TT Livescan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
The Zero Hour has arrived.

http://www.tot-ltd.org/TT-Livescan.rar

The database contains 3 million+ malware definitions. Since the
database is accessed online, it is not recommended for people using a
satellite ISP due to obvious latency issues.

Enjoy.

Re: TT Livescan


Quoted text here. Click to load it

It's a scam.
It's a 38k/b rar file that unpacks to a few exes and data files.
The exes have 'The Temple of Transgression' as authors.
The home site 'xxx.tot-ltd.org' is 'under construction'.



 


Re: TT Livescan

Quoted text here. Click to load it

Because it certainly isn't possible that the database in question (tot-
ltd.org/md5db perhaps?) has appropriately named files from 0000-FFFF.

Think before you speak.

Re: TT Livescan

Quoted text here. Click to load it

Because it certainly isn't possible that the database in question (tot-
ltd.org/md5db perhaps?) has appropriately named files from 0000-FFFF.

Think before you speak.

I think he spelt spam wrong. :op



Re: TT Livescan

    
Quoted text here. Click to load it


And you expect people to trust such a posting with only a download
link?

Yrrah

--
Some of the best of the best in Freeware
http://www.pricelesswarehome.org /

Re: TT Livescan

Quoted text here. Click to load it

...and because your post contains a caution...we should trust it?

Re: TT Livescan

pheeh.zero@gmail.com wrote:

Quoted text here. Click to load it

I don't trust it.

F. Reeware

Re: TT Livescan

Because heuristics never lie either.

http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENZZ324&q=antivirus+false+positive+heuristic&btnG=Search

And obviously, since according to at least one poster, I'm clearly
making up stuff about satellite internet being notorious for latency
issues (what's that, round travel of ~75000+ miles... PREPOSTEROUS!).

http://www.google.com/search?source=ig&hl=en&rlz=1G1GGLQ_ENZZ324&=&q=satellite+internet+latency&btnG=Google+Search

You'll find that *ANY* satellite connection *WILL* have a minimum
latency of *AT LEAST* 500ms, but usually averaging anywhere from
900ms-2000ms.  I know this because I have had the misfortune of being
subjected to satellite internet.  Hence why I don't recommend using
the online scanner because the delays are ridiculous.  Seriously,
because of the latency issues with satellite internet, you will wind
up getting faster scantimes using a dialup connection.  Also inb4
"THATS UNPOSSIBLE".  Each section of 0000-FFFF is anywhere from 1-5K
in size.  It's like that for a reason, folks.  With a decent DSL/
Broadband connection, TT Livescan can process up to 232GB of data in
less than 12 minutes.  I also trimmed down on as much bloat as I could
to make it possible for an online scanner to be of such a small size,
while having a database of over 3 million md5 hashes available online
for it to make use of.

As for the offensive.dat file: Optional parental scanning based on
partial matches of filenames.  And looking at some of these posts...
my, my... what short term memory some seem to have.  It looks like
I'll be mailing out boxes of depends this christmas to match the faked
alzheimers.  Unless some of you really aren't attempting to reverse
troll.

And so we meet again, Mr. Lipman.  Yes, for about 3 months I posted
from a library when I didn't have internet at my residence.... almost
4 years ago, was it?  Then I had DSL with AT&T, and after that, moved
out to the boondocks where the only feasible option was dialup, since
according to HughesNet and WildBlue (and I quote), we "did not have a
clear view of the southern sky".  But that's beside the point.
However, I no longer live in Ohio:  I now live in Texas.  How are
things on your end, Mr. Lipman?

