I purchased a registration key and am running the full up version for the last couple days. *on the dslreports forum there was a thread where folks talked about how a different package didn't stop subseven when a guy downloaded it for a test. *Others talked about how their anti trojan software caught it without problem, so i went to wwx.subseven.ws/ and downloaded version 2.2 from mirror one. *It came as a zip file. *When I unzipped, NAV caught it so I had to delete the extract, disable NAV, and re-extract to a separate folder. *At this point, TDS hasn't given me a peep but that's ok 'cause I figure nothing has executed. *By the way, I THINK I have execution protection enabled. *I've gone to the TDS menu, selected execution protection/install, and I get a message that it's installed, but I can do it repeatedly and it tells me the same thing over and over *instead of saying something like "it's already installed you dolt". *I find this very confusing.

Anyway, I select the sub7.exe file and open it, confident that TDS-3 will leap into action and stop it dead in its tracks. *Nope. *It launches and I get a nifty black and blue little app. *How in the world is TDS-3 letting this thing fire up? *

I figure one of two things is happening. *Either TDS is missing it or I'm misconfigured, and the odds are the second option is a WHOLE lot more likely than the first, at least I hope it is. *But I've got everything I can see enabled and it's just not doing anything. *

Frankly, I'm very shaken right now and I'm REALLY hoping someone can straighten me out. *Please tell me what's going on here. *

Also, I tried to go to the private forum but it won't accept my name/access key combo when attempting to register, even though I'm copying and pasting it directly from the intro page. *So, I've got no way to get into the private forums.

Thanks

Rick

I need to add that when I select the sub7 folder for scanning that tds DOES find all the baddies, but that's of little comfort. *It needs to STOP them from EXECUTING, or it's worthless to me.

You must be misconfigured somehow. I went to the link you provided and went through the same steps and I tried to launch the editserver, server, and sub7 apps and it identified and stopped execution of each as shown below

18:44:32 [Screx] ¤ * *IRC * * ¤ @Dan_screx are now in #tds3.
19:25:21 [ExecProt] WARNING: c:\untrusted\sub7\editserver.exe has been blocked from executing
19:25:50 [ExecProt] WARNING: c:\untrusted\sub7\server.exe has been blocked from executing
19:26:03 [ExecProt] WARNING: c:\untrusted\sub7\sub7.exe has been blocked from executing

The fact that when you enable exec prot it seems as if it is doing so for the first time is normal (though I agree, unaesthetic) there must be something with your settings

On reviewing my own settings I see that for the "Initialization" part of the TDS3 Config window I have everything selected. That might be one place to check first.

Hi Rick
For the technical part of the s7 story i'm sure Wayne / Gavin will be able to explain.
As it is in the database so is caught.
If exec.prot is installed you see it with the next start in TDS in the first couple of lines.

When you scan, do you have all possible options checked and sensitivity on highest?

Is it the original s7 2.2 or a harmless test version?

If there is a problem with the private forum, please send an email to support@diamondcs.com.au with the username you tried to register as DCS has to unlock the forum for the users.

Dan, first, thank you for going to the trouble of downloading and testing. *I feel better knowing someone else with TDS-3 had it work the way I expected it to work. *

Re the config/startup tab, I have EVERYTHING under both initializations AND startup scanning selected, on config/options I do NOT have mIRC DDE enabled (looks like it's script related and I'm not that far along yet), and none of the rest looks like it's relevant to this discussion.

I dont' know where else to look or what to do.

What OS are you running? I am operating on Win2Kpro SP2.

How about Jooske's suggestion on looking at the startup lines it should be something along the same lines as

19:55:04 [Init] Trojan Defence Suite v3.2.0 *- Registered to Dan Perez
19:55:04 [Init] Started 05-04-02 19:55:04 Pacific Standard Time (UTC: 8), Internet Time @1204.91
19:55:04 [Init] Loading TDS-3 Systems ...
19:55:04 [Init] • Priority * * * * : * OK.
19:55:04 [Init] Token successfully adjusted.
19:55:04 [Init] • TDS Privileges * : * OK. * * *Adjusted TDS-3 token privileges to maximum
19:55:06 [Init] • Plugins * * * * *: * OK. * * *Loaded 21
19:55:06 [Init] • Exec Protection *: * OK. * * *Installed
19:55:08 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
19:55:15 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
19:55:15 [Init] • Systems Initialised [12196 references - 3715 primaries/2827 traces/5654 variants/other]
19:55:15 [Init] Radius Systems loaded. <Databases updated 05-04-2002>
19:55:15 [Init] TDS-3 Ready. <Dan@192.168.1.210, 127.0.0.1 - United States>
19:55:16 [Tip Of The Day] If you regularly query certain computers, add them to the default Target Host list by clicking System Analysis | View File | Default Target Host List
19:55:16 [TDS] Good evening Dan. Go home! The weekend is here at last!

