I’m not sure if this has already been posted here or not, I look through
posts and I couldn’t find any referance to it…
I downloaded the Slackware 10.1 isos on a win2k machine and
then forgot about them for awhile, I did a full system scan, and it’s
trying to tell me that there is a worm in the iso called nutcracker.
I know there is a slackware package called nutcracker, but it’s not a
worm, to the best of my knowledge…
I have found a couple other referances to this via google, but I thought
I would ask here, this is a false positive, right? (the md5 for the iso checks
out fine)
TrendMicro’s Housecall
Bit Defender On-line Scanner
F-Secure On-line Scanner ActiveX required
These are just a few of the many on-line scanners out there, check out RejZor’s Website - Security Ops for more On-line Virus Scanners Security.Ops.tk
The file in question, for those of you familier with the slackware cd’s is
on disc 2
slackware\kdei\kde-i18n-pa-3.3.2-noarch-1.tgz
kde-i18n-pa-3.3.2-noarch-1.tar\opt\kde\share\locale\pa
LC_MESSAGES\kio_fish.mo\PartNo_0#3575837306
A little research tells me that a program call “nutcracker” was included
with slackware starting with slackware 8.0, it’s apparently a password
checker/cracker.
Here is the full file name as reported by avast:
“D:\slackware-10.1-install-d2.iso\slackware\kdei
kde-i18n-pa-3.3.2-noarch-1.tgz\kde-i18n-pa-3.3.2-noarch-1.tar
opt\kde\share\locale\pa\LC_MESSAGES\kio_fish.mo
PartNo_0#3575837306”
Results of Jotti’s:
AntiVir - Found nothing
Avast - Found Nutcracker family
AVG Antivirus - Found nothing
BitDefender - Found nothing
ClamAV - Found nothing
Dr.Web - Found nothing
F-Prot Antivirus - Found nothing
Fortinet - Found nothing
Kaspersky Anti-Virus - Found nothing
mks_vir - Found nothing
NOD32 - Found nothing
Norman Virus Control - Found nothing
VBA32 - Found nothing
For the record, Jotti’s worked alot better then other web
scanners, I had no end of trouble w/ bit defender and fsecure.
Apparently, bit defender put a file somwhere on my system
last time I used it and was unable to update it because
the file already existed, grrrrr.
I will also, take this time to say “I love avast!” and “Thank you
for taking the time to help me with this issue.”
It may be a false positive, so send it in a password Zip file to virus@avast.com, state that you think its a false positive and where you got it from in the body message of the email.