Trojan Warning - hidewndw.exe

[richto]

I just scanned my PC with the the latest 4.x version of The Cleaner (Free for 30 days from www.moosoft.com) and found that a couple of ioFTPD sites that I had backed up to .RAR files contained the 'Aristotles' Mirc trojan in the program hidewndw.exe - which was used for hiding the eggdrop bot window.

I didnt setup these sites, so i dont know where this file was sourced from, but if you use this program, please scan it with a proper trojan detector like Moosoft. Dont rely on your normal AV software to pick this up.

[ADDiCT]

if some trojan uses that (legimate) exe for bad purposed, antivirus companies will mark that file as a virus/worm/trojan... while it's not... sounds to me like this is the case here

[richto]

Antivirus companies dont do anything of the sort. They would detect malicious code by its unique digital signature.

[neoxed]

Quote:

Originally posted by richto
Antivirus companies dont do anything of the sort. They would detect malicious code by its unique digital signature.

No, ADDiCT is correct. McAfee and Norton have tagged legitmate software as viruses/trojans. SlimFTPd and FireDaemon are two examples of legitimate software being tagged as malware.

This is the result of script kiddies from bundling software like these apps in their trojans and other lame crap.

[bounty]

i personnaly tested that archive of hidewndw.exe before adding it into dzsbot package

hidewndw.exe is clean but can be used by malicious guyz so i think it's the reason some AV mark it as virus like addict explained


have fun
bounty

[fr0z3n]

hey,

yes.. it probably isn't a trojan, but if you're that worried i just put together a small app that does essentially the same thing; included source files for those interested.

Code:

usage: hiddenExec <command-line>

command line being the line to be executed hidden, length and spaces dont matter

hope this helps,
fr0z3n

[wooolF[RM]]

thanx for the alternative, fr0z3n