yeah, it says execution protection is installed on startup.

jooske, please look at my response above and tell me if there are any other settings I need to be looking at. *One thing I didn't mention, I've also got both trojans and worms enabled for checking.

and yeah, it's not a harmless test version near as I can tell, it's the real 2.2.

On the Scan Control Config (Which I am not sure applies here) I have everything selected on the Deep Search side; on the advanced scan side I have everything except Show NTFS ADS streams and EICAR strings checked

On the Generic Detection tab, I have both options selected and the sensitivity set to the second highest setting

DID YOU UPDATE WHEN YOU FIRST GOT IT LIKE I SAID TO=)

WHY WOULD YOU PURPOSELY INFECT COMPUTER OUT RIGHT COMIT SUCIDE WHEN YOU JUST GOT TDS?

i would had ask some one here with experince to tell me if tds workd on it and how to config mine so it protects me.

DID YOU UPDATE WHEN YOU FIRST GOT IT LIKE I SAID TO=)

ps you shouldnt hang around those guys that gave you sub 7 bad cyber candy were you presured.

it was pure presure wasnt it?

one of the bigger kids open up his trench coat and said have a sub 7 the first ones free didnt he=) blaze wink eye.

Bad mo jo joe jo=)

Dan....i have EVERYTHING on that screen checked, both under deep search and advanced scan. *On the generic options, I have the same settings as you.

Mr Blaze...yes, I immediately updated the definitions. *And as to why I would download and run sub7, the answer should be obvious. *I wanted to verify I have tds-3 properly installed and configured and that it's doing it's job. *Obviously the test was worthwhile because something isn't working properly for some reason. *I wasn't protected, yet I thought I was. *

some environmental info to provide in case this proves helpful...

My OS is XP Home. *I'm also running NAV2002 (though it was disabled during this testing because the first time through it found everything and deleted it - i had to disable and re-download and re-extract). *I've also got Zone Alarm Pro 3.x and Proxomitron running with ZX's custom scripts.

Well I THINK we have exhausted all possibilities as to the config then. But clearly something is preventing your install from working right (I loaded from the same mirror site as you and it prevents execution on my system) and their own staff would be better able to help you on that side. I think your decision to load Sub7 as a test was obviously warranted!

In case the info comes in handy to yourself or to TDS, the MD5 Hashes of the three main executables are as follows

editserver.exe D2BD19DF36EFC420A96785440A4E3408

server.exe 22B144AD5B597FDE1825B85E2DB8C800

sub7.exe 1F846F68CE5F19B4927CCE64E1C90BCF

Sorry I couldn't help you get it resolved.

As a quick followup on the environment side;

I also have ZApro 3.x as well as WormGuard and Kaspersky AV Pro (though I disabled the latter for the tests)

Dan, thanks again for all your assistance this evening. *I greatly appreciate it. *At least I can rest easy knowing it's not the app per se, but something about how it's working on MY system. *It sure LOOKS like I've got this thing tightened down, but to see that sub7 app start right up scared the hell out of me. *I sure do look forward to hearing from the folks at DCS on this.

No Problem. Glad to be of help. The only time I had occasion to email support (the private forum logon issue) I got a reply within two minutes so they should be able to get back to you soon once they receive your email.

Good Luck.

Thought I'd post what comes up at the startup just to throw some addl info out there.

22:03:36 [Init] Trojan Defence Suite v3.2.0 *- Registered to Richard Mathes
22:03:36 [Init] Started 05-04-02 22:03:36 Pacific Standard Time (UTC: 8), Internet Time @1294.17
22:03:36 [Init] Loading TDS-3 Systems ...
22:03:37 [Init] • Priority * * * * : * OK.
22:03:37 [Init] Token successfully adjusted.
22:03:37 [Init] • TDS Privileges * : * OK. * * *Adjusted TDS-3 token privileges to maximum
22:03:37 [Init] • Plugins * * * * *: * OK. * * *Loaded 13
22:03:37 [Init] • Exec Protection *: * OK. * * *Installed
22:03:40 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
22:03:43 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
22:03:43 [Init] • Systems Initialised [12196 references - 3715 primaries/2827 traces/5654 variants/other]
22:03:43 [Init] Radius Systems loaded. <Databases updated 05-04-2002>
22:03:43 [Init] TDS-3 Ready. <Rick@192.168.1.100, 127.0.0.1 - United States>

