Hello,

I downloaded and installed TDS 3 earlier today.Thought it a very smart collection of nick-knacks.

To be brief,I just ran a virus scan and the following TDS componant was flagged as W32 Malware by Norman Virus control.W32 malware is a term employed for un-identified viruses and trojans detected via Norman's revolutionary Sandbox Technology.

Here's the log:

Virus W32/Malware
Scan engine: 5.70.14, Nvcbin.def 5.70 (2004/08/17), Nvcmacro.def 5.70 (2004/08/17).
Login info: user xxxxx, host '$$$$$$$' .
Infected file C:\Program Files\TDS3\Ext.Plug\troports.exe
Quarantined file C:\Program Files\TDS3\Ext.Plug\troports.exe
Deleted file C:\Program Files\TDS3\Ext.Plug\troports.exe

Now,what I think has probably happened here is that perhaps certain parts of TDS resemble hacktools to an extent (triggering an fp).Or...horror of horrors,a virus has been co-incidentally dropped in the TDS directory.

So,I suppose I'm asking first and foremost for confirmation that this is indeed a legitimate componant of TDS?
I will of course be discussing this with Norman,because false positives make everyone look slack,don't they?

Many thanks for any insights.

Hi Befuddled & welcome,
Looks like an FP but to be sure here are the properties for Troports.
Created 1st March 1999
Size: 28,700 bytes
size on disk: 32,768 bytes
Version 1.0.0.0 - Company: Diamond Computer Systems Pty. Ltd.

HTH Pilli

Thank you,I'll take a look in quarantine.

I guess I've knackered the progrmme now,haven't I?DOH!

All alright.Identical to the properties specified.I safely restored it.I'll just check that TDS isn't damaged as a result.

Thanks for your help,Pilli!

BTW it's 4.36 am in the U.K. As TDS says "Don't stay up all night."

Glad about that :)
-{ Quote: "BTW it's 4.36 am in the U.K. As TDS says "Don't stay up all night."" }-
I was awoken by tinnitus, shall try to get more sleep when it calms down a bit.

Cheers. Pilli

Definitely not a trojan, but I would expect the sandbox says that file is malware mostly because it has the word trojan through it and connects to trojan ports.

Anyway, can you exclude it ?

Hello,Gavin,

Spoke to Norman HQ.Forwarded the file + relayed what both Pilli and yourself told me.
Norman says he'll sort it out,no problem.

To conclude-Norman released an update yesterday and troports.exe is no longer being flagged.

Thanks for the update!
Enjoy all your security software now even more :)

-{ Quote: "Hi Befuddled & welcome,
Looks like an FP but to be sure here are the properties for Troports.
Created 1st March 1999
Size: 28,700 bytes
size on disk: 32,768 bytes
Version 1.0.0.0 - Company: Diamond Computer Systems Pty. Ltd.

HTH Pilli" }-

Hi Pilli, just curious, my copy of the file has different values, as
28.5 KB (29,184 bytes) i.e. it's smaller, and
created Sunday, February 28, 1999, 23:51:19 PM

Now I downloaded the latest version, 3.2.2 final before V4

on 2003-07-12 Sat

Why do I have something different?

Jim

Time zones?
Maybe re-compiled for the current TDS version? Will be the same in functionallity.
And it might make a diffenrence in size displayed for the real file size and size on disk i've noticed various times. (XP, ME)

-{ Quote: "Time zones?
Maybe re-compiled for the current TDS version? Will be the same in functionallity.
And it might make a diffenrence in size displayed for the real file size and size on disk i've noticed various times. (XP, ME)" }-

Jooske, I'm running W2K with NTFS so that may be the answer.
thanks as always, Jim