Hello,
I would like to test the execution protection capability. Can you recommend of a trojan sample that is both safe and simple?
Thanks

Hello eyal_car, welcome to forums :)

Go here.. this is a trojansimulator.... ok....

Similar to an AV's Eicar test.

http://www.misec.net/trojansimulator/

-{ Quote: "For years you have been able to test your virus scanner with the harmless "Eicar" test file. Using the just released "Trojan Simulator" you can now test your trojan scanner in the same manner, using a harmless demonstration trojan. This is a risk-free way to see how your security software behaves in a real-world situation." }-

Have fun.... Cheers, TAS

TDS clearly detects this trojan sample but it didnt stop this from installing. i have TDS in the system tray, execution protection installed but when i installed this trojan sample, TDS didnt do anything. when i look in the task manager the trojan server is running, TDS is also running.

it only detected this sample when i click on reload. i then deleted the file with TDS hoping that it could clean all that remains of that sample but it only deleted the server, not the registry that it created.

now what if its a real trojan?

or is there something wrong with my settings?

Sorry sleepy for not getting back to you sooner, for some reason this post was not highlighted as 'new' for me after your reply, and only remembered it when I saw a similar post.

Anyhow, I noticed another thread exactly the same as this, where Pilli answered another user's query and the answer, about settings. Making sure you had Clients/EditServers checked in Scan Control settings, on the main GUI of TDS [attached pic to show you].

One thing, you stated that the registry entry was still there, that in itself is not a worry, the main serverclient was removed via TDS, just left a reg entry, however, :) ... it did say on the test site, to remove via the simulator itself [Uninstall] and that will remove everything completely...including the reg entry. You will have to have the TDS GUI up on screen to see results also.

In testing, I would run the test, see TDS response, but Unistall via the Simulator.

I personally haven't tried it, simply because I cannot even download it. ;D

Kaspersky 4.5 PRO [my AV] jumps up all over it, and stops download [it even says it's 'Not a Trojan', so cannot complain about that]. I have no intention of turning off KAV for a second, just to try a dl of it either. ;)

Cheers, TAS

A thread over at DSL Reports on this topic also :). Have a look here (http://www.dslreports.com/forum/remark,11151458~mode=flat).

Regards,
Jade.