[RC5] Norton Antivirus now removing dnetc.scr

Larry Frieson larryf at mlinks.net
Thu Dec 13 15:48:26 EST 2007


I work for an AV company, and I have to say, I think it's BS that the 
DNet Clients are detected by some companies as a trojan.  However, I also 
know that this might change from some AV companies (like Sophos) if the 
file was not PECompacted.  Is there any reason why the files are compiled, 
and then Compacted?  I've gotten word from other AV Vendors that they now 
consider any PE file that is compressed to be a threat.  IE, Sophos will 
call them MAL/Packer, if they are packed.  Even ClamAV now has signatures 
for several PE Packers out there that detects any file packed with a said 
packer...  At least some AV companies are nice enough to label the DNet 
clients as a PUA, rather than just trojan...

Larry

On Tue, 11 Dec 2007, Kevin McCoy wrote:

> I am getting dire warnings and automatic removal of DNET.SCR by Norton 
> Anti-virus.
>
> I downloaded a fresh copy of the dnet client installer for windoze - same 
> deal. Norton removes dnetc.scr, post haste. It is not a big deal that the 
> dnet screen saver program is getting munched, since I don't actually use it, 
> but this could be a problem for other folks that do.
>
> Guessing that its only a matter of time before Symantec/Norton jumps on the 
> distributed.net-is-a-virus bandwagon, I fired off a quick nastygram to 
> Symantec. Their reply is found below. This is actually their second reply. 
> The first one they completely misunderstood and offered to help me remove the 
> dreaded distributed.net Trojan - for a fee. Grrrrr.
>
> I would fill out the web form myself, but it looks like the "vendor" has to 
> do it - they want contact information and whatnot.
>
> Can one of the developers / project leaders fill out the form?
>
> Thanks!
>
> Kevin G. McCoy
>
> --------------------------------------------------%-----------------------------------------------
>
> /Subject
> ---------------------------------------------------------------
> Technical Support
>
>
> Discussion Thread
> ---------------------------------------------------------------
> Response (Thiyagarajan) - 12/08/2007 01:07 AM
> Greetings Kevin,
>
> Welcome back to Symantec Online Technical Support.
>
> Kevin, please be informed that whenever we have a vendor disputing, our 
> detection of their software as a Security Risk, they should be instructed to 
> fill out this form (the link is mentioned below). Security Response will then 
> handle the issue. It's important that these issues are handled appropriately, 
> especially whenever there is a threat of litigation.
>
> Web URL:
> https://submit.symantec.com/security_risks/dispute/
>
> If you need further assistance, please do not hesitate to contact us.
>
> Regards,
> Thiyagarajan. V
> Symantec Technical Support
> /
>
>
>
>


More information about the rc5 mailing list