Antivirus joy

ConfusedConfused Wait. What? Join Date: 2003-01-28 Member: 12904Members, Constellation, NS2 Playtester, Squad Five Blue, Subnautica Playtester
<div class="IPBDescription">Having fun with names.</div>So,

Recently, I stumbled across a tool to generate difficult to crack passwords that would also be reasonably easy. <a href="http://xato.net/bl/2007/01/30/pafwert-smarter-passwords/" target="_blank">Linkage</a> I have happily been using ti to create passwords that i don't plan on using more than a few times, like the sorts of things you put on passworded zip files for example. Essentially, cheap disposable passwords that I can type 10 minutes later with out having the write them down.

Today to my distinct displeasure after making a very nice one, which was attached to a zip file, I was warned about a virus in one of the files, called innocuously "MaleName.txt". Symantec warned me of a that it had successfully deleted the file to keep Hacktool.PWSteal off my machine. Their website wasn't very up front about exactly what the problem was in since I'm a curious type I decide to reinstall the file from the cnet download. Of course, this immediately trips my anti virus software and bam there goes MaleName.txt again.

So, I being the enterprising young man that I am extract the contents of the msi file in an attempt to get the file. It blinks on my desk top and vanishes. Symantec has ... blah blah blah.

Then I decide to see what is in this file since Symantec will not show me. I disable active protection for long enough to open the file in a hex and text editor. as soon as active protection get enabled. The copy on the drive is gone. However, I now have "The Goods" as it were. (NOTE: This is generally not a good idea.)

The goods it turns out is a newline delimited list of names in alphabetical order. I'm a bit confused. I was expecting to see something at least somewhat scary looking. I then decide that there must be some sort of error. and that the file just looks like a virus.I start pulling out a few hundred names at a a time trying to figure out what is killing my file. In the end, I narrow it down to 15 names in the letter A which must be present to trip my software.


The question is: Does it trip yours?
Simply paste the following text into a text file, remove any spaces you may have picked up, and enter a carriage return prior to the first and after the last item.
<!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->

alyosha
amble
ambros
ambrose
ambrosi
ambrosio
ambrosius
amby
amerigo
amery
amory
amos
anatol
anatole
anatollo
ancell

<!--c2--></div><!--ec2-->

Comments

  • TheGuyTheGuy Join Date: 2003-08-09 Member: 19295Members, Constellation
    edited May 2007
    Seems Norton is falsely detecting it.

    A-Squared: Found nothing
    AntiVir: Found nothing
    ArcaVir: Found nothing
    Avast: Found nothing
    AVG Antivirus: Found nothing
    BitDefender: Found nothing
    ClamAV: Found nothing
    Dr.Web: Found nothing
    F-Prot Antivirus: Found nothing
    F-Secure Anti-Virus: Found nothing
    Fortinet: Found nothing
    Kaspersky Anti-Virus: Found nothing
    NOD32: Found nothing
    Norman Virus Control: Found nothing
    Panda Antivirus: Found nothing
    Rising Antivirus: Found nothing
    VirusBuster: Found nothing
    VBA32: Found nothing
  • TheGuyTheGuy Join Date: 2003-08-09 Member: 19295Members, Constellation
    AhnLab-V3 2007.5.15.1 05.15.2007 no virus found
    AntiVir 7.4.0.15 05.15.2007 no virus found
    Authentium 4.93.8 05.15.2007 no virus found
    Avast 4.7.997.0 05.15.2007 no virus found
    AVG 7.5.0.467 05.15.2007 no virus found
    BitDefender 7.2 05.15.2007 no virus found
    CAT-QuickHeal 9.00 05.15.2007 no virus found
    ClamAV devel-20070416 05.15.2007 no virus found
    DrWeb 4.33 05.15.2007 no virus found
    eSafe 7.0.15.0 05.15.2007 no virus found
    eTrust-Vet 30.7.3634 05.15.2007 no virus found
    Ewido 4.0 05.15.2007 no virus found
    FileAdvisor 1 05.15.2007 no virus found
    Fortinet 2.85.0.0 05.15.2007 no virus found
    F-Prot 4.3.2.48 05.15.2007 no virus found
    F-Secure 6.70.13030.0 05.15.2007 no virus found
    Ikarus T3.1.1.7 05.15.2007 no virus found
    Kaspersky 4.0.2.24 05.15.2007 no virus found
    McAfee 5031 05.15.2007 no virus found
    Microsoft 1.2503 05.15.2007 no virus found
    NOD32v2 2268 05.15.2007 no virus found
    Norman 5.80.02 05.15.2007 no virus found
    Panda 9.0.0.4 05.15.2007 no virus found
    Prevx1 V2 05.15.2007 no virus found
    Sophos 4.17.0 05.11.2007 no virus found
    Sunbelt 2.2.907.0 05.12.2007 no virus found
    Symantec 10 05.15.2007 <!--coloro:#FF0000--><span style="color:#FF0000"><!--/coloro-->Hacktool.PWSteal<!--colorc--></span><!--/colorc-->
    TheHacker 6.1.6.115 05.15.2007 no virus found
    VBA32 3.12.0 05.15.2007 no virus found
    VirusBuster 4.3.7:9 05.15.2007 no virus found
    Webwasher-Gateway 6.0.1 05.15.2007 no virus found
  • BlooBloo Village Fool of UWF Join Date: 2006-11-09 Member: 58497Members
    <!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->
    Flayra is a lvl 1 Norton Antivirus

