yes, it was modified from a project
on pscode that I downloaded quite some time ago. The dropped file in
question being ports.map, as we can see below.


If Not Privilege Then
If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
End
End If
End If
Privilege = True

If OpenPort() Then
For i = 0 To 65535
If ResultPorts(0, i) Then
PPCode = Replace(Str(i) + vbTab +
ProcessPathByPID(ResultPorts(0, i)), " ", "")
If InStr(PPCode, "SYSTEM") < 1 Then
Open "ports.map" For Append As #2
Print #2, PPCode
Close #2
End If

End If
If ResultPorts(1, i) Then
PPCode = Replace(Str(i) + vbTab +
ProcessPathByPID(ResultPorts(1, i)), " ", "")
If InStr(PPCode, "SYSTEM") < 1 Then
Open "ports.map" For Append As #2
Print #2, PPCode
Close #2
End If
End If
Next i
End If
Unload Me
End Sub

Gathering the list of processes by port, and then outputting the
results to a plain text file. There it is. There is the so-called
"hostile" code.

If you have any more questions, I'll be more than happy to answer them.
 |  Next  |  Last
Pages: 1 2
Prev: heureuse
Next: Simple hack to get $500 to your home.