From the source folks, this is confirmation from MooSoft that it was indeed a false alert. My apologies to all for taking up bandwidth etc....... heh. Still, had to be sure. +-dumbwabbit=+- --- dsovmlat_private wrote: > From dsovmlat_private Sat Feb 16 16:43:02 2002 > Date: Sat, 16 Feb 2002 17:43:02 -0700 (MST) > Subject: Re: The Cleaner reports WinPCap contains > WinRAT trojan > From: <dsovmlat_private> > To: <dumbwabbitat_private> > > I did not receive your email. I suspect you sent it > to the trojan > submission address trojansat_private which is an > attachment collector and > is not monitored by a human. > > WinPCAP was identified incorrectly and it has been > corrected in the latest > database. > > > Daniel Otis-Vigil > > > Forgive the cross-posting, but I think this *may* > > merit it. > > > > WinPCap is a packet capture driver/architecture > for > > Windows platform, allowing Windows users to do > such > > things as run NMapNT, the NT port of Nmap. > > > > Upon scanning a file archive on one of my pen > testing > > laptops, using the latest updated version of The > > Cleaner (a trojan AV product from MooSoft), The > > Cleaner reports that versions 2.01, 2.1, 2.2, and > 2.3 > > beta, along with the Developer Pack of WinPCap are > all > > infected with or contain the WinRAT (aka Windows > > Remote Administration Toolkit) client/server > trojan. I > > "tested" this further by re-downloading the > WinPCap > > files from the original website, located at: > > > http://netgroup-serv.polito.it/winpcap/install/default.htm > > All files downloaded from this location scanned by > The > > Cleaner are reported as containing WinRAT. > > > > I have sent copies of these files to MooSoft > asking if > > they can verify this, and I have emailed the > authors > > of WinPCap as well. That was 3 days ago. > > > > McAfee VirusScan 4.51 and 6, both with latest DATs > > (4186) do not find anything. > > I do not have access currently to Norton or Trend > or > > another AV product. > > I also cannot find any helpful information about > the > > WinRAT trojan online (MooSoft's description > contains > > absolutely NO information regarding this trojan > other > > than listing it - see > > http://www.moosoft.com/winrat.php). > > I have not yet heard back from WinPCap authors, > nor > > MooSoft. Therefore, I would like to ask if anyone > else > > can verify or disprove this "finding". > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Sports - Coverage of the 2002 Olympic Games > > http://sports.yahoo.com > > > __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
This archive was generated by hypermail 2b30 : Sat Feb 16 2002 - 20:20:20 PST