[RC5] Various antivirus programs detect dnetc.exe and .scr as a trojan

John Vender jvender at ihug.com.au
Tue Sep 18 08:33:52 EDT 2007


On 18/09/2007, at 9:52 PM, Fredrik Elversson wrote:

> Hi John,
>
> You obviously misunderstodd my part where I said I am not a fan of  
> exluding files or folders from scanning by antivirus solutions, and  
> as long as it is detected as a trojan (by my antivirus solution(s))  
> dnetc is not running on my computers. My point was that I am  
> security aware and an excluded file or folder could be a potential  
> way-in for a real virus/trojan/malware...  And I couldn't let that  
> happend.
>
> I am very certain that dnetc is not a trojan; my point was just  
> that various antivirus solutions detects it as a trojan, which is a  
> bad thing. I sent the list of detections to make "everyone" aware  
> of the situation; as you could see it wasn't only one solution  
> detecting it as a trojan; it was several, and that probably comes  
> from cooperation (they share stuff) between the different solutions.
>
> All users could ofcource point out to the various antivirus  
> solutions that it is a false positive, but I think it should come  
> directly from the staff at distributed to make things happend.

Hi Fredrik,

I apologize if my post came across as rather aggressive, I was  
basically responding in a mood of severe frustration with the anti- 
virus companies. You made perfectly valid points but the anti-virus  
software companies are totally wrong.

I am d.net staff and have been for quite a long time. We have had to  
do a lot of work for a long time to teach these anti-virus software  
companies that dnetc is not malware and I personally find it  
infuriating that they are not willing to do the work they should be  
doing to learn about what they classify as malware before they do  
this. Unfortunately despite a huge effort on our part many still  
regularly flag dnetc as malware so the effort to educate them is  
ongoing.

A great example of how pathetic their research is in the opposite  
direction is that none of them detected the now extremely infamous  
Sony BMG rootkit some time back, yet they have the nerve to call  
dnetc malware. US courts hit Sony BMG hard for this so there is no  
argument that this was a particularly nasty piece of malware.

Using their logic of flagging dnetc as malware because trojans have  
been known to carry it and install it, since many trojans carry and  
install doctored versions of essential windows components they should  
surely also flag windows as malware. It would make as much sense  
(i.e. none).

I fully understand that Windows machines need protection from  
malware, but sadly the makers of software to do this don't do a good  
job, sometimes misclassifying innocent software as malware and  
sometimes not picking up malware even though all the signs of malware  
being installed on a system are plain to see to someone with  
expertise in this area (see Sony BMG rootkit example above).

Cheers...John

>
> // Fredrik
>
>
> John Vender <jvender at ihug.com.au> skrev:
>
> Hi Fredrik,
>
> if you choose to accept the ignorance of those anti-virus software
> makers in totally wrongly misclassifying dnetc as malware that is
> your choice but it does not mean by any means it is malware. It is
> simply that these people have seen it installed by trojans (fully
> agreed that is a bad thing but it doesn't by any means make dnetc
> malware). It is a sad fact that these companies don't feel like doing
> their research and are perfectly happy to cast a very negative light
> on something that is totally innocent because they couldn't be
> bothered getting the facts.
>
> Regards,
>
> John
>
>
> Går det långsamt? Skaffa dig en snabbare bredbandsuppkoppling.
> Sök och jämför hos Yahoo! Shopping.
> _______________________________________________
> rc5 mailing list
> rc5 at lists.distributed.net
> http://lists.distributed.net/mailman/listinfo/rc5

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.distributed.net/pipermail/rc5/attachments/20070918/37c5ac84/attachment-0001.html 


More information about the rc5 mailing list