technically no it shouldnt treat r_server.exe or admin.dll as virii .. first off i modified r_server by changing its icon to a blank icon and compressed it with upx , so no antivirus so pick up the exe , the dll i could see as being detected because i didnt modify anything. the package in total should be detected because the files are only held in a resource file. so its not hard to determine the dropper portion of it
On Wed, 13 Oct 2004 18:08:26 +0200, Noam Rathaus <[EMAIL PROTECTED]> wrote: > On Wed October 13 2004 11:38, Feher Tamas wrote: > > Ill Will wrote: > > >oops... > > > > > >http://www.illmob.org/0day/ghostradmin.zip > > > > Trojandropper.Win32.RDM.a > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > $ clamscan --version > clamscan / ClamAV version 0.75-1 > > $ clamscan ghostradmin.zip > ghostradmin.zip: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 24325 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.42 MB > I/O buffer size: 131072 bytes > Time: 0.604 sec (0 m 0 s) > > Clam doesn't think its a virus/Trojan/whatever > > -- > > Noam Rathaus > CTO > Beyond Security Ltd. > > http://www.beyondsecurity.com > http://www.securiteam.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- - illwill http://illmob.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
