Symantec Hacktools

[Allie]

Hello All,

I have symantec antivirus corporate, and it is detecting some Hacktools.
Specifically, it lists the threats just as "Hacktool", with nothing
else. So, my question is, are these actually threats with viruses in
them, or is symantec deciding to remove keygens and the like from my
machine? If the latter, how can I turn this behavior off?

Thanks!

 

[Allie]

I don't know if it would work in your case or not, but I would go to
Start.>Search, and put in Hacktools. If found, then delete it. Other than
that I would restore back before this begin showing up. Neither may work,
but that's what I would do. Someone else may have a better suggestion.

Thanks for your reply, Richard. Actually, I think you might be
misunderstanding me. I'm not necessarily trying to get rid of the
hacktools. I'm wondering if symantec is detecting something on my
computer that I actually want on there. Are all hacktools dangerous?
Or, if I download a keygen for example, might symantec detect it as a
hacktool when it doesn't contain a virus at all?

 

[jen]

Hello All,
I have symantec antivirus corporate, and it is detecting some
Hacktools. Specifically, it lists the threats just as "Hacktool", with
nothing else. So, my question is, are these actually threats with
viruses in them, or is symantec deciding to remove keygens and the
like from my machine? If the latter, how can I turn this behavior
off?

Hacktool:
http://www.symantec.com/security_response/writeup.jsp?docid=2001-081707-2550-99

-jen

 

[VanguardLH]

I have symantec antivirus corporate, and it is detecting some
Hacktools. Specifically, it lists the threats just as "Hacktool",
with nothing else. So, my question is, are these actually threats
with viruses in them, or is symantec deciding to remove

keygens

When are these ever present when stolen software isn't involved?

and the like from my machine? If the latter, how can I turn this
behavior off?

Keygens ARE hacker tools (to allow pirating of software). So are some
Nirsoft utilities. They might be called hacker tools, PUPs (Probably
Unwanted Programs), SPRs (Security or Privacy Risk programs), or some
other name. You sure there isn't a setting in the anti-malware
program's scanner options to exclude hacker tools? Often they have a
list of well-known PUPs so not including them in their scanner gets rid
of the false positives; however, if it is a PUP that you installed and
upon which an alert is firing then you need to report it as a false
positive. Symantec AV doesn't tell WHAT type of suspect file on which
it is alerting, like the name that Symantec gave to the malware it
thinks it found?

Did you ever search your hard drive for something called "hacktool"? Or
is "Hacktool" the type of suspected malware file? If all the alert
dialog said was what you said it did, wasn't there a Details or other
button to get more information?

Since you are using the corporate edition of Symantec NAV, why not
contact your IT folks about the problem?

 

[FromTheRafters]

Hello All,

I have symantec antivirus corporate, and it is detecting some
Hacktools. Specifically, it lists the threats just as "Hacktool", with
nothing else. So, my question is, are these actually threats with
viruses in them,

No. Assuming of course that they are not infected with a virus unknown
to the AV. If the AV detects a virus in a file it will report or act on
the virus it found.

or is symantec deciding to remove keygens and the like from my
machine?

No, you are probably doing so by configuration.

If the latter, how can I turn this behavior off?

I don't know about the options available in this particular AV, but you
could store all your hacktools in an encrypted folder.

 

[letterman]

I try to run a clean ship, but once in a while some of these so-called
viruses or malware can come in handy, and some antiviruses will delete or
quarantine them without even asking. Two, in particular that get nailed a
lot are SmitFraudFix.exe and Revelation.exe. Revelation is indeed a hack
tool but you'd be surprised at the number of customers I've had who want to
reinstall their email on another computer or into a different client and
don't know their own password. Revelation is a lot faster than having to
call their ISP, wait on hold forever, and then forget what their first
pet's name was...
Then there's one I've renamed "topsy.exe" that's been around since Windows
95 (maybe even 3.1) that turns your screen display upside down. Harmless.
But after all these years it has become a "virus".
I keep originals of all these on a CD or on floppy disks with the write tab
locked.

Before AVG puked out on my Win98, I constantly got annoyed when I
scanned because it insisted that Revelation.exe is a virus or trojan
or something bad. I know it;'s not. It's been very useful at times.
AVG did not allow me to IGNORE it, which is annoying in itself.

I also have one of those things to turn the screen upside down, and
have had problems with that too. (different filename though).

As far as keygens, I'd just put them on other media since they are not
something used often. But I like having Revelation.exe handy on the
harddrive.

 

[badgolferman]

Since you are using the corporate edition of Symantec NAV, why not
contact your IT folks about the problem?

Many corporations that use SAV provide a copy for home use to their
employees. Mine does, although I have chosen to use AntiVir instead.

 

[VanguardLH]

Many corporations that use SAV provide a copy for home use to their
employees. Mine does, although I have chosen to use AntiVir instead.

Typically that occurs if those same employees are toting their laptops
into work or allowed to connect to the corporate network through a VPN.
They don't want infected hosts coming into their network even if they do
use a more secure zone into which those hosts login. If the company is
doling out instances of its volume license for SAV then they still
provide the support for it. They are not allowed to distribute copies
of the license outside the organization. They are doling them out to
employees for off-site use so the license still remains with the company
(and the employees have to surrender the license when they leave the
company). So, again, contact the IT folks back at work. It's their
property and their headache.

 

[Allie]

No. Assuming of course that they are not infected with a virus unknown
to the AV. If the AV detects a virus in a file it will report or act on
the virus it found.


No, you are probably doing so by configuration.


I don't know about the options available in this particular AV, but you
could store all your hacktools in an encrypted folder.

Thanks all. I did find where you could turn off the hacktool detection.
I hope by doing so I'm not opening up my computer to malicious software.

 

[FromTheRafters]

Thanks all. I did find where you could turn off the hacktool
detection. I hope by doing so I'm not opening up my computer to
malicious software.

Of course you are, but as long as the hacktools are ones you already
know about there is no problem. If someone else places one on your
machine (for nefarious reasons) you won't get warned.

 

[Allie]

Of course you are, but as long as the hacktools are ones you already
know about there is no problem. If someone else places one on your
machine (for nefarious reasons) you won't get warned.

Thanks - yeah, good point. Though, there is a setting for logging the
message and just doing nothing about it, which is what i set. So, i'll
get warned, but it won't take any action other than that. Probably a
good compromise.

 

[gudrance]

Allie,
Since I also have this issue I'd be interested to know how you
resolved it.
Have you excluded all hack tools as a general category or have you
found a way to exclude applications individually?
Thanks,

 

[Countchocula]

Allie,
Since I also have this issue I'd be interested to know how you
resolved it.
Have you excluded all hack tools as a general category or have you
found a way to exclude applications individually?
Thanks,

I never really resolved it. I only log hacktools, but there are a
bunch of variants listed as high risk which i didn't want to mess with.

 

[the-changling]

Thanks all.  I did find where you could turn off the hacktool detection..
  I hope by doing so I'm not opening up my computer to malicious software.-

Well you may be. I have seen cases where SAV finds the hacktool in the
windows system area and gives the impression everything is fine. Then
when scanned with an independant OS and AV, you will find a rootkit
and a key logger running in memory. So if you see a hacktool.rootkit,
especially in the in the windows system area, I would not blow it off.