TDS-3 found three suspect files. Are these files trojans?

c:\hp\bin\python-2.2.1.exe
c:\program files\hewlett-packard\digital imaging\hpisinst
and a system restore point.

thanks in advance, Ken

Hi njustice, Here is the info' on Python: http://python.org/doc/Summary.html it appears to be a programming language. This maybe being used for some other purpose?

The next one does concern me: http://www.computing.net/security/wwwboard/forum/6011.html

Please copy the two files send to: submit@diamondcs.com.au for further analysis.

Zipping the files where they are will render them unusable for the time being and should be OK providing you notice no detrimental effects

Thank You. Pilli

Windows XP creates Restore points on major system changes or when requested: I is possible that TDS is detecting a Trojan trace that has been sved when a restore point was created.

QUOTE from XP's help file:

To change System Restore settings
You can change System Restore settings by:
Excluding a non-system drive so System Restore does not monitor or restore it
Resuming System Restore monitoring
Allocating more disk space to System Restore
Turning off System Restore
Turning on System Restore

Notes

System Restore is enabled on all drives when you first start your new computer or when the operating system is installed, unless you have less than 200 MB of available space on the hard disk (or the partition that contains your operating system folder).

If you do not have enough disk space available when your operating system is installed, then you must turn on System Restore, using the preceding steps, after you have made sufficient disk space available.

If you run out of disk space, System Restore becomes inactive. When you have made sufficient disk space available, System Restore is automatically activated, but all previous restore points are lost.

When System Restore is turned off on a partition or drive, all restore points stored on that partition or drive are deleted. Changes that are made on an excluded partition or drive are not reverted during a System Restore.

I almost forgot :) if you have the TDS3 trial copy please ensure that you have the latest radius file from here: http://tds.diamondcs.com.au/index.php?page=update Please follow the instructions foe a Manual update.
Do a full system scan with - In scan control tick all the boxes except for "Scan for clients & edit servers"

HTH Pilli

Sent files for analysis.....these programs are in the add/remove panel. Could they be removed from there as I don't use them.

Python 2.2.1
Python 2.2 combined Win32 extensions
HP Photo and Imaging 1.1-PhotoSmart Cameras <----don't use

You could leave them there (i suppose you zipped the exe files by now to make sure as Pilli advised above!) till you get answers from DCS. They might be ok if you installed them yourself as part of a program. If not, than it's another case.
The link Pilli posted indeed looks rather suspicious.
In case it's innocent then there is some code resembling other so with your submissions the database can be refined even more.
Just make sure you update each day mo-fr for a new scan.
Wayting for the DCS test results.

Is there any strange program started in the Process list or Autostart which you don't know?

If you, do not use them remove them :) as until analysed they could be malicious or legitimate files. As TDS is showing an alert it is always best to be on the safe side.

BTW did you scan with the latest radius file installed?

Pilli

Yes I scanned with the latest radial file.

When I tried to uninstall Python 2.2.1 I received a warning from Nortons AV.

Alert: Malicious Script Detected
Object: Filesystem Object
Activity: GetSpecial Folder

Your computer is halted and needs to do something about this script:
C:\PROGRA~1\HPINST~\uninstallclient.js Acme....Norton's gave me three choices, I chose to leave it for now.

How do I Zip the exe file?

Right click on them & select send to : Compressed (zipped) folder. the file name.zip will be created, then delete the original if you can.

Ok zipped up the exe. Can I just delete the python 2.2.1 exe within the folder?

Yes you can & if it is harmless once analysed then you can extract back again from the .zip file :)

Okay Philli....thank you for your time and patience.

Glad we could help, Can you post the results of the file analysis when completed please? As this may assist others in the future.

Thanks Pilli