Norton Anti Virus vs. UTDCv20b.dll

[brajan]

Those of you who are using Norton Anti Virus may experience false positive alert when installing UTDC 2.0b from league server #2.

Source: DUT\System\UTDCv20b.dll
Risk category: Virus
Overall Risk Impact: High
Click for more information about this risk : Bloodhound.W32.EP
Action taken: Fully removed

Scanresult from www.virustotal.com

File UTDCv20b.dll received on 07.31.2007 17:23:51 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.7.31.1 2007.07.31 -
AntiVir 7.4.0.54 2007.07.31 HEUR/Crypted
Authentium 4.93.8 2007.07.30 -
Avast 4.7.1029.0 2007.07.31 -
AVG 7.5.0.476 2007.07.30 -
BitDefender 7.2 2007.07.31 -
CAT-QuickHeal 9.00 2007.07.31 -
ClamAV 0.91 2007.07.31 -
DrWeb 4.33 2007.07.31 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5019 2007.07.31 -
Ewido 4.0 2007.07.31 -
FileAdvisor 1 2007.07.31 -
Fortinet 2.91.0.0 2007.07.31 -
F-Prot 4.3.2.48 2007.07.30 -
F-Secure 6.70.13030.0 2007.07.31 -
Ikarus T3.1.1.8 2007.07.31 -
Kaspersky 4.0.2.24 2007.07.31 -
McAfee 5086 2007.07.30 -
Microsoft 1.2704 2007.07.31 -
NOD32v2 2429 2007.07.30 -
Norman 5.80.02 2007.07.31 -
Panda 9.0.0.4 2007.07.31 Suspicious file
Prevx1 V2 2007.07.31 -
Rising 19.34.12.00 2007.07.31 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.31 VIPRE.Suspicious
Symantec 10 2007.07.31 Bloodhound.W32.EP
TheHacker 6.1.7.159 2007.07.31 -
VBA32 3.12.2.2 2007.07.30 -
VirusBuster 4.3.26:9 2007.07.31 -
Webwasher-Gateway 6.0.1 2007.07.31 Heuristic.Crypted


Additional information
File size: 50176 bytes
MD5: 8ed1ff26486879e6dae4c60cc69d66cc
SHA1: 2ebe10aa56c60525e401d63b6bd87bc1a7367e80
packers: UPX_LZMA
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

About Symantec Bloodhound:

When Bloodhound detects an unknown virus, Norton AntiVirus reports the virus name as one of the following:
Bloodhound.AOLPWS
Bloodhound.Boot
Bloodhound.Boot.String
Bloodhound.DirActCOM
Bloodhound.DirActEXE
Bloodhound.ExcelMacro
Bloodhound.ExcldFile
Bloodhound.FileString
Bloodhound.Hybrid
Bloodhound.HybridCOM
Bloodhound.HybridEXE
Bloodhound.MBR
Bloodhound.NeuralBoot
Bloodhound.NeuralMBR
Bloodhound.Poly
Bloodhound.ResCOM
Bloodhound.ResEXE
Bloodhound.Unknown
Bloodhound.VBS.Worm
Bloodhound.W32
Bloodhound.W32.EP
Bloodhound.W32.1
Bloodhound.W32.2
Bloodhound.W32.3
Bloodhound.WordMacro
Bloodhound.ExcelMacro
Bloodhound.VBS.1 (probable IRC worm)
Bloodhound.VBS.2 (probable IRC worm)
Bloodhound.VBS.3 (probable Outlook worm)
Bloodhound.VBS.4 (probable VBS worm, created with worm generation tool)
Bloodhound.VBS.5 (probable VBS worm, created with worm generation tool)
Bloodhound.JS.1 (probable IRC worm)
Bloodhound.JS.2 (probable IRC worm)
Bloodhound.JS.3 (probable Outlook worm)

Source: http://www.symantec.com/security_response/writeup.jsp?docid=2000-121911-5753-99&tabid=2


SOLUTION: http://service1.symantec.com/Support/nav.nsf/docid/199829164436

 

[m1cr0]

norton is crap and slow

 

[w1sh]

like ur mum then, oh wait im not torp

lol brajan, sandy thought you were trying to hack him

 

[Leo]

McAfee blocks it too.....

 

[RighteousFury]

Why false positive?

UTDC does read date from your hdd and reports it to some server... the only difference to real miners, trojans etc is that it does it with us agreeing and limited to UT related stuff

Aint surprising that some heurisitic functions will come to the conclusion its a trojan/maleware

 

[brajan]

UTDC does read date from your hdd and reports it to some server...

I see nothing wrong if it reads a DATE from my hdd(?). Maybe it needs to synchronize it's clock?

 

['//3iRd(o)]

limited to UT related stuff

Yes... Of course...