5,593,876 Members 46,558 Now Online
XDA Developers Android and Mobile Development Forum

rageagainstthecage-arm5.bin - Trojan?

Tip us?
 
guruleenyc
Old
#1  
guruleenyc's Avatar
Senior Member - OP
Thanks Meter 1
Posts: 255
Join Date: Aug 2010
Location: nYc/CT
Default rageagainstthecage-arm5.bin - Trojan?

My Kaspersky is detecting a trojan in this rooting file:

Exploit.Linux.Lotoor.g

See attached screen-shot;

Let me know if this is in fact a false positive...?
Attached Thumbnails
Click image for larger version

Name:	11-27-2010 8-45-52 PM.png
Views:	769
Size:	43.1 KB
ID:	451191  
 
shabbypenguin
Old
#2  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter 4396
Posts: 4,169
Join Date: May 2010

 
DONATE TO ME
RATC.bin is teh exploit used to root your phone...
If you feel as though my work is worth something, you can alwaysDonate
 
Geniusdog254
Old
#3  
Geniusdog254's Avatar
Recognized Developer
Thanks Meter 165
Posts: 1,094
Join Date: Jan 2009
Location: St. Louis

 
DONATE TO ME
It's a false positive. Promise.
Follow me on Twitter @Geniusdog254

If you like my work, please buy one of my apps on the Market or donate!
  • Reflex-A-Tron - A colorful, addicting, & fun game to test yourself & challenge friends for only $.99!
  • Search2Play - Control your music with your device's buttons!
  • Task'd - A beautiful to-do list app!

Phones:
Android Dev Phone 1 - Dec. '08
Rogers HTC Dream - Sept. '09
AT&T Nexus One - March '10
Motorola Droid - Apr. '10
HTC Evo - Jun. '10
HTC Evo 3D - Jun. '11
Sprint Galaxy Nexus - May '12
 
styles420
Old
#4  
Senior Member
Thanks Meter 1235
Posts: 2,145
Join Date: Nov 2010
Quote:
Originally Posted by Geniusdog254 View Post
It's a false positive. Promise.
It's not a false positive, the exploit that we use works just like any trojan - it provides back-door access to the system. We're just using a virus to crack open the system long enough to install a more permanent access to root.

That's right, viruses aren't necessarily bad - it just depends on how they're used
The Following User Says Thank You to styles420 For This Useful Post: [ Click to Expand ]
 
Kcarpenter
Old
#5  
Kcarpenter's Avatar
Senior Member
Thanks Meter 146
Posts: 3,343
Join Date: Nov 2009
Location: Clinton, TN
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
-----------------
-HTC EVO LTE - Stock ATM
Google+: Karl Carpenter
FaceBook: http://www.facebook.com/kcarpenter5407
Twitter: @KCarpenter528
 
newkidd
Old
#6  
Recognized Developer
Thanks Meter 69
Posts: 303
Join Date: Nov 2009
Location: Midland

 
DONATE TO ME
yeah true true. virus by deffinition yes. but technically anything can be defined as a "virus" by allowing access to "alter" the original programming to allow access to functions other than what the manufacturer intended. dont worry. most antivirus's find a virus in anything. a key generator shows up as a virus. dont worry. your safe.
Im just a frog, tryin to get some wood.
 
richse
Old
(Last edited by richse; 28th November 2010 at 05:03 AM.)
#7  
Senior Member
Thanks Meter 25
Posts: 404
Join Date: Oct 2009
Quote:
Originally Posted by Kcarpenter View Post
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
What you wrote makes no sense, the reason the anti-virus detects it as a trojan is because it includes exploit code to obtain root in LINUX. It won't do anything to a windows box but it can completely own a vulnerable linux box. So telling someone they would need to switch to linux in order to avoid this exploit is ridiculous.
 
shabbypenguin
Old
#8  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter 4396
Posts: 4,169
Join Date: May 2010

 
DONATE TO ME
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
If you feel as though my work is worth something, you can alwaysDonate
 
richse
Old
#9  
Senior Member
Thanks Meter 25
Posts: 404
Join Date: Oct 2009
Quote:
Originally Posted by shabbypenguin View Post
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
YES, but the reason I responded to that last post was because he was telling someone to switch from windows to linux in order to avoid a linux exploit. There are plenty of valid reasons to switch, but that would have to be the stupidest one I have ever seen put forth.
 
styles420
Old
#10  
Senior Member
Thanks Meter 1235
Posts: 2,145
Join Date: Nov 2010
Quote:
Originally Posted by shabbypenguin View Post
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
The exploitation of adb is used to get the RATM file on the phone... then RATM uses an exploit in the linux kernel to gain root access. I'm pretty sure RATM isn't using adb to do its magic. What I don't know, is if it is exploiting a part of the kernel that is android specific, or a part that is in every linux kernel

THREAD CLOSED
Subscribe
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

How to Hack An Android App (Don’t Try This at Home) – XDA Developer TV

Listen, don’t cheat in your games. So don’t … more

Windows Phone 8.1 Developer Preview Now Available!

About two weeks ago at the BUILD conference in San Francisco, Microsoft unveiled Windows … more

Prevent Unwanted Butt Dialing with Smart Pocket Guard

You may recall that back in August of last year, we took a look atAir SwiperbyXDA … more