Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,784,939 Members 49,818 Now Online
XDA Developers Android and Mobile Development Forum

rageagainstthecage-arm5.bin - Trojan?

Tip us?
 
guruleenyc
Old
#1  
guruleenyc's Avatar
Senior Member - OP
Thanks Meter 1
Posts: 255
Join Date: Aug 2010
Location: nYc/CT
Default rageagainstthecage-arm5.bin - Trojan?

My Kaspersky is detecting a trojan in this rooting file:

Exploit.Linux.Lotoor.g

See attached screen-shot;

Let me know if this is in fact a false positive...?
Attached Thumbnails
Click image for larger version

Name:	11-27-2010 8-45-52 PM.png
Views:	785
Size:	43.1 KB
ID:	451191  
 
shabbypenguin
Old
#2  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter 4,925
Posts: 4,519
Join Date: May 2010

 
DONATE TO ME
RATC.bin is teh exploit used to root your phone...
If you feel as though my work is worth something, you can alwaysDonate
 
Geniusdog254
Old
#3  
Geniusdog254's Avatar
Retired Recognized Developer
Thanks Meter 166
Posts: 1,094
Join Date: Jan 2009
Location: St. Louis

 
DONATE TO ME
It's a false positive. Promise.
Follow me on Twitter @Geniusdog254

If you like my work, please buy one of my apps on the Market or donate!
  • Reflex-A-Tron - A colorful, addicting, & fun game to test yourself & challenge friends for only $.99!
  • Search2Play - Control your music with your device's buttons!
  • Task'd - A beautiful to-do list app!

Phones:
Android Dev Phone 1 - Dec. '08
Rogers HTC Dream - Sept. '09
AT&T Nexus One - March '10
Motorola Droid - Apr. '10
HTC Evo - Jun. '10
HTC Evo 3D - Jun. '11
Sprint Galaxy Nexus - May '12
 
styles420
Old
#4  
Senior Member
Thanks Meter 1,252
Posts: 2,170
Join Date: Nov 2010
Quote:
Originally Posted by Geniusdog254 View Post
It's a false positive. Promise.
It's not a false positive, the exploit that we use works just like any trojan - it provides back-door access to the system. We're just using a virus to crack open the system long enough to install a more permanent access to root.

That's right, viruses aren't necessarily bad - it just depends on how they're used
The Following User Says Thank You to styles420 For This Useful Post: [ Click to Expand ]
 
Kcarpenter
Old
#5  
Kcarpenter's Avatar
Senior Member
Thanks Meter 146
Posts: 3,343
Join Date: Nov 2009
Location: Clinton, TN
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
-----------------
-HTC EVO LTE - Stock ATM
Google+: Karl Carpenter
FaceBook: http://www.facebook.com/kcarpenter5407
Twitter: @KCarpenter528
 
newkidd
Old
#6  
Retired Recognized Developer
Thanks Meter 69
Posts: 304
Join Date: Nov 2009
Location: Midland

 
DONATE TO ME
yeah true true. virus by deffinition yes. but technically anything can be defined as a "virus" by allowing access to "alter" the original programming to allow access to functions other than what the manufacturer intended. dont worry. most antivirus's find a virus in anything. a key generator shows up as a virus. dont worry. your safe.
Im just a frog, tryin to get some wood.
 
richse
Old
(Last edited by richse; 28th November 2010 at 05:03 AM.)
#7  
Senior Member
Thanks Meter 26
Posts: 408
Join Date: Oct 2009
Quote:
Originally Posted by Kcarpenter View Post
It is in deed a real virus, but it won't do much to your windows system other than piss off your av software... Could jump to linux and not worry about viruses...at least very few. Yes they exist, but rarely affecting a personal computer.

Sent from my SPH-D700 using XDA App
What you wrote makes no sense, the reason the anti-virus detects it as a trojan is because it includes exploit code to obtain root in LINUX. It won't do anything to a windows box but it can completely own a vulnerable linux box. So telling someone they would need to switch to linux in order to avoid this exploit is ridiculous.
 
shabbypenguin
Old
#8  
shabbypenguin's Avatar
Recognized Developer
Thanks Meter 4,925
Posts: 4,519
Join Date: May 2010

 
DONATE TO ME
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
If you feel as though my work is worth something, you can alwaysDonate
 
richse
Old
#9  
Senior Member
Thanks Meter 26
Posts: 408
Join Date: Oct 2009
Quote:
Originally Posted by shabbypenguin View Post
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
YES, but the reason I responded to that last post was because he was telling someone to switch from windows to linux in order to avoid a linux exploit. There are plenty of valid reasons to switch, but that would have to be the stupidest one I have ever seen put forth.
 
styles420
Old
#10  
Senior Member
Thanks Meter 1,252
Posts: 2,170
Join Date: Nov 2010
Quote:
Originally Posted by shabbypenguin View Post
correct it obtains root, but do you understand how? the whole reason it works is by exploiting adb so unless you happen to have the phone version of adb included in your linux build i would think this is pretty harmless
The exploitation of adb is used to get the RATM file on the phone... then RATM uses an exploit in the linux kernel to gain root access. I'm pretty sure RATM isn't using adb to do its magic. What I don't know, is if it is exploiting a part of the kernel that is android specific, or a part that is in every linux kernel

THREAD CLOSED
Subscribe
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes