Sentinel™ download package contains Virus?

New Member Joined: Dec 07, 2003 Posts: 22 Location: USA

You gave me more than a hard time, I was in tears you was so hard on me (giggling). Just kidding about the tears Laughing

I guess you're not that bad of a guy, notice the word "guess" .. Laughing

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Want a second opinion? <MUHAHAHAHAHA>

Regular Joined: Feb 29, 2004 Posts: 63

Hey guys, I downloaded Mikem Virus program, I couldn't get to the internet for an hour, I took it off then started right up

New Member Joined: Aug 24, 2003 Posts: 11

Quote:

From speedx: Money go back to school. If you read the posts you would understand what they are trying to say. They said NOW read carefully ok, that they used norton or other virus scanning program and did not find a trojan virus in the files.....

Don't act condescendingly to me speedx. Your one post above mine had nothing, nothing at all, in it on this thread's topic or the forum's topic. If mine is considered off-topic here, then someone please move it to wherever it fits better.

The part of Sentinel which causes the user's computer to malfunction is written in javascript and flash. Those files are downloaded on the user's computer and run inside his browser. PHP, CGI, and binary code is what executes on the server.

I had read their posts. To me whether an anti-virus software alerts is not as big of a deal as the legal issue because everyone here knows Sentinel contains malicious code which when triggered attacks a visitor. Frankly, all the anti-virus software should be issuing alerts not just the one mikem pointed out. Kapersky identified Sentinel's abuse.js file as being infected by a trojan. Only registered users can see links on this board! Get registered or login! and Sentinel's pc killer share similar behaviors. Both use javascript to cause the user's computer to malfunction. The former moves the window rapidly around the screen so the user cannot close it while the latter spawns off an infinite number of popups causing his PC to run out of memory and lock up. Both trap the ALT, F4, CTRL, and DEL keys.

Each malware has a unique set of bits called a signature. Developers try to obtain samples of the code or binaries to analyze their signatures and create definitions. The anti-virus software then uses these definitions to detect and identify malicious code. These products will not automatically recognize every new virus/trojan/etc hitting the street today or into the future. However, they will alert when a software's signature matches an already existing definition which was loaded. The reason why Kapersky alerts while others don't is due to the differences in the way they wrote their definition for Trojan.JS.Offiz. I bet Kapersky is only keying off the javascript trapping of ALT, F4, CTRL, and DEL keys (which is considered malicious) and the others either chose to be more specific or did not include this particular one. If someone sends a copy of Sentinel to the anti-virus companies, IMO they will add it to their detection because regardless of the developers' denial here, this script is a trojan.

Posted: Thu Jun 03, 2004 8:27 am

Quote:

To Money: I would rely on the answers of higher, corporate/industry standard virus checkers than that of new, false reading minors.

Quote:

money,
Put the doobie down. There is no trojan. KAV falsely reports it. There is nothing malicious. There is no hard drive crash. That is your ridiculous interpretation. "Whether you want to accept this labeling for your post is not important".

Sentinel has a very similar behavior to Only registered users can see links on this board! Get registered or login!. It's obvious we aren't going to agree on this. So, why not let the experts decide by giving a copy to the anti-virus companies. This will verify for sure whether your or my position is correct.

You may not consider spawning multiple popups on someone's PC as malicious, but regular visitors and the government do. A site owner cannot guarantee a visitor's hard drive won't crash because you have no idea what he is running which might conflict. Some here are pointing to other software that crash PCs. Those are not intentional by developers but inadvertently caused by software bugs or poorly written code. That is not illegal. The issue is intent to cause harm which is what your software was specifically written to do. As I already showed, this is against the law in the US. It may be in other countries.

Posted: Thu Jun 03, 2004 8:35 am

Money,

Your points are well articulated and taken. Yes, we do differ on opinion/interpretation. The fact that out of all the Major AV products, with the exception of this one (KAV), they do not see this JS/Flash as a virus, does speak volumes imo. Also, a virus is, by definition and acceptance, an INTENTIONALLY placed code to harm a network and/or PC. That is not why it was written nor is what it is in practice. Regardless, the code has been rewritten in v1.2 and does not cause this footprint.

Regular Joined: Aug 23, 2003 Posts: 77

i check in Mcafee website, they said it's was a very low risk. they think trojan because Ctrl, Del, Escape, and Alt + F4 to popup an Java Script alert message.

Posted: Thu Jun 03, 2004 8:53 am

xfsunolesphp wrote:

i check in Mcafee website, they said it's was a very low risk. they think trojan because Ctrl, Del, Escape, and Alt + F4 to popup an Java Script alert message.

Also, see this post http://www.ravenphpscripts.com/postt1655.html

Posted: Thu Jun 03, 2004 9:50 am

I wanted to let all know that MikeM has altered his original New's item at NC that started this thread. Thank you Mike. Here is a copy of what MikeM now has as his News item

MikeM wrote:

Beware-Possible Virus in Sentinel™ package

More Information can be found Only registered users can see links on this board! Get registered or login!
The script possibly is being detected as a virus by some Virus scanners due to the nature of the script's function. The authors at Raven scripts are aware of this and are releasing a new version that will not set off this possible "false alarm" from certain virus scanners.
from Raven of ravenphpscripts:
"The fact that out of all the Major AV products, with the exception of this one (KAV), they do not see this JS/Flash as a virus, does speak volumes imo. Also, a virus is, by definition and acceptance, an INTENTIONALLY placed code to harm a network and/or PC. That is not why it was written nor is what it is in practice. Regardless, the code has been rewritten in v1.2 and does not cause this footprint."