I doubt there's any malware in NDN.
It would be less confusing if there were an easy way to look up just what
"not-a-virus:Effect.DOS.Benediction" from ClamAV means. Since there isn't
(that I know of), I did some research.
NDN's filetype.dll is a filetype detector with a *very* encyclopedic list of
packers and their signatures. It's so thorough that it even detects an old COM
packer called "XorCopy 1.0" that was used in 1995 to hide BBS advertisements
(in the form of tightly coded demos) from BBS software designed to remove BBS
advertisements from archives when they're uploaded.
ClamAV can detect this packer too, but it calls it "Benediction" because about
the only place this packer has been seen on the internet is the advertisement
for the Benediction BBS of Switzerland, which is included with at least one
scary-looking virus construction kit. There are no currently circulating
viruses based on this kit. As for the advertisement, it's questionable whether
anything packed with XorCopy will even run on a Pentium. The advertisement
crashed my P3, but ran OK under TR 2.00 which does a good job of acting like a
In other words, it's just a spent shell from the BBS Wars of 1995.
Date: Mon, 14 Sep 2009 12:24:52 -0400
Subject: [Freedos-user] Malware IIII
Took the suggestion and uploaded the file to virustotal.com, and guess what?
*eleven redlines, including dos.benediction!!!* This has a rather grim
aspect? I would attach the results, but the page does not allow attachments,
and I have no home page to put it on.--kurt<wb2...@gmail.com>.
Ready for Fall shows? Use Bing to find helpful ratings and reviews on digital
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
Freedos-user mailing list