The Ethical Hacker Network

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

CJS

Newbie

Offline

Posts: 8

X-scan v3.3

« on: February 22, 2008, 03:08:05 PM »

I noticed that X-scan 3.3 was recommended in a thread in these forums (SlimJim100 gave a video of it), so I downloaded it from xfocus.org to try it out.

BUT, my AVG anti-virus claimed it has a worm, specifically the file "common_pass.dic" in the /dat directory. And of course AVG labeled about 21 other different files as "potentially dangerous" but that's not surprising given what the program is supposed to do. Also, I noticed that Mcafee Siteadvisor found numerous "red" downloads from the xfocus website.

I uploaded the common_pass.dic file to virustotal.com to get more opinions, and most of the virus programs didn't complain about it.

I guess I'm just looking for a little more reassurance at this point. Cheesy

Is this program still considered safe to use?


	Logged

ChrisG

EH-Net Columnist
Hero Member

Offline

Posts: 1166

Re: X-scan v3.3

« Reply #1 on: February 22, 2008, 04:23:42 PM »

well... did you actually read what was in the file?


	Logged

...tests i took go here...

http://carnal0wnage.attackresearch.com/

proudindian

Newbie

Offline

Posts: 32

Re: X-scan v3.3

« Reply #2 on: February 25, 2008, 06:22:52 AM »

but the download page is not opening I think...can any1 give proper link of downloading xscan


	Logged

CJS

Newbie

Offline

Posts: 8

Re: X-scan v3.3

« Reply #3 on: February 25, 2008, 08:51:19 AM »

Quote from: ChrisG on February 22, 2008, 04:23:42 PM

well... did you actually read what was in the file?

Looks like a data/text file obviously, so why would AVG flag it as a worm? I didn't think text files under any circumstance could be harmful, unless some other program somehow "used" the contents to aid that program in some malicious behavior. Any comments about this?


	Logged

dean

Full Member

Offline

Posts: 135

Re: X-scan v3.3

« Reply #4 on: February 25, 2008, 09:33:13 AM »

Antivirus/antispyware/antimalware applications do not just scan a single file and deem it to be safe. If the file is part of a larger package and it is scanned the application will make the determination that you may be infected/compromised based on that file and the package it's part of.

For example: SSH brute force scripts may download and use a standard dictionary file and if this is discovered by your AV it will alert you to that fact.

Antivirus apps don't just scan for viruses. They scan for all forms of potentially malicious software. Eg: keyloggers, BHOs, etc.... I always wonder why Symantec flags netcat as do many other AV apps.

If you are intending to run tools such as that you might want to consider disabling or removing whatever host based firewalls, IDS/IPS, AV, antispyware apps you have running. You are going to have to whitelist/exclude so many files anyway that it's going to render the tools pretty ineffective.

Ideally, you would want your regular workstation you use for daily tasks to not to be used for testing tools, reversing malware, pentesting, etc....

dean


	Logged

proudindian

Newbie

Offline

Posts: 32

Re: X-scan v3.3

« Reply #5 on: February 27, 2008, 07:21:50 AM »

people please help me downloading x scan,i am unable to download it,can you please tell me the procedure...


	Logged

sgt_mjc

Sr. Member

Offline

Posts: 294

Re: X-scan v3.3

« Reply #6 on: February 27, 2008, 07:36:53 AM »

Use your tools in a VM. This gives your host protection even without an AV like dean mentioned. Good luck.


	Logged

Mike Conway
CISSP
CompTia Security +
C|EH

CJS

Newbie

Offline

Posts: 8

Re: X-scan v3.3

« Reply #7 on: February 27, 2008, 07:37:29 AM »

Quote from: proudindian on February 27, 2008, 07:21:50 AM

people please help me downloading x scan,i am unable to download it,can you please tell me the procedure...

Not sure why you are having a problem, but here is a direct link to the program:
http://xfocus.org/programs/200507/X-Scan-v3.3-en.rar
Hope this helps.


