Don't laugh guys, but I just finished a very scary detective novel. *They were tracking a computer cracker who started killing folks. * I downloaded the evaluation copy of TDS and found some suspicious files: *it didn't like some of my unusual file names. * :D

However, TDS also decided that a DOS help file, written in Qbasic was a worm. *

File Trace: Default trojan filename: Worm.SS-3 (Dwarf.b)
*File: C:\help.com

It's a valid file and works as it's supposed to. *Any advise here? *(Other than stop reading scary novels. :D)

thanks,
marti

I would scan the file with TrojanHunter, and see what/ if anything is reported. A second opinion never hurts.

I downloaded the evaulation copy of Trojan Hunter -- it didn't find any suspicious files.

I forgot to mention in my initial post that I have the purchased version of Pest Patrol. *PP has never found any suspicious files (I purchased it in August 2001).

marti

Hi Marty,
"Default trojan filename" with File Trace scanning means that it has simply found the presence of a filename that is known to be used only by a particular trojan. The SS-3 worm (which incidently has nothing to do with SS3 scripts) installs to c:\help.com (hard-coded), and is several years old but we've never had any other reports of c:\help.com existing (what's it doing in your root directory for starters? :)), so it's probably a good thing that it was detected. If it was the SS-3 Worm you would have also seen at least one other alarm - a positive identification.

Best regards,
Wayne

Hi Wayne,

I knew that it was not a worm/trojan, but was curious as to what your program found.

The DOS help files are in the root directory because that's where they are supposed to be. *:D *

thanks,
marti

I updated to the latest ref files this morning. *It does not find the "File Trace: Default trojan filename: Worm.SS-3 (Dwarf.b) *
*File: C:\help.com"

However, it still does not like my valid file name of xxx.bat.pif. *:D

marti

*
*

WormGuard would probably jump on that one too for various reasons.
Good to be warned.

Hi Jooske,

It's nice to be warned about a suspicious file. *However, the xxx.bat.pif file is a valid file and one that I created. *There does not seem to be a way to ignore certain files that show up during each scan.

thanks,
marti

TDS has scan options to exclude directories and sub directories, maybe you can do some with that? Although i prefer scanning all and i remember some finds from former times.

-{ Quote: "TDS has scan options to exclude directories and sub directories, maybe you can do some with that? Although i prefer scanning all and i remember some finds from former times." }-

Yes, I found that. *However, the file in question is in the send-to folder within the Win98SE directory. *I'm looking for a way to exclude unique files, without excluding the entire directory.

marti