Author Topic: Can I trust novirusthanks.org ? [YES] (Hijack Hunter v1.4.0 seems infected)  (Read 15039 times)

0 Members and 1 Guest are viewing this topic.

Offline DoobieBrosFan

  • Newbie
  • *
  • Posts: 5
Hi,

In this Forum I took notice from the frequently mentioned site novirusthanks.org . They offer a product called 'Hijack Hunter' (hXXp://www.novirusthanks.org/products/hijack-hunter/). I downloaded Hijack Hunter v1.4.0 binary 'hijackhunter_setup.exe' and sent it to virustotal.com -you never know ....

Result:
  (http://www.virustotal.com/de/analisis/a8278366052a95947c9c83a8ea3edbbe7e97b8f34f27d784e607c12812f3130d-1270019047)
  Symantec   20091.2.0.41   2010.03.31    Suspicious.Insight

search at google (hijackhunter_setup.exe infected) found one interesting entry (http://www.giveawayoftheday.com/forums/topic/6940), but I can´t read the Italian language. I only understood:

  Hijack Hunter v1.2.0
  Status: INFECTED
  Dr.Web - DLOADER.Trojan

What do You think about this ?


[Music is a Doctor, 1989]
« Last Edit: April 01, 2010, 10:54:34 AM by DoobieBrosFan »

Offline Altarir.

  • Full Member
  • ***
  • Posts: 180
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #1 on: March 31, 2010, 06:17:00 PM »
Regarding novirusthanks.org: http://www.mywot.com/en/scorecard/novirusthanks.org
I'd say it can be trusted.

Regarding the file, it may be false positive by Symantec.

I sent the file to camas.comodo.com. Link to analysis: http://camas.comodo.com/cgi-bin/submit?file=a8278366052a95947c9c83a8ea3edbbe7e97b8f34f27d784e607c12812f3130d

Doesn't seem it does anything malicious... not sure, though, it says "undetected". That's weird.

« Last Edit: March 31, 2010, 06:19:31 PM by Altarir. »
my systems: windows XP sp3; linux PClinuxOS
for the sake of your own security, you should install WOT and NoScript in your browser.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85366
  • No support PMs thanks
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #2 on: March 31, 2010, 07:13:16 PM »
The detection in VT by Symantec uses heuristics that are more prone to false positive, if that is the only one making the detection of 42 scanners than it is more likely to be an FP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33251
  • malware fighter
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #3 on: March 31, 2010, 09:27:39 PM »
Hi DoobieBrisFan,

Here they give it clean: http://safeweb.norton.com/report/show?url=%2Fwww.novirusthanks.org%2Fproducts%2Fhijack-hunter&x=13&y=8
Same Symantec boys give it a clean slate, very likely it is a generic False Positive....
Look here: http://jsunpack.jeek.org/dec/go?report=1cdb67a089eed849a152f8d166b4dce25c5c1726
As clean as a baby's b*ttock in the moonshine,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DoobieBrosFan

  • Newbie
  • *
  • Posts: 5
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #4 on: March 31, 2010, 10:53:36 PM »
@polonus

thanks for checking.

As I understand, 'Here they give it clean:' states the site to be clean - not the downloaded file itself. As mentioned: no single AV discovers 100% of malware. Norton is one of many.

'Look here:' (good stuff though): if I get it right, jsunpack.jeek.org checks JavaScripts. But what, if the malicious code is in the binary itself (i.e. hijackhunter_setup.exe) ?


@DavidR,

Thank You,

but this does not really calm me.

If someone tries to spread malware - offering a diagnostic tool might be a good way. The idea, that many people, who are looking for help in their crisis blindly trust a (this) tool and this way might catch the next worm or bot, scares me  ...

So I decided to give both - novirusthanks.org and Symantec - a chance to explain about the dissidence. I will write an e-Mail to both of them tomorrow. And report about the result here.

In the meantime - if someone else has an idea ... I´m locking foreward to it.

Thanks to all so far.

