Possible trojan on distributed.net?

**NeoGen** · 11-10-2003, 09:27 AM

Hi everyone

Last night I made a full system scan on my computer with Norton Antivirus 2004, with the latest updates to the virus definitions, and to my surprise it reported that a file on the distributed.net folder was infected with a trojan.
Could anyone confirm if this is true or if it's a false alarm of Norton Antivirus?

The file is dnetc.com, 6656 bytes long, and is in the client software package downloaded from the distributed.net website.
Norton Antivirus says it can't repair it, so it simply quarantined it. I also tried with The Cleaner but it doesn't detect it.

**chaz** · 11-10-2003, 12:19 PM

I dont know, I dont use virus scanners, but i looked at what I had, and i see 2 files that seem funny.
Readme.1st
Readme.W32
i hope 4 of my machines are not crunching for someone else !!

**NeoGen** · 11-10-2003, 01:35 PM

Those two files are ok. I also have them in the docs folder. Opening them with Wordpad shows the content and they're simple text files.

**Jeff** · 11-10-2003, 02:08 PM

Distributed.net is by far one the most popular distributed computing programs out there.
McAfee also picked up a legitimate copy of distributed.net and said it could possibly be an unwanted program. Run distributed.net and see if you get credited for the results.

**NeoGen** · 11-10-2003, 03:45 PM

Yes, I'm being credited for the results so far. But my question is if that small dnetc.com file wouldn't really be a trojan horse. Or if it's supposed to be there and it's a false alarm. There is the larger dnetc.exe file that I believe it is the main file, and there's also the dnetc.scr that should be the screen saver one. Besides that, the rest are only text files... so I find that small dnetc.com very suspicious. :?

**Brucifer** · 05-02-2005, 02:22 PM

Originally Posted by NeoGen

Yes, I'm being credited for the results so far. But my question is if that small dnetc.com file wouldn't really be a trojan horse. Or if it's supposed to be there and it's a false alarm. There is the larger dnetc.exe file that I believe it is the main file, and there's also the dnetc.scr that should be the screen saver one. Besides that, the rest are only text files... so I find that small dnetc.com very suspicious. :?

While the original is quite old....

The dnetc.com and dnetc.exe are two versions of the same thing. You are talking about the windows install I presume, and the .exe is used for the fancy graphical version with the command options in pull-down menus at the top of the screen. The .com version is loaded when you go into a dos windows, and run it that way. No frills, just command line. If you go look at the "properties" of the cow icon, you will see that it is specifically starting the .exe file. In the original dos priority of loading things, the .com file will load first before the .exe file assuming you have multiple files with the same name prefix and assuming that in the dos window you just enter "dnetc" and hit enter.

**andrewdodd13** · 05-02-2005, 04:54 PM

Originally Posted by NeoGen

But my question is if that small dnetc.com file wouldn't really be a trojan horse

Don't be so sure of that... with an unpatched version of Windows its probably quite easy to create a backdoor trojan less than 10kb in size.
Also, Readme.1st ... Read Me First, Readme.w32 ... Read Me Windows 32-Bit.... probably designed by linux users as Windows won't see that as a text file due to the .W32, but linux would

.

**Beerknurd** · 05-02-2005, 05:47 PM

My norton anti-virus picks up that program too. I just ignore it every time.

**Ototero** · 05-02-2005, 11:07 PM

My AVG scan showed nothing, but the dnetc.com is 8192 bytes long.

**AMDave** · 05-03-2005, 12:47 PM

extract from the distributed.net client download page:
http://www1.distributed.net//download/clients.php

important note

This is the official listing of distributed.net clients. They have been tested to be functioning correctly. The binaries listed here are the ONLY ones you should be using. Trojan horses and other perverted versions have been known to have been circulated. Please do not make attempts to mirror or redistribute the client binaries, either via your own web/ftp server or other means. If you wish to provide a convenient method for your visitors to download clients, please provide a link to it on our FTP site or (preferably) to this page. distributed.net has set policies & terms regarding the use of these clients. Please read them. Downloading and installing the client on any machine implies understanding and agreement with these terms.

...if you suspect your client of not being genuine, please click on the link above and retrieve the latest version of the genuine client.

for our lucky AMD-64 owners you will also find an optimised client here:
http://www1.distributed.net//download/prerelease.php

Thread: Possible trojan on distributed.net?

Thread Tools

Display

Possible trojan on distributed.net?

Posting Permissions