Author Topic: Back Orifice not found as avirus by Avast !!!  (Read 7518 times)

0 Members and 1 Guest are viewing this topic.

Offline firewalker

  • Newbie
  • *
  • Posts: 5
Back Orifice not found as avirus by Avast !!!
« on: April 14, 2003, 05:17:14 PM »
Hi
Iv'e downloaded and installed Avast Home Edetion 4
and as with all virus program, i test it ,whit this file on a floppy: bo2k_1.0.exe this file is a trojan and a first generation of Back Orifice (released in 98)and the only thing i got from Avast was
"network trace not found" so.... how come it isent detected as a virus ???
Any antivirus program that fail to detect that file , is a no go on my system.
Regards Firewalker

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Back Orifice not found as avirus by Avast !!!
« Reply #1 on: April 14, 2003, 05:55:52 PM »
Firewalker,

the only thing i got from Avast was
"network trace not found"

What message did you get? What part of avast gave you such a message?

There could be something wrong with your avast! installation...

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Back Orifice not found as avirus by Avast !!!
« Reply #2 on: April 14, 2003, 06:11:04 PM »
Hi
Ibo2k_1.0.exe this file is a trojan and a first generation of Back Orifice

Hm, avast has no problem finding these old RAT:

I:\Temp\bo2k_1_0.zip\bo2kgui.exe [L] Win32:Trojan-gen. {VC} (0)
I:\Temp\bo2k_1_0.zip\bo_peep.dll [L] Win95:BackOrifice-2000 [Trj] (0)
I:\Temp\bo2k_1_0.zip\bo2k.exe [L] Win95:BackOrifice-2000 [Trj] (0)
I:\Temp\bo2k_1_0.zip\bo2kcfg.exe [L] Win32:Trojan-gen. {VC} (0)
MfG Ralf

Offline firewalker

  • Newbie
  • *
  • Posts: 5
Re:Back Orifice not found as avirus by Avast !!!
« Reply #3 on: April 14, 2003, 06:20:25 PM »
my installation ran fine , i rebooted , came back up , everything was fine, then i did a demand scan on the floppy (rightclick>scan) and up came the "network trace not found" and the only thing to do was pressing ok end of story
I have tested a lot of antivirus programms and so far only one has detected the file so fare, all the "big" names failed to.
Regards Firewalker

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Back Orifice not found as avirus by Avast !!!
« Reply #4 on: April 14, 2003, 06:44:27 PM »
Aha! So what AV-Programm find that RAT and if Kaspersky do, say with which Packer it is packed? How big is that file?

If you do not allready  have Kaspersky scan that file, you can do it here: http://www.kaspersky.com/remoteviruschk.html
MfG Ralf

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Back Orifice not found as avirus by Avast !!!
« Reply #5 on: April 14, 2003, 06:45:27 PM »
I have never ever seen such an error message (neither in avast nor in any other program)... Are you sure you're quoting it properly?

???

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline firewalker

  • Newbie
  • *
  • Posts: 5
Re:Back Orifice not found as avirus by Avast !!!
« Reply #6 on: April 14, 2003, 09:35:03 PM »
you can get the file i'm talking about , from here
http://larry.boeldt.net/downloads/
i havent linked directly to the file , so you will have to look around to find it...
Regards Firewalker

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Back Orifice not found as avirus by Avast !!!
« Reply #7 on: April 14, 2003, 10:30:45 PM »
Don´t get that wrong, but that is very easy to say,because it is not BO2K. It is just an installer SFX it contains an cab Archive, that contains an instalation that will install Bo2K. It seems if you start the exe and continue the installation Avast will find the RAT. F-prot will report the exe as suspicious and Mcafee as an oriffice.sfx, because they want to avoid support questions like"Why don´t you identify this BO2k? The homepage where i downloaded this file, said it s BO2K, so it has to be BO2K and therefor your Product is bullsh*t!"
Detecting such files is easier than to explain again and again, that the bo2k_1.0.exe isn´t Maleware.
« Last Edit: April 14, 2003, 10:32:38 PM by raman »
MfG Ralf