Hi all
Rick and Dan, are you at the same ISP?
I IM'd DCS in the meantime, realising it's weekend there, but i'm sure if Wayne or Gavin is able to he'll answer as soon as possible and explain the tech parts here.
You run XP, i don't so i can't advice much in that part, but i read in the private forum people installed on that TDS both as an administrator and as a normal user on their system, so twice, for ultimate protection. Might be an idea to try?
Think you don't need to unzip the nasty btw, as TDS does scan inside zips as well, so in a right click from explorer, going into the zip to click on running it, it should give the wanted alarms.
You might like to create in the TDS directory an extra folder "ScanAlerts" for instance, in which you store all that kind of nasties and whatever you might receive in infected emails, to build a nice test database. If you zip them, they can't do much harm nor be found by intruders that easily if they ever would scan your system. So you have some to show you the scans work and don't allow you other scanners to delete/disinfect/quarantine whatever; i have them alerting but further the other scanners are not allowed to touch them at all :)

Wormguard 3 you can try, on the one XP it works fine, on others there might be some problems, reason for DCS not to recommend it on XP on their site this moment; in v4 this should be all solved in a whole new engine.

ZAPro 3 runs normal with TDS.

Hey Jooske,

I doubt if Rick and I use the same ISP. If you were going by the local addresses shown in the TDS output we are just using the same private Class C network scheme and having our network firewall do the NAT at the perimeter of the network. I use a dual-homed OpenBSD machine as a firewall and have another OpenBSD box running Snort as an IDS interior to this on a hub where my other stations are.

;)

Yep, sorry, i realised and you reacted already before i could edit that part.
In my identification it gives my modem or netcard connection first, my IP at my ISP, my local machine, my location; your scheme i should have recognized.
Time to rebuild one of my 486s to a FW when i'm ready for that part of education how to.
There'are still so many wishes, like running an own server, so before that the FW part and configuration should all be ok!
So you understand i like to look in packets etc what they are, as possible with TDS in which you're even able to change them.

Heh, heh...

Sorry I reacted to your message so quickly! Now the whole world KNOWS you made a mistake *;D

Please try downloading the v3.2.1 update (~800kb) from http://tds.diamondcs.com.au and re-test the execution protection, it should comfortably intercept and block the execution of any Sub7 server
Let me know how it goes!

Best regards,
Wayne

Dan, doesn't matter, i'm not all computerized yet, still human :P

Wayne thanks for the advice.
So maybe not necessary to install TDS on the XP another time both as administrator and as a user to be all sure (it shouldn't, but...)?

Jooske......yeah, I have to unzip it because that's the only way to actually RUN it. *I'm not concerned with tds catching in when I manually select to scan the folder. *I'm testing my real time protection and unless I'm misstaken, I actually have to launch one of these bad boys to do that.

I'm going to try Wayne's suggestion and see what happens. *I downloaded the update file, but I'm unclear what to do with the unzipped contents, if I just copy the files into the same folder as my tds-3 install or what, so i've uninstalled the whole of tds-3, am downloading and will reinstlal 3.2.1 and see what happens. *I would think, though, that 3.2.0 should've caught it.

Nono. the update is to be unzipped in the TDS-3 folder, as it is updating and adding 42 files to TDS in several places in the system. The main TDS.exe is not changed though, so you will see still 3.2.0 in your console at the restart running the update, don't let this confuse you.
Hope you soon get your access key to the private forum too, where we discussed a few things like these i'm describing now.

When i want to know what's in a file, after downloading i first scan it *before running or unpacking. So if you know you have this nasty by it's tail, put it into that ScanAlerts folder i suggested you make inside TDS to know where to store your test materials. When you right-click on a file, you have the option (in explorer) to extract the thing somehow. I press "cancel" but i am in the folder looking at the various files there. So that moment you can do what you like, look at them, click them to run, and you could right-click them again from there for a scan either try to run them, in which moment the exec protection would jump up to alarm or block the thing, etc. * *

Ok, some good news, and a minor concern. *After uninstalling and reinstalling with 3.2.1., the trojan now cannot execute. *When i attempt to launch them, i get this showing up in tds:

07:57:39 [ExecProt] WARNING: c:\my downloads\sub7\sub7.exe has been blocked from executing
07:58:14 [ExecProt] WARNING: c:\my downloads\sub7\sin.exe has been blocked from executing
07:58:27 [ExecProt] WARNING: c:\my downloads\sub7\editserver.exe has been blocked from executing

The concern I have is, tds-3 gave me NO NOTICE that it had done this. *I have it running minimized in my sys tray. *If I hadn't right clicked on it and selected 'show', i wouldn't have known that a nasty was trying to launch. *So, how do I configure tds-3 to TELL ME when it's stopped a nasty?