	Logged

Pages: [1] Go Up

« previous next »

SANS Deals 4 EH-Netters

$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012

Recent Forum Topics

Career Central : Should I Go For Another Certification? (0) by Ghaleon
Tutorials : Securitytube Metasploit videos (13) by lorddicranius
Other : Password Managers? (0) by SephStorm
Network Pen Testing : Brain fart (5) by SephStorm
Network Pen Testing : Hacking DOJO (106) by Grendel
Links to cool sites. : The InterN0T Forums are back! (18) by MaXe
Malware : Practical Malware Analysis - Webinar/release (0) by 3xban
Network Pen Testing : niche pen testing (3) by 3xban
News Items and General Discussion About EH-Net : [Article]-February 2012 Free Giveaway Sponsor - Global Knowledge (5) by MrTuxracer
Links to cool sites. : LM, NTLM, & MD5 Online password Cracker "Plan-text.info" (19) by Jamie.R
Links to cool sites. : IRC Channels (13) by Jamie.R
Hardware : Hot spot that is roaming servers. (0) by TheCrackerBox
Web Applications : Some questions as usual ? (2) by Seen
Calendar Of Events : ROOTCON 6 (0) by don
Network Pen Testing : Where and how to gain knowledge? (25) by pharmerjoe
Security : Overview of New CISSP Domains Effective January 1, 2012 (1) by shaqazoolu
Network Pen Testing : Packet Capture on Cisco Router (1) by 3xban
News from the Outside World : VeriSign Hacked Several Times, Won't Reveal the Details (0) by don
Calendar Of Events : CarolinaCon 8 (1) by SephStorm
Network Pen Testing : choice of university (0) by pushaaaz
Hadnagy : [Article]-Top 5 Tips To Make Social Engineering Your Career (9) by lorddicranius
Forensics : Printer history (4) by TheInvisible
OSCP - Offensive Security Certified Professional : Hardware for OSCP (3) by j0rDy
Calendar Of Events : WorldToor (0) by don
Calendar Of Events : ToorCamp 2012 (0) by don
Calendar Of Events : HOPE Number Nine (0) by don
Programming : Open source security projects to participate in? (7) by 3xban
Compliance, Regulations & Standards : InfoSec Clauses to be included in SLAs (1) by dynamik
Tools : Combining Wordlists (4) by Jamie.R
Calendar Of Events : BSidesSanFrancisco 2012 (2) by lorddicranius
Calendar Of Events : DEF CON 20 (1) by dynamik
Calendar Of Events : DerbyCon 2.0 - The Reunion (1) by dynamik
Calendar Of Events : SecureWorld Expo Boston 2012 (0) by don
Looking For Work : looking for a summerjob (0) by pushaaaz
Calendar Of Events : HITBSecConf 2012 - Amsterdam (0) by don
Calendar Of Events : OWASP AppSec DC 2012 (0) by don
Calendar Of Events : OWASP AppSec Research 2012 (0) by don
Calendar Of Events : OWASP AppSec Asia 2012 (0) by don
Web Applications : Please help me with PHP injection(Some command not working) (11) by MaXe
Book Reviews : Recomended book for Pen Tester (29) by MaXe
Calendar Of Events : BSidesChicago 2012 (0) by don
General Certification : Is it true? (5) by dynamik
Calendar Of Events : BSidesLondon 2012 (0) by don
Calendar Of Events : BSidesIowa 2012 (0) by don
Calendar Of Events : BSidesPHX 2012 (0) by don
Calendar Of Events : Notacon 9 (0) by don
Network Pen Testing : Capture the Flag competitions (14) by seanuk
Security : SANS security courses too expensive? (15) by lorddicranius
Programming : Joe McCray Python for Security Professionals (6) by lorddicranius
Calendar Of Events : RSA Conference 2012 (1) by don