Re: TT Livescan


| Because heuristics never lie either.

|
http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENZZ324&q=antivirus+false+positive+
| heuristic&btnG=Search

| And obviously, since according to at least one poster, I'm clearly
| making up stuff about satellite internet being notorious for latency
| issues (what's that, round travel of ~75000+ miles... PREPOSTEROUS!).

|
http://www.google.com/search?source=ig&hl=en&rlz=1G1GGLQ_ENZZ324&=&q=satellite+internet+
| latency&btnG=Google+Search

| You'll find that *ANY* satellite connection *WILL* have a minimum
| latency of *AT LEAST* 500ms, but usually averaging anywhere from
| 900ms-2000ms.  I know this because I have had the misfortune of being
| subjected to satellite internet.  Hence why I don't recommend using
| the online scanner because the delays are ridiculous.  Seriously,
| because of the latency issues with satellite internet, you will wind
| up getting faster scantimes using a dialup connection.  Also inb4
| "THATS UNPOSSIBLE".  Each section of 0000-FFFF is anywhere from 1-5K
| in size.  It's like that for a reason, folks.  With a decent DSL/
| Broadband connection, TT Livescan can process up to 232GB of data in
| less than 12 minutes.  I also trimmed down on as much bloat as I could
| to make it possible for an online scanner to be of such a small size,
| while having a database of over 3 million md5 hashes available online
| for it to make use of.

| As for the offensive.dat file: Optional parental scanning based on
| partial matches of filenames.  And looking at some of these posts...
| my, my... what short term memory some seem to have.  It looks like
| I'll be mailing out boxes of depends this christmas to match the faked
| alzheimers.  Unless some of you really aren't attempting to reverse
| troll.

| And so we meet again, Mr. Lipman.  Yes, for about 3 months I posted
| from a library when I didn't have internet at my residence.... almost
| 4 years ago, was it?  Then I had DSL with AT&T, and after that, moved
| out to the boondocks where the only feasible option was dialup, since
| according to HughesNet and WildBlue (and I quote), we "did not have a
| clear view of the southern sky".  But that's beside the point.
| However, I no longer live in Ohio:  I now live in Texas.  How are
| things on your end, Mr. Lipman?

That explains the Amarillo based provider, AMA Com.

It is amazing how some things you remember and other things you can't.

I am fine here in the Jersey Shore.

Still waiting for real content on a web site fully explaining your project.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: TT Livescan

wrote:
Quoted text here. Click to load it

Glad to hear things are going well for you.  As for content... there's
not really a whole lot to explain.  It's an online based scanner that
accesses a blacklist directory based on the first 4 digits of an MD5
hash (http://www.tot-ltd.org/md5db/0000-FFFF ).  The back engine is
still the same as it was when I was working on VTE Virus Scanner.
Only thing that's really changed is instead of using crc32 hashes,
it's now using md5 hashes and has slightly different features and a
quicker scantime.  Other than that, I'm not really sure any other
explanation can be given.

Re: TT Livescan

"idbeholda" wrote:

Quoted text here. Click to load it

If you expect people to use it there should be an explantion on the
web site - not here. You might also want to mention the ablility of
TTMWST.exe to upload files using FTP. I can see you're likely to fall
foul of other virus scanners with this module since a lot of account/
password stealers are also written in VB6 and use FTP.

You've an impossible task keeping up to date with signatures based on
a file hash. Much malware will have a different signature each time
it's downloaded. It's either packed differently on the fly or some
random bytes are tacked on to the end of the executable.



Re: TT Livescan

Quoted text here. Click to load it

1)There is an explanation on the front page (http://www.tot-ltd.org ).
It's there for a reason; don't pretend to be illiterate.  Secondly,
the use of TTMWST.exe is entirely *OPTIONAL*.  If you don't want to
have it upload infected files to the server from /quarantine, then
don't use it.  I'm not holding a gun to your head, and this isn't
rocket science.

2)By the same logic, all programs using FTP access should be flagged
as malware.  What do you want me to do, publish the working source
code that's like 10 lines, and anyone with a browser and an install of
VS6 can find easily enough?  Nice try, but I don't think so.  If I
would work on a security app for 5+ years, what would be the point of
me giving people a trojan.  Quite honestly, I'm interested in hearing
an explanation for this fantastical scenario that doesn't involve time
travel and alien abduction.

3)If I used string signatures, the same complaint would be given that
it's an "impossible task to keep up with [y] because of [x]."  Keeping
up with md5 hashes is NOT that difficult of a task.  Really, it
isn't.  The reason I don't use string signatures is quite simple:  VB
sucks with raw data processing.  I could resurrect the subsystem
scanner from VTE, but I'm opting not to.  Why you ask?  There's an
option for multiple AV plugins using tweak.exe.  All you have to do is
copy and paste the commandline of the scanner and replace //disabled
with //enabled.