I don't know what's different now, but at least it's working so that makes me VERY happy. *One thing I noticed when I did the uninstall, I could not delete the exec protect dll until i rebooted. *Something was still using it, so I don't know if repeated attempts to install execution protection locked it up or something, maybe that was it. *

One other thing, the only way I could find to check accurately what version I was running was in the control panel/add or remove programs app. *There it listed tds as 3.2.1.. *I find it very confusing that when it initially loads it shows the wrong version, and in the help/about menu it shows NO VERSION. *This is something that should be remedied.

{QUOTE-> One other thing, the only way I could find to check accurately what version I was running was in the control panel/add or remove programs app. *There it listed tds as 3.2.1.. *I find it very confusing that when it initially loads it shows the wrong version, and in the help/about menu it shows NO VERSION. *This is something that should be remedied. <-QUOTE}
Agreed ! *I was about to download again, thinking i had downloaded *wrong version !

In the private forum Wayne posted, they have not changed the tds.exe, so we keep for the moment the 3.2.0. displayed in our console. Not sure if they change that in a coming new version. Now we know this, i don't really mind.
It is true" before uninstalling TDS you should uninstall the exec protection, as this hooks or is hooked to by Windows for all executables. After uninstalling the exec protection you can uninstall TDS (might be you need the reboot as windows keeps hold on it really tight) and you can continue.
Now you get the warnings as you should, it seems you're better installed now somehow.
I run TDS big, till it finishes all the scanning at starting TDS, to see if there is anything which needs attention, like changes in autostart or other alerts.
After i might click it under another window or minimize it, just depends.
I think it must be possible to write a little script with voice telling about alerts or when the full system scan is finished to tell this and include something like "fss is finished, xx alerts found on drive C, xxx on drive D, (etc) which needs your attention." Same can be done in the startup procedure or like your exec protection alerts. I'm used to the WormGuard popping up in case of alerts, till now (knock on wood) never had an exec prot alert, can imagine your wish for a popup/ sound/ voice alarm. * *
For sure Wayne is alerted to add such wishes to the wishlist by now.
The one thing i can add: when i check /right click scan a file i first look at the scan results before doing anything at all with it any further, so i would have had the TDS console large and checking the results.........

jooske......are you telling me that it's standard functionality that if tds-3 execution protection stops something from executing, that it's NOT going to present an alert message to me telling me about it? *You've gotta be kidding me. *What am I supposed to do, bring up TDS every few hours and make sure nothing's happening? *That's what I paid $50 for. *If TDS won't even do that, I'm might have to reevaluate my choice in anti trojan software. *That seems pretty darn basic to me. *If there's a problem and something is trying to run on my system, TELL ME ABOUT IT!

And yeah, when it first fires up and does startup scanning, I keep it maximized, too. *But once it's completed I minimize it to the systray. *From that point forward, I should be able to forget about it unless there's a problem, at which point tds should notify me that something is going on. *If it doesn't, that's a HUGE problem in my estimation.

Like said, i never had an exec prot alert myself yet, so i am not sure about the way how we get an alarm for that. Better ask Wayne/Gavin about that, or the guys who tested that part.
The snippit from the alert from you and Dan is from the console text.
With WG i get the console popping up to do my stuff, not sure if exec prot would just block the thing from executing completely or give you options to do more with it, like examening the file, delete it, send it in, run it anyway, whatever........
What did you get exactly for an alert this time of which you posted the snipped? If it is blocked anyway completely it can not harm, of course.
I'll post in the private forum asking this part. Hope you have access there soon too to study all!

hi jooske.....thanks for asking for this info and taking it to the private forum. *i tried registering again last night and again it didn't work.

i had tds running minimized in the sys tray when I attempted to launch sub7. *nothing at all happened on my screen. *nothing. *so, i right clicked on the tds-3 icon and selected show and saw the messages in the control panel. *that's what i copied and pasted.

here's my gig: *after initial startup scan, I don't want to be thinking about trojan protection. *in fact, in xp i want to select 'always hide' for the tds icon so it doesn't even show. *i don't want to ever think about it unless i NEED to think about it, and if i don't get something popping up when execution protection runs, then i'll have no choice but to periodically 'show' tds, and I don't want to have to do that, i have enough to think about. *that's what i'm paying tds-3 to do for me. *Stopping it is one part, albeit the most important part, of the process, but if it doesn't TELL me about it so I can delete the offender, then it's not doing the complete job.

