HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 63 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW
EH-Net
May 25, 2012, 07:38:44 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Hiren's Boot Disk, ComboFix.exe, Symantec, Detected Trojan, NEW  (Read 9912 times)
0 Members and 1 Guest are viewing this topic.
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« on: March 23, 2010, 05:56:29 AM »
Hey guys I have used the above mentioned Boot CD in our environment for various reasons, now I am unclear if I have used this particular disk, I may have, but then again I may not have.  I popped the disk into a workstation yesterday and BOOM Symantec detected a generic Trojan virus, with the wild level of Low.  Now I am pretty sure that symantec have just recently updated their signatures, which now detects this tool as a trojan and in reality it is a false positive.  Have any of you guys experienced any false positives OR viruses from the Hirens Boot Disk?

I have explored the Cyberwebs/Symantec threat explorer/SecurityFocus with no exciting discoveries  Tongue

I look forward to hearing about your experience with this Boot CD  Cool
Logged
You Cant Resolve Problems Whilst At WAR!
n1p
Jr. Member
**
Offline Offline

Posts: 89


View Profile WWW
« Reply #1 on: March 24, 2010, 02:00:53 PM »
If it is an option, I usually identify the suspect file and submit it to virustotal.com or jotti. This will scan the file using a large number of AVs. See what else it gets flagged as. To further verify the files integrity I submit the file to an online virus sandbox like CWSandbox or Anubis to see if any malicious registry, network or file activity occurs. This is by no means 100% confirmation, but allows you to make an informed decision about the executable/file's intentions!

Hope it helps in some way
n1p
Logged
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« Reply #2 on: March 27, 2010, 09:42:01 AM »
That was informative, thanks for your help  Cool
Logged
You Cant Resolve Problems Whilst At WAR!
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #3 on: March 28, 2010, 11:35:04 AM »
I don't believe that Hiren's boot CD is a licensed distribution of the tools that it includes.   If you downloaded the CD from a questionable source, it is possible that it could be infected with a virus.   The other possibility is that anti-virus software is detecting a security tool as a virus.   Some software will identify metasploit as a virus for example.
Logged
~~~~~~~~~~~~~~
Ketchup
n1p
Jr. Member
**
Offline Offline

Posts: 89


View Profile WWW
« Reply #4 on: March 28, 2010, 01:43:27 PM »
Yeah.. One of the issues with heuristics scanning
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.115 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.