Finally, I'm offering a free service.  If you think it's sketchy/
trojaned/whatever, then don't use it.  I won't lose any sleep over
your misjudgement.




Re: TT Livescan

On 29 Apr 2009 06:11, idbeholda wrote in alt.comp.freeware
<news:21dbeaad-8bb1-4942-b37e-
76c09a74eb1a@f1g2000prb.googlegroups.co
m>:

Quoted text here. Click to load it

I'm new to the history behind all this and saw a reference to
heuristics in this thread and then read an explanation to matching
the first few digits of an MD5 hash. Presumably the reference to
heuristics was a way of saying heuristics are not being used.

As for the MD5 explanation, I couldn't see it on the website but
maybe I need leading by the hand.

Point 2 above makes me uncomfortable. It seems to say the code for
the module is about 10 lines but anyone requesting it must be
paranoid or a fantasist.  Surely it would be easier to just post the
code rather than tell people who can't extract it for themselves
that they are technically inadequate.

As I said, I know nothing of any other history but there's something
about this which doesn't inspire confidence.  I think I'll let
others try it first and then maybe I'll decide if it's for me.

Re: TT Livescan

Quoted text here. Click to load it

http://www.pscode.com/vb/scripts/ShowCode.asp?txtCodeId=3D47972&lngWId=3D1

Like I said, all it takes is a search engine.  The only thing
TTMWST.exe accesses is the mw_submit folder via ftp on tot-ltd.org.
No personal data is collected other than what is flagged and
*optionally* (per user request) sent to the /quarantine folder.  The
other 8 lines of code are basically bells and whistles that let the
user know what's being uploaded and the percentage complete.

Regardless you are correct in your assumption regarding the 10 lines
of code.  The reason I am stating that is because fantasism is exactly
what's going on here:  I'm not putting a trojan on someone else's
system.  Therefore, if I'm offering someone a method to find and
detect malware, and someone else is claiming that I'm "offering"
something "different", from my standpoint, they're clearly out of
their mind.

However, if it appears I'm being a bit too obtuse, ask other companies
to discuss their source codes/executable in full detail as I have over
the years.  One will soon discover it's not me who's obtuse about
their own dealings.

As for heuristics?  There's an option for that too, and the database
is openly located in the TT-Livescan download under the filename of
heuristics.dat.  On top of that, if you want to add in your own
heuristics, you can do that too.  It honestly makes no difference to
me.

Re: TT Livescan

In article <21dbeaad-8bb1-4942-b37e-
76c09a74eb1a@f1g2000prb.googlegroups.com>
Quoted text here. Click to load it
Gone

How come a smart guy like you has not learned one of the simplest
facts of Usenet?  Namely, no intended good deed goes unpunished in
the world of the troll?


Re: TT Livescan

wrote:
Quoted text here. Click to load it

lolwut? >;3>

Re: TT Livescan

On Wed, 29 Apr 2009 22:09:51 -0700 (PDT), idbeholda wrote:

Quoted text here. Click to load it

V unq n png jub sryy va n cbby naq qebjarq. Vg envarq gur qnl bs ure
shareny naq ab bar pnzr. Shpx uhznaf.
--
My hero!!    http://tr.im/2ghc

Re: TT Livescan

On Thu, 30 Apr 2009 12:54:51 -0400, "Brian \"Goober\" Gwaltney"

Quoted text here. Click to load it

V qba'g fjvat gung jnl. Srznyrf bayl va zl pnfr.

Re: TT Livescan

On Thu, 30 Apr 2009 13:34:40 -0500, test@test.org wrote Re Re: TT
Livescan:

Quoted text here. Click to load it

Jnf vg n onq png be n tbbq png? V'yy org vg jnf n onq png gung unq ab
sevraqf.  V unir n png yvxr gung.

Re: TT Livescan

On 04/30/2009 09:54 AM, Brian "Goober" Gwaltney sent:
Quoted text here. Click to load it

Jrypbzr gb gur pyho Tbbore

--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Site Timeline