|
|
|
|
| Re: your product steals my information [message #449415 is a reply to message #448827] |
Mon, 04 July 2011 14:09   |
 |
sla.ro(master)
Messages: 610
Registered: September 2010
Location: Romania
Karma: 0
|
Colonel |
|
|
| Omar007 wrote on Thu, 16 June 2011 00:55 |
If you got RenGuard from here, it's not malicious.
It does get false-positives on some scanners afaik.
Aside from that, you shouldn't use RenGuard anymore imo. It's outdated anyway.
|
some communities like n00bstories can force you to use RenGuard and yes, is outdated.
Creator of Mutant Co-Op
Developer of LuaTT
|
|
|
|
|
|
| Re: your product steals my information [message #449637 is a reply to message #448824] |
Fri, 15 July 2011 09:23 |
 |
Omar007
Messages: 1711
Registered: December 2007
Location: Amsterdam
Karma: 0
|
General (1 Star) |
|
|
It gives on 2 out of 43 AV programs a message. And not even a message that says it is. Just 'Suspicious' or 'Looks Like'.
I'd say it's not malicious, just false positives.
Attached is a Virus Total printout. If you don't even trust the printout, you can always submit it yourself 
[Updated on: Fri, 15 July 2011 09:25] Report message to a moderator |
|
|
|
| Re: your product steals my information [message #449648 is a reply to message #448824] |
Fri, 15 July 2011 13:49 |
 |
reborn
Messages: 3231
Registered: September 2004
Location: uk - london
Karma: 0
|
General (3 Stars) |
|
|
The program connects to v00d00.org to download the renguard master server list. It does this by downloading index.bin, which is processed by the client.
Who maintains the file hosted on v00d00.org? Why does it connect to v00d00's site, and not BHS's?
Would it be possible for the index.bin file to contain additional instructions to be processed by the client?
Try to visit v00d00.org in your browser... Likely just some asshat reported the site, or some dousche messed with it, but still...
I am not convinced that it's entirely harmless, but that's just me.
|
|
|
|
|
|
| Re: your product steals my information [message #449755 is a reply to message #448824] |
Wed, 20 July 2011 06:25 |
 |
danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
|
General (5 Stars) |
|
|
Actually as I recall the reason for the false positives is because its packaged using the same utility as a lot of malware is packaged with, hence some virus scanners just blindly assume its probably malware itself.
The packaging is also the reason it doesn't work on 64bit operating systems.
reborn;
I believe there are several URLs to download index.bin from (BRenBot certainly knows of more than one) to provide redundancy and, to some extent, load balancing. It *should* randomly choose from the available URLs, so you may find it connects to a different URL each time it is loaded.
[Updated on: Wed, 20 July 2011 06:27] Report message to a moderator |
|
|
|
|
|
Search
Help
Members
Register
Login
Home