{QUOTE-> I don't want to be thinking about trojan protection. *in fact, in xp i want to select 'always hide' for the tds icon so it doesn't even show. <-QUOTE}

:) I understand what you're saying here - TDS is actually working exactly the way I want it to, just the way it is. Good programs should do exactly what they claim to do and not distract me in the process.

However, it would be nice (for the people who want it) to have on-screen alerts when something evil is attempting to happen. All of your firewalls have that selectable feature (whether to show alerts or not) AFAIK, so it shouldn't be that hard to add it (if it is, indeed, absent) - maybe in TDS-4? Pete

You would see it when examining the console and results of full system scans, with all the kind of opportunities to look deeper into the alerts.
For me TDS is kind of central basic tool from which i do a lot of other tasks, as you have seen in the few fun scripts, but of course there are also lots of serious tasks like analysing and protecting etc. I know the FW is blocking most of the intruders, TDS is a second block behind that and a possibility to look into data streams (so i ever discovered the CodeRed packets with the port listen) and a lot more for analysing intruders and connections, processes, of course all that analyses in the memory and files, etc etc etc and so much more we discover little by little.
TDS is not exactly a trojan scanner which detects and deletes a nasty automatically, as it is now it runs behind/working together with the firewall, and beside AV/AT software, an a lot of tools to actually handle files, connections, data, processes.
Not to forget the NTFS files, even able to strip them (there is a nice explanation on the DCS site about that), and so much more........
Nobody knows yet how the TDSuite 4 looks like, maybe more options, maybe more background options, i really don't know yet! At least the new suite will be surprising, not to forget the WormGuard with that.
The latter runs all in the background, popping up when needed for an alert like i think exactly you want it to.

Edited:
PS: you did in the meantime send a registration requests for the private forum to support@diamondcs.com.au i think? (with the name and i think the email address you used for your TDs registration?) You should have it now really soon, for sure, first thing monday morning i guess.

S_F - Guess you realize that people here would be trying to help you more with your registration issue at the private forum, but since you're not registered here, no one knows who to tell them to help (maybe you giving them your screen name here when you email them might help?). Pete

Pete.....as Jooske recommended, I've sent an email to the support email addy. *In addition, Wayne said he's working on it this weekend, so hopefully all will be remedied soon.

It appears you understand my point exactly. *I don't want to see NAV, ZAP OR TDS in my sys tray. *I have no reason to. *The basic assumption with the first two is, unless those programs tell me differently, they're doing their jobs and all is well. *I would sure like TDS to work in similar fashion. *

See, with me the problem is, I'm kind of an anal retentive kind of guy, so if there is the POSSIBILITY that a rat is trying to execute but I don't know about it because TDS won't popup an alert message, then in the back of my mind I"ll always be wondering if all is well. *I just don't want to devote the mental space to it. *I want to 'fire and forget', with emphasis on the FORGET part.

If this capability is not present in the package, I see two ways to remedy it. *First is a simple alert box. *The other is, if execution protection fires off to stop something, then simply auto-maximize the screen console and let the message that's already there serve this purpose. *Either way is fine with me, just don't make me go looking to make sure all is well. *That's silly.

Pete, part II.....that said, your suggestion to register here was a good one, not doing so previously was an oversight, not a conscious choice.

Now that has been remedied.

:)

Hi Soul_Flame
welcome as a registered user of this forum again :)

I have my FW as well to only popup real hard things, all the rest is just logged.
With TDS could be ok the maximizing console for real alerts as well. Like said, after a scan i always check the finds before closing the thing.
Any special extra alert read from the console in a SS3 script can be done, of course, depending if you would run other scripts as well (one a a time this moment, but jumps between scripts are possible of course.)

Soul_Flame - Thanks for registering! I'm glad to hear your problem's getting addressed and wish you the best of luck.