    Flayra says: i want to preform a scan

    <i>Gamemaster says: You find A program which You claim is a trojan named "Big Brother Hoax" Do you wish to

    1. install it to the computer

    2. Attempt to remove

    3. Investigate the program
    </i>
    Flayra says: 3

    Gamemaster: The "Big Brother Hoax" attepts to download 357.exe but the windows firewall closed your internet connection.

    You investigte the "Big Brother Hoax" trojan
    "Big Brother Hoax"

    Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern. Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.

    -Norton Virus Database

    Do you wish to:

    1. Delete the program manually

    2. Force remove it with Norton

    3. Do as Norton says and leave it be.


    Flayra: 3


    <i>GameMaster: "Big Brother Hoax" successfully downloads 357.exe. Your Windows Firewall notifies you that 357 Wishes to install SaveUnoW. which makes you help poor children in Africa by receiving popups constantly. Do you wish to install it on your computer:

    1. Yes, Poor Children

    2. Popups? HELL NO</i>

    Flayra: what if i want to Both help poor children. but not receive popups?

    <i>Gamemaster: Please choose an alternative mister.</i>

    Flayra: 2

    Gamemaster: You get struck by lightning because you didn't save those children.
    <!--QuoteEnd--></div><!--QuoteEEnd-->

    Hmm... My simulation fails! Norton is obviously <b>in front</b> of all the other Antiviruses...

    My point is: Norton is the weirdest anti virus protection out there. It's as unpredictable and unstable as a drunk ADHD kid. What will it do next?
  • ConfusedConfused Wait. What? Join Date: 2003-01-28 Member: 12904Members, Constellation, NS2 Playtester, Squad Five Blue, Subnautica Playtester
    I felt so awesome, and then TheGuy came and answered all the questions about remote haxing people using only guile, a list of names, and years of built up trust.

    Soon precious lists of man names across the world would be deleted by my cunning plans, soon every guy you mets name would be "". The fake Id market would boom and millions of Symantec Users would start going as <NULL>.

    <img src="style_emoticons/<#EMO_DIR#>/mad-fix.gif" style="vertical-align:middle" emoid=":angry:" border="0" alt="mad-fix.gif" /> <img src="style_emoticons/<#EMO_DIR#>/biggrin-fix.gif" style="vertical-align:middle" emoid=":D" border="0" alt="biggrin-fix.gif" />
  • lolfighterlolfighter Snark, Dire Join Date: 2003-04-20 Member: 15693Members
    Bloo managed to make this thread even more confusing.
  • the_x5the_x5 the Xzianthian Join Date: 2004-03-02 Member: 27041Members, Constellation
    <!--quoteo(post=1626963:date=May 15 2007, 06:21 PM:name=lolfighter)--><div class='quotetop'>QUOTE(lolfighter @ May 15 2007, 06:21 PM) [snapback]1626963[/snapback]</div><div class='quotemain'><!--quotec-->Bloo managed to make this thread even more confusing.
    <!--QuoteEnd--></div><!--QuoteEEnd-->

    Meh, I understood it. You have to realize he plays the role of comedian in the OT forum often.
  • TychoCelchuuuTychoCelchuuu Anememone Join Date: 2002-03-23 Member: 345Members
    <!--quoteo(post=1626966:date=May 15 2007, 03:40 PM:name=the_x5)--><div class='quotetop'>QUOTE(the_x5 @ May 15 2007, 03:40 PM) [snapback]1626966[/snapback]</div><div class='quotemain'><!--quotec-->
    Meh, I understood it. You have to realize he plays the role of comedian in the OT forum often.
    <!--QuoteEnd--></div><!--QuoteEEnd-->