DoobieBrosFan
[What a Fool believes, 1978]


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85366
  • No support PMs thanks
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #5 on: March 31, 2010, 11:16:39 PM »
You're welcome, happy hunting ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33251
  • malware fighter
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #6 on: March 31, 2010, 11:35:38 PM »
Hi DoobieBrosFan,

That is the right attitude, do not trust anything at face value and go to the bottom of the issue. I expect you come back to this thread if you have cleared this. Well I know Germans are known for their "deutsche Gründlichkeit". On the other hand I have read quite a bit about this "suspicious.Insight" flag and it is really a generic find and can stand for a load of suspicious code characterized by this detection pattern, could be the particular way the software has been packed that is flagged. The online DrWeb url scanner gives it all clean for me.
It could well be that a particular external download site for the software has malcode on or has been hacked to redirect to malicious software and so spreads this, but I would only download from the makers of particular software, and check it before download. My hunch is still a False Positive, but surprise me...
Well anxious to hear what you finally will find,

Schönen Gruß,

Damian

P.S. Update the code to WepaWet Wien: http://wepawet.iseclab.org/  They are off for maintanance until 2/4 but then you will get the results from their Austrian Uni Labs, or go here: http://anubis.iseclab.org/
« Last Edit: March 31, 2010, 11:46:11 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline rob_

  • Newbie
  • *
  • Posts: 3
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #7 on: April 01, 2010, 02:11:22 AM »
Hi DoobieBrosFan,

Hijack Hunter is totally clean and the Suspicious.Insight of Symantec AV is a false positive, you can read more about Suspicious.Insight from these link / link from Symantec. Basically the Suspicious.Insight can display a warning whenever you try to run in your PC a unknown application (from the Symantec Community) and it can easily generate warnings on "not yet known software".

If you have other questions do not esitate to ask ;)

Regards,

 Robert
 NoVirusThanks.org

Offline DoobieBrosFan

  • Newbie
  • *
  • Posts: 5
Re: Can I trust novirusthanks.org ? (Hijack Hunter v1.4.0 seems infected)
« Reply #8 on: April 01, 2010, 10:38:10 AM »
@Robert

Thank You very much for clarifying.

Reading the Symantec description supplied by Your link about Suspicious.Insight turns my doubt towards zero.

Quota from Symantec´s site regarding Suspicious.Insight:

... When detections of this type are triggered in Norton products the user may be warned that the application is unproven, thus allowing the user to make the final decision ..
... The warning typically indicates that the file has very few users or is very new, and therefore has not developed a reputation.
... Symantec recommends software publishers ... Digitally sign all software application binaries.
...Software developers who want to accelerate the reputation building process for their new software applications should submit new applications to the Symantec white-listing program.

Quota end

So I learned: before posting to this forum, I should have checked Symantec´s site for Information about Suspicious.Insight. This would have been the easier / time saving way ...

Advantage for 'Hijack Hunter' from NoVirusThanks.org: Now it has a better reputation  ;)

Finally I can devote to my original problem (my first post), the USB Memory Stick, which is probably corrupted. The OS wants to format it on each access. First I will install and run 'Hijack Hunter' to inspire my system. By the way, Robert: Many thanks to NoVirusThanks.org for providing such a powerful tool - for free.

@All
Thanks and have a nice time.

Regards,

DoobieBrosFan
[Spirit, 1974]
« Last Edit: April 01, 2010, 10:43:45 AM by DoobieBrosFan »

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33251
  • malware fighter
Hi malware fighters,

@rob_
Thank you for coming here to clarify Hijack Hunter's position. I hope lots of users will "discover" the valuable services of novirusthanks.org thanks to this thread.
In a time where websites will get infected every 3.6 secs, we cannot stress this enough.
I know a lot of avast users will share our experiences with "Hijack Hunter".
@DoobieBrosFan, again thanks for posting,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DoobieBrosFan

  • Newbie
  • *
  • Posts: 5
Thanks also to You, 13thSlayer, for Your verification. Interesting site.

@Polonus
You are wellcome. I´m glad, a serious Forum like this one exist, congratulations. There are plenty others with little depth.

My doubt has finally dropped to zero. I trust NoVirusThanks.org and it´s 'Hijack Hunter' by now (See modified topic headline).

Regards
DoobieBrosFan
[Takin´ It To The Streets, 1976]

Offline rob_

  • Newbie
  • *
  • Posts: 3
DoobieBrosFan, no problem, thank you for using our program and polonus, thank you for your feedbacks :)