According to another post I'm reading here, there may still be problems after your registration on the private forum - I'm hoping nothing like that affects you!

I, too, had to have Gavin do my registration manually - but once he did, I never had a problem logging in or moving about the board there. Pete

There are two URLs possible; for me the one causes the problems mentioned, the other goes smoothly, since i changed the settings as i was told to, and via the console i can get in all time ever since.
Hope this works for every member!
This is no abracadabra, the members will know :)

The alerting part: Gavin emailed you personally in the meantime and some is added to the wishlist for v4.

Just wanted to close the loop on this topic, especially for anyone who is reading this who is considering purchase of TDS-3. *Gavin from DCS DID indeed email me, several times in fact. *We had an nice exchange of emails and the bottom line is they WILL be adding some time of alert notification to TDS-4. * *It may be a flashing icon in the systray, or an explicit alert message, but SOMETHING will happen which will inform the user there is something for them to do. *

I'm gratified by this for two reasons. *First, it's something the product absolutely needs. *Second, it shows me a very encouraging level of responsiveness by DCS towards their customer base. *I'm not dialed into the time difference between California and Australia, but I'll bet I had emails on the registration and alert issues very early on their Monday morning. *Can't ask for more than that.

Thanks to everyone who participated and offerred assistance.

Oh, and Spy1, I had to tell you this after reading your signature about caffeine. *I saw a bumpersticker at a coffee shop once that I thought was hilarious:

"Drink coffee. *Do stupid things faster and with more energy!"

Good to hear! A satisfactory resolution for your (and others) concerns, and a chuckle at the end!

Doesn't get much better, indeed! Pete

{QUOTE-> it shows me a very encouraging level of responsiveness by DCS towards their customer base...[sni]...Can't ask for more than that. <-QUOTE}
More than ever, I'm convinced to accept TDS-4 (when it appears) and acquire (don't panic, I mean buy) when V4 appears. *:)

Waitamminit - previous post - guest? *Guest? *I'm logged in, for Pity's sake!

Hey, Paul! *It's gone wrong again!!

Hi, glad to hear about the contacts. We here have a saying "new brooms wipe clean" of which i don't know an english equivalent, but it means new people can have fresh ideas in an existing situation, and you proof it here again as truth.
Version 4 will have many more nice parts, for sure, we're all looking at.
If you now also have your access to the private forum in order we are all very happy! Looking forward to read you there too!
Think all operators do share your feelings for the support and the family feeling.

{QUOTE-> We here have a saying "new brooms wipe clean" of which i don't know an english equivalent <-QUOTE}
Almost identical, Jooske. *"A new broom sweeps clean."

Hey Checkout (and any lurkers out there)......that's a sound approach. *I"ll tell ya, I devoted a LOT of mental energy and not an insignificant amount of time researching anti trojan software and I feel confident that TDS-3 is the most technically advanced product on the market. *When I was asking questions both before I purchased, and with respect to this thread, both Wayne and Gavin were kind enough to send me personal emails, some of which shared some of the enhancements that are coming in TDS-4. *I don't know if what they shared is common knowledge or not, so I'll keep it to myself so as not to share something that perhaps wasn't meant for public consumption, but I will say this. *Right now, I feel a credible case can be made that TDS-3 is the strongest anti trojan package going. *With what I know is coming in TDS-4, * it won't even be close. *TDS will be miles ahead of any competitor in the field. *It's gonna be very, very cool. *I'd strongly suggest anyone reading this thread to get onboard with TDS, because you're gonna really like where this train is going.

It's not common knowledge Soul-flame. Once you can access and post a lot in the private forum you might get the status of beta-tester there and be among the first to test all those new gems.
For sure they suit the name of this gem for their company name, brilliantly, don't they in every sense?

The problem can rise when they are far ahead of hackers and trojan/worm writers, how to keep them busy?

Jooske.....yeah, beta testing this product would be awesome. *My job is actually as a software designer and tester for a relatively small company that makes manufacturing software for aerospace and defense companies. *

I haven't had time to test my access to the private forums yet, but will do so probably later today. *See you there!

Interesting job Soul-Flame, there will be certainly enough work for you. So get your private access and post a lot ; with all your investigation and the brilliant ideas (and attitude) you've exposed already you might win the beta-tester status soon.

Conejo/Soul_Flame, I'm glad you were able to resolve your problem regarding SubSeven, and can now feel confident in TDS-3's execution scanning.

I have a few viruses and trojans on my machine on purpose to make sure TDS-3