I doubt there's any malware in NDN.

It would be less confusing if there were an easy way to look up just what 
"not-a-virus:Effect.DOS.Benediction" from ClamAV means.  Since there isn't 
(that I know of), I did some research.

NDN's filetype.dll is a filetype detector with a *very* encyclopedic list of 
packers and their signatures.  It's so thorough that it even detects an old COM 
packer called "XorCopy 1.0" that was used in 1995 to hide BBS advertisements 
(in the form of tightly coded demos) from BBS software designed to remove BBS 
advertisements from archives when they're uploaded.

ClamAV can detect this packer too, but it calls it "Benediction" because about 
the only place this packer has been seen on the internet is the advertisement 
for the Benediction BBS of Switzerland, which is included with at least one 
scary-looking virus construction kit.  There are no currently circulating 
viruses based on this kit.  As for the advertisement, it's questionable whether 
anything packed with XorCopy will even run on a Pentium.  The advertisement 
crashed my P3, but ran OK under TR 2.00 which does a good job of acting like a 

In other words, it's just a spent shell from the BBS Wars of 1995.

Date: Mon, 14 Sep 2009 12:24:52 -0400
From: wb2...@gmail.com
To: freedos-user@lists.sourceforge.net
Subject: [Freedos-user] Malware IIII

Took the suggestion and uploaded the file to virustotal.com, and guess what? 
*eleven redlines, including dos.benediction!!!* This has a rather grim 
aspect? I would attach the results, but the page does not allow attachments, 
and I have no home page to put it on.--kurt<wb2...@gmail.com>.
Ready for Fall shows? Use Bing to find helpful ratings and reviews on digital 
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
Freedos-user mailing list

Reply via email to