98 replies to this topic

[B-boy/StyLe/]

hXXp://rapidshare.com/files/231138341/_68E9.rar.html

VirusTotal (6/40)

Not hit by MBAM:

Quote

Database version: 2102
Windows 6.1.7100

10.5.2009 г. 01:06:20
mbam-log-2009-05-10 (01-06-20).txt

Scan type: Quick Scan
Objects scanned: 60379
Time elapsed: 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

*Came with Loaris Trojan Remover installation...

One FP with loaris and not hit by VirusTotal.

[Lusitano]

RAR corrupted

[B-boy/StyLe/]

Lusitano, on May 10 2009, 12:10 AM, said:

RAR corrupted

Lol. You're right ! Sorry

hXXp://rapidshare.com/files/231159439/_660.rar.html

[MysteryFCM]

Was this actually installed by loaris?

/edit

The rar just seems to contain another rar with a database and version info file? Do you have the original executable that this belongs to?

[MysteryFCM]

Okie, downloaded the file from loaris.com and;

hjt1.com > UPX packed > http://virusscan.jotti.org/en/scanresult/c...044888c03236e77

Unpacked:
http://virusscan.jotti.org/en/scanresult/b...a24e3ee95dc412e

Looking at hjt1 in a hex editor, shows it's a renamed copy of Trend Micro HJT (naughty naughty).

Can't see the files you rar'd though?

[B-boy/StyLe/]

Maybe some kind of definition file ? I don't know.



After installation process:

[MysteryFCM]

Oks, cheers (don't have access to a test machine atm, so couldn't actually run it)

/edit

Jottie results for the DB file (3 detections)

http://virusscan.jotti.org/en/scanresult/0...7520333f32c74a3

[B-boy/StyLe/]

Maybe FP, but keep an eye on it

All the best,

B-boy

[Loaris]

B-boy/StyLe/, on May 10 2009, 01:12 AM, said:

Maybe FP, but keep an eye on it

All the best,

B-boy

Yes, you can keep an eye on us. But, why you can't contact us DIRECTLY and get answers on ALL your questions??
If you have any doubts -- we can solve them! What is your suspicion, and claims?

[Loaris]

>>Looking at hjt1 in a hex editor, shows it's a renamed copy of Trend Micro HJT (naughty naughty).

Naughty?! Probably only for you. Many trojans blocked antispyware and tools by exe name. As result some of our customers can't run Trend Micro HJ. I renamed this tool - obviously, is not it?

>>http://virusscan.jotti.org/en/scanresult/05073d87f4f95074ef482d69b7520333f32c74a3

I don't know what is it. But can assume that it is part of signature from temp folders for detection malware. Any one can send me this file for analyse?

--
any other claim?

[MysteryFCM]

Loaris, on Jun 5 2009, 05:34 PM, said:

>>Looking at hjt1 in a hex editor, shows it's a renamed copy of Trend Micro HJT (naughty naughty).

Naughty?! Probably only for you. Many trojans blocked antispyware and tools by exe name. As result some of our customers can't run Trend Micro HJ. I renamed this tool - obviously, is not it?

You've missed the point - renaming and including someone elses tool without disclosure or permission (something I doubt you obtained), is bad ethics.

[Loaris]

MysteryFCM, on Jun 5 2009, 04:41 PM, said:

You've missed the point - renaming and including someone elses tool without disclosure or permission (something I doubt you obtained), is bad ethics.

You are right - if it doing for hide real author and/or for deception users.

But in this case -- normal tactic. I didn't remove compyright or EULA! It's accesible in unregistered version without any restrictions.
and more: on many security forums was recomendded the same tactic - renaming.

[Loaris]

Instead of that would combine in the fight against malware, you start a game competitor.
not nice!

[TeMerc]

Loaris, on Jun 5 2009, 10:00 AM, said:

You are right - if it doing for hide real author and/or for deception users.

But in this case -- normal tactic. I didn't remove compyright or EULA! It's accesible in unregistered version without any restrictions.
and more: on many security forums was recomendded the same tactic - renaming.

I think Mystery was referring to the bundling of HiajckThis! into your software. I'd be surprised if Trend Micro approved this.

And yes, renaming is a very popular 'trick', and it is also used in the security forums you mentioned and they are all providing 'free' support, your product costs money to use, does it not?

[B-boy/StyLe/]

I apologise for the initiated inconvenience. I talk about only for that I saw during use of your product. Nothing more.

I'll send this file to Avira support team for double check as well.

Here is the file:

hXXp://www.mediafire.com/download.php?gq2mjmyc2d3

VirusTotal (5/40)

[Loaris]

TeMerc, on Jun 5 2009, 06:37 PM, said:

I think Mystery was referring to the bundling of HiajckThis! into your software. I'd be surprised if Trend Micro approved this.

And yes, renaming is a very popular 'trick', and it is also used in the security forums you mentioned and they are all providing 'free' support, your product costs money to use, does it not?

If will be any abuse from TrendMicro - I'll remove this tool. You are from TrendMicro? not? So write them about Loaris... I tried several times - unsuccess. I don't see any problem with it!

Did you see http://support.loaris.com ? We provide free support for ALL users. Try to find whom we are not responded. We provide free trial key if users ask (and some times it is good tactic - several of this users buy license later ).

[Loaris]

B-boy/StyLe/, on Jun 5 2009, 06:44 PM, said:

I apologise for the initiated inconvenience. I talk about only for that I saw during use of your product. Nothing more.

I'll send this file to Avira support team for double check as well.

Here is the file:

hXXp://www.mediafire.com/download.php?gq2mjmyc2d3

VirusTotal (5/40)

Hello,

thank you! but I can't access to mediafire (may be my ISP blocked this site) please could you to pack this file with password and send it to me via evloaris@gmail.com

[Loaris]

Loaris, on Jun 5 2009, 06:52 PM, said:

If will be any abuse from TrendMicro - I'll remove this tool. You are from TrendMicro? not? So write them about Loaris... I tried several times - unsuccess. I don't see any problem with it!

I want to clarify - why it is not a problem for us. In this case, I'm just going to recommend to download HJ from TrendMicro site.
Somewhat difficult for the end users - but nothing more

[TeMerc]

Loaris, on Jun 5 2009, 10:52 AM, said:

If will be any abuse from TrendMicro - I'll remove this tool. You are from TrendMicro? not? So write them about Loaris... I tried several times - unsuccess. I don't see any problem with it!

Did you see http://support.loaris.com ? We provide free support for ALL users. Try to find whom we are not responded. We provide free trial key if users ask (and some times it is good tactic - several of this users buy license later ).

I've sent a message to them via a private forum linking to this public forum.

Again, you miss my point about the bundling of HJT with your product. I never mentioned your support.

[Loaris]

TeMerc, on Jun 5 2009, 07:08 PM, said:

I've sent a message to them via a private forum linking to this public forum.

thanks.

But I am outraged that our soft classified as a rogue by your team!