    "Attempts to play" comes closer to the mark. Or if you prefer you could replace "comedian" with "village fool" or "court jester" or something of that ilk.
  • BlooBloo Village Fool of UWF Join Date: 2006-11-09 Member: 58497Members
    <!--quoteo(post=1626998:date=May 16 2007, 02:14 AM:name=TychoCelchuuu)--><div class='quotetop'>QUOTE(TychoCelchuuu @ May 16 2007, 02:14 AM) [snapback]1626998[/snapback]</div><div class='quotemain'><!--quotec-->
    "Attempts to play" comes closer to the mark. Or if you prefer you could replace "comedian" with "village fool" or "court jester" or something of that ilk.
    <!--QuoteEnd--></div><!--QuoteEEnd-->
    You hurt my feelings TychoCelchuuu... <img src="style_emoticons/<#EMO_DIR#>/sad-fix.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad-fix.gif" />
  • RoverRover blargh Join Date: 2003-09-23 Member: 21139Members
    <!--quoteo(post=1627050:date=May 16 2007, 09:45 AM:name=Bloo)--><div class='quotetop'>QUOTE(Bloo @ May 16 2007, 09:45 AM) [snapback]1627050[/snapback]</div><div class='quotemain'><!--quotec-->
    You hurt my feelings TychoCelchuuu... <img src="style_emoticons/<#EMO_DIR#>/sad-fix.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad-fix.gif" />
    <!--QuoteEnd--></div><!--QuoteEEnd-->
    <!--sizeo:1--><span style="font-size:8pt;line-height:100%"><!--/sizeo--><i>Pssst...</i>You're only encouraging him by saying that.<!--sizec--></span><!--/sizec-->
  • TychoCelchuuuTychoCelchuuu Anememone Join Date: 2002-03-23 Member: 345Members
    <!--quoteo(post=1627050:date=May 16 2007, 12:45 AM:name=Bloo)--><div class='quotetop'>QUOTE(Bloo @ May 16 2007, 12:45 AM) [snapback]1627050[/snapback]</div><div class='quotemain'><!--quotec-->
    You hurt my feelings TychoCelchuuu... <img src="style_emoticons/<#EMO_DIR#>/sad-fix.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad-fix.gif" />
    <!--QuoteEnd--></div><!--QuoteEEnd-->

    Nobody can make you feel bad without your consent.
  • BlooBloo Village Fool of UWF Join Date: 2006-11-09 Member: 58497Members
    You know, you won't make any new friends behaving like that.
  • CabooseCaboose title = name(self, handle) Join Date: 2003-02-15 Member: 13597Members, Constellation
    Anyhoo, I have Symantic, it deleted that file.

    I got it free from school, kind of makes me want ti switch my antivirus software...
  • XythXyth Avatar Join Date: 2003-11-04 Member: 22312Members
    <!--quoteo(post=1627134:date=May 16 2007, 01:18 PM:name=Caboose)--><div class='quotetop'>QUOTE(Caboose @ May 16 2007, 01:18 PM) [snapback]1627134[/snapback]</div><div class='quotemain'><!--quotec-->
    Anyhoo, I have Symantic, it deleted that file.

    I got it free from school, kind of makes me want ti switch my antivirus software...
    <!--QuoteEnd--></div><!--QuoteEEnd-->

    You haven't been having the feeling ever since you installed it?

    There are plenty of free ones out there, that aren't as annoying or crappy as symantec..
  • CabooseCaboose title = name(self, handle) Join Date: 2003-02-15 Member: 13597Members, Constellation
    <!--quoteo(post=1627163:date=May 16 2007, 01:40 PM:name=Xyth)--><div class='quotetop'>QUOTE(Xyth @ May 16 2007, 01:40 PM) [snapback]1627163[/snapback]</div><div class='quotemain'><!--quotec-->
    You haven't been having the feeling ever since you installed it?

    There are plenty of free ones out there, that aren't as annoying or crappy as symantec..
    <!--QuoteEnd--></div><!--QuoteEEnd-->
    Meh, I only am using Windows because of school anyway, I've been using Linux for a bit and am not really used to using Windows.
  • XythXyth Avatar Join Date: 2003-11-04 Member: 22312Members
    <!--quoteo(post=1627164:date=May 16 2007, 03:45 PM:name=Caboose)--><div class='quotetop'>QUOTE(Caboose @ May 16 2007, 03:45 PM) [snapback]1627164[/snapback]</div><div class='quotemain'><!--quotec-->
    Meh, I only am using Windows because of school anyway, I've been using Linux for a bit and am not really used to using Windows.
    <!--QuoteEnd--></div><!--QuoteEEnd-->

    That doesn't mean you have to completely sodomize your computer/yourself by using the worst software ever created.

    Symantec makes me <img src="style_emoticons/<#EMO_DIR#>/sad-fix.gif" style="vertical-align:middle" emoid=":(" border="0" alt="sad-fix.gif" />
Sign In or Register to comment.