Hi everyone

Last night I made a full system scan on my computer with Norton Antivirus 2004, with the latest updates to the virus definitions, and to my surprise it reported that a file on the distributed.net folder was infected with a trojan.
Could anyone confirm if this is true or if it's a false alarm of Norton Antivirus?

The file is dnetc.com, 6656 bytes long, and is in the client software package downloaded from the distributed.net website.
Norton Antivirus says it can't repair it, so it simply quarantined it. I also tried with The Cleaner but it doesn't detect it.

I dont know, I dont use virus scanners, but i looked at what I had, and i see 2 files that seem funny.
Readme.1st
Readme.W32
i hope 4 of my machines are not crunching for someone else !!

Those two files are ok. I also have them in the docs folder. Opening them with Wordpad shows the content and they're simple text files.

Distributed.net is by far one the most popular distributed computing programs out there.
McAfee also picked up a legitimate copy of distributed.net and said it could possibly be an unwanted program. Run distributed.net and see if you get credited for the results.

Yes, I'm being credited for the results so far. But my question is if that small dnetc.com file wouldn't really be a trojan horse. Or if it's supposed to be there and it's a false alarm. There is the larger dnetc.exe file that I believe it is the main file, and there's also the dnetc.scr that should be the screen saver one. Besides that, the rest are only text files... so I find that small dnetc.com very suspicious. :?

Yes, I'm being credited for the results so far. But my question is if that small dnetc.com file wouldn't really be a trojan horse. Or if it's supposed to be there and it's a false alarm. There is the larger dnetc.exe file that I believe it is the main file, and there's also the dnetc.scr that should be the screen saver one. Besides that, the rest are only text files... so I find that small dnetc.com very suspicious. :?


While the original is quite old.... :) The dnetc.com and dnetc.exe are two versions of the same thing. You are talking about the windows install I presume, and the .exe is used for the fancy graphical version with the command options in pull-down menus at the top of the screen. The .com version is loaded when you go into a dos windows, and run it that way. No frills, just command line. If you go look at the "properties" of the cow icon, you will see that it is specifically starting the .exe file. In the original dos priority of loading things, the .com file will load first before the .exe file assuming you have multiple files with the same name prefix and assuming that in the dos window you just enter "dnetc" and hit enter.

But my question is if that small dnetc.com file wouldn't really be a trojan horse

Don't be so sure of that... with an unpatched version of Windows its probably quite easy to create a backdoor trojan less than 10kb in size.
Also, Readme.1st ... Read Me First, Readme.w32 ... Read Me Windows 32-Bit.... probably designed by linux users as Windows won't see that as a text file due to the .W32, but linux would :).

My norton anti-virus picks up that program too. I just ignore it every time.

My AVG scan showed nothing, but the dnetc.com is 8192 bytes long.

extract from the distributed.net client download page:
http://www1.distributed.net//download/clients.php


important note

This is the official listing of distributed.net clients. They have been tested to be functioning correctly. The binaries listed here are the ONLY ones you should be using. Trojan horses and other perverted versions have been known to have been circulated. Please do not make attempts to mirror or redistribute the client binaries, either via your own web/ftp server or other means. If you wish to provide a convenient method for your visitors to download clients, please provide a link to it on our FTP site or (preferably) to this page. distributed.net has set policies & terms regarding the use of these clients. Please read them. Downloading and installing the client on any machine implies understanding and agreement with these terms.

...if you suspect your client of not being genuine, please click on the link above and retrieve the latest version of the genuine client.

for our lucky AMD-64 owners you will also find an optimised client here:
http://www1.distributed.net//download/prerelease.php

Now I'm running the 64 bit version. Thanks Dave

how new is that one ??

i installed it on my 64 at about christmas so it that this optimised one or not?

It's the same one.

My Dnet app won't fire up. Msg box says

"(null) is not a valid Win32 application."

I've just re-downloaded the latest AMD64 bit version for Win XP. Overwritten all the previous files. But no joy.

Can anyone help :cry:

i get a very similar message on my 64 and even after a uninstall and re-install it wont work.

Luckily, when I update software, I copy all the old stuff to a new dir. I've just run the exe in this old dir and it's working fine. ;)