ZArchive Manages Your File Archives

Today smartphones are quite powerful devices that can handle multiple processes at once. In fact, some of … more

Regain Double Tap to Wake Functionality on the Nexus 6

A few months ago, Google announced its newest flagship device, the Nexus 6, alongside … more

Clean Your Recent Apps – XDA Xposed Tuesday

In this day and age, you have quite a few apps installed and running on your Android … more

Android Studio Reaches Release Candidate Status

Android app developers have a few options when comes to Android IDEs. One of the most … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Thread Closed

rageagainstthecage-arm5.bin - Trojan?

OP guruleenyc

28th November 2010, 02:50 AM   |  #1  
guruleenyc's Avatar
OP Senior Member
Flag nYc/CT
Thanks Meter: 1
 
255 posts
Join Date:Joined: Aug 2010
More
My Kaspersky is detecting a trojan in this rooting file:

Exploit.Linux.Lotoor.g

See attached screen-shot;

Let me know if this is in fact a false positive...?
Attached Thumbnails
Click image for larger version

Name:	11-27-2010 8-45-52 PM.png
Views:	791
Size:	43.1 KB
ID:	451191  
28th November 2010, 02:59 AM   |  #2  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter: 5,115
 
4,666 posts
Join Date:Joined: May 2010
Donate to Me
More
RATC.bin is teh exploit used to root your phone...
28th November 2010, 03:10 AM   |  #3  
Geniusdog254's Avatar
Retired Recognized Developer
Flag St. Louis
Thanks Meter: 167
 
1,094 posts
Join Date:Joined: Jan 2009
Donate to Me
More
It's a false positive. Promise.
28th November 2010, 04:42 AM   |  #4  
Senior Member
Thanks Meter: 1,253
 
2,177 posts
Join Date:Joined: Nov 2010
Quote:
Originally Posted by Geniusdog254

It's a false positive. Promise.

It's not a false positive, the exploit that we use works just like any trojan - it provides back-door access to the system. We're just using a virus to crack open the system long enough to install a more permanent access to root.

That's right, viruses aren't necessarily bad - it just depends on how they're used
The Following User Says Thank You to styles420 For This Useful Post: [ View ]
28th November 2010, 04:55 AM   |  #5  
Kcarpenter's Avatar
Senior Member
Flag Clinton, TN
Thanks Meter: 146
 
3,343 posts
Join Date:Joined: Nov 2009
More
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
28th November 2010, 05:22 AM   |  #6  
Retired Recognized Developer
Flag Midland
Thanks Meter: 69
 
304 posts
Join Date:Joined: Nov 2009
Donate to Me
More
yeah true true. virus by deffinition yes. but technically anything can be defined as a "virus" by allowing access to "alter" the original programming to allow access to functions other than what the manufacturer intended. dont worry. most antivirus's find a virus in anything. a key generator shows up as a virus. dont worry. your safe.
28th November 2010, 06:00 AM   |  #7  
Senior Member
Thanks Meter: 26
 
408 posts
Join Date:Joined: Oct 2009
Quote:
Originally Posted by Kcarpenter

It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App

What you wrote makes no sense, the reason the anti-virus detects it as a trojan is because it includes exploit code to obtain root in LINUX. It won't do anything to a windows box but it can completely own a vulnerable linux box. So telling someone they would need to switch to linux in order to avoid this exploit is ridiculous.
Last edited by richse; 28th November 2010 at 06:03 AM.
28th November 2010, 06:05 AM   |  #8  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter: 5,115
 
4,666 posts
Join Date:Joined: May 2010
Donate to Me
More
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
28th November 2010, 06:08 AM   |  #9  
Senior Member
Thanks Meter: 26
 
408 posts
Join Date:Joined: Oct 2009
Quote:
Originally Posted by shabbypenguin

correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless

YES, but the reason I responded to that last post was because he was telling someone to switch from windows to linux in order to avoid a linux exploit. There are plenty of valid reasons to switch, but that would have to be the stupidest one I have ever seen put forth.
28th November 2010, 07:10 AM   |  #10  
Senior Member
Thanks Meter: 1,253
 
2,177 posts
Join Date:Joined: Nov 2010
Quote:
Originally Posted by shabbypenguin

correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless

The exploitation of adb is used to get the RATM file on the phone... then RATM uses an exploit in the linux kernel to gain root access. I'm pretty sure RATM isn't using adb to do its magic. What I don't know, is if it is exploiting a part of the kernel that is android specific, or a part that is in every linux kernel

Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes