Symantec Hacktools
Allie
I have symantec antivirus corporate, and it is detecting some Hacktools.
Specifically, it lists the threats just as "Hacktool", with nothing
else. So, my question is, are these actually threats with viruses in
them, or is symantec deciding to remove keygens and the like from my
machine? If the latter, how can I turn this behavior off?
Thanks!
Richard
"Allie" <als_...@hotmail.com> wrote in message
news:gr7qhs$582q$1...@usenet.osg.ufl.edu...
I don't know if it would work in your case or not, but I would go to
Start.>Search, and put in Hacktools. If found, then delete it. Other than
that I would restore back before this begin showing up. Neither may work,
but that's what I would do. Someone else may have a better suggestion.
Allie
Thanks for your reply, Richard. Actually, I think you might be
misunderstanding me. I'm not necessarily trying to get rid of the
hacktools. I'm wondering if symantec is detecting something on my
computer that I actually want on there. Are all hacktools dangerous?
Or, if I download a keygen for example, might symantec detect it as a
hacktool when it doesn't contain a virus at all?
David H. Lipman
| Hello All,
| Thanks!
They are not trojans and they are not viruses.
They are potentially umwanted programs/utilities and are flagged as hacktools because they
may be used maliciously not thet they are malicious.
The real question is, and you left this out, what is being flagged ?
If they are keygens, they ae NOT legitimate utilities and assumably if this is SAV Corp.
then Keygens should *NEVER* be used in a corp. environment.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
jen
VanguardLH
> I have symantec antivirus corporate, and it is detecting some
> Hacktools. Specifically, it lists the threats just as "Hacktool",
> with nothing else. So, my question is, are these actually threats
> with viruses in them, or is symantec deciding to remove
> keygens
When are these ever present when stolen software isn't involved?
> and the like from my machine? If the latter, how can I turn this
> behavior off?
Keygens ARE hacker tools (to allow pirating of software). So are some
Nirsoft utilities. They might be called hacker tools, PUPs (Probably
Unwanted Programs), SPRs (Security or Privacy Risk programs), or some
other name. You sure there isn't a setting in the anti-malware
program's scanner options to exclude hacker tools? Often they have a
list of well-known PUPs so not including them in their scanner gets rid
of the false positives; however, if it is a PUP that you installed and
upon which an alert is firing then you need to report it as a false
positive. Symantec AV doesn't tell WHAT type of suspect file on which
it is alerting, like the name that Symantec gave to the malware it
thinks it found?
Did you ever search your hard drive for something called "hacktool"? Or
is "Hacktool" the type of suspected malware file? If all the alert
dialog said was what you said it did, wasn't there a Details or other
button to get more information?
Since you are using the corporate edition of Symantec NAV, why not
contact your IT folks about the problem?
Lil' Abner
@usenet.osg.ufl.edu:
I try to run a clean ship, but once in a while some of these so-called
viruses or malware can come in handy, and some antiviruses will delete or
quarantine them without even asking. Two, in particular that get nailed a
lot are SmitFraudFix.exe and Revelation.exe. Revelation is indeed a hack
tool but you'd be surprised at the number of customers I've had who want to
reinstall their email on another computer or into a different client and
don't know their own password. Revelation is a lot faster than having to
call their ISP, wait on hold forever, and then forget what their first
pet's name was... :-)
Then there's one I've renamed "topsy.exe" that's been around since Windows
95 (maybe even 3.1) that turns your screen display upside down. Harmless.
But after all these years it has become a "virus".
I keep originals of all these on a CD or on floppy disks with the write tab
locked.
--
--- If voting could really change things it would be illegal. ---
FromTheRafters
>
> I have symantec antivirus corporate, and it is detecting some
> Hacktools. Specifically, it lists the threats just as "Hacktool", with
> nothing else. So, my question is, are these actually threats with
> viruses in them,
No. Assuming of course that they are not infected with a virus unknown
to the AV. If the AV detects a virus in a file it will report or act on
the virus it found.
> or is symantec deciding to remove keygens and the like from my
> machine?
No, you are probably doing so by configuration.
> If the latter, how can I turn this behavior off?
I don't know about the options available in this particular AV, but you
could store all your hacktools in an encrypted folder.
badgolferman
> Since you are using the corporate edition of Symantec NAV, why not
> contact your IT folks about the problem?
Many corporations that use SAV provide a copy for home use to their
employees. Mine does, although I have chosen to use AntiVir instead.
Wolf K
> scanned because it insisted that Revelation.exe is a virus or trojan
> or something bad. I know it;'s not. It's been very useful at times.
> AVG did not allow me to IGNORE it, which is annoying in itself.
Last time I used AVG, it had a white list.
wolf k.
VanguardLH
> VanguardLH wrote:
>
>> Since you are using the corporate edition of Symantec NAV, why not
>> contact your IT folks about the problem?
>
> Many corporations that use SAV provide a copy for home use to their
> employees. Mine does, although I have chosen to use AntiVir instead.
Typically that occurs if those same employees are toting their laptops
into work or allowed to connect to the corporate network through a VPN.
They don't want infected hosts coming into their network even if they do
use a more secure zone into which those hosts login. If the company is
doling out instances of its volume license for SAV then they still
provide the support for it. They are not allowed to distribute copies
of the license outside the organization. They are doling them out to
employees for off-site use so the license still remains with the company
(and the employees have to surrender the license when they leave the
company). So, again, contact the IT folks back at work. It's their
property and their headache.
Lil' Abner
news:49d8988b$0$9430$9a6e...@news.newshosting.com:
Problem is, when you're using it on someone else's computer, you're at
the mercy of *their* antivirus.
Allie
Thanks all. I did find where you could turn off the hacktool detection.
I hope by doing so I'm not opening up my computer to malicious software.
FromTheRafters
Of course you are, but as long as the hacktools are ones you already
know about there is no problem. If someone else places one on your
machine (for nefarious reasons) you won't get warned.
Allie
Thanks - yeah, good point. Though, there is a setting for logging the
message and just doing nothing about it, which is what i set. So, i'll
get warned, but it won't take any action other than that. Probably a
good compromise.
gudr...@gmail.com
Since I also have this issue I'd be interested to know how you
resolved it.
Have you excluded all hack tools as a general category or have you
found a way to exclude applications individually?
Thanks,
Countchocula
I never really resolved it. I only log hacktools, but there are a
bunch of variants listed as high risk which i didn't want to mess with.
the-changling
> FromTheRafters wrote:
> > "Allie" <als_tr...@hotmail.com> wrote in message
>
Well you may be. I have seen cases where SAV finds the hacktool in the
windows system area and gives the impression everything is fine. Then
when scanned with an independant OS and AV, you will find a rootkit
and a key logger running in memory. So if you see a hacktool.rootkit,
especially in the in the windows system area, I would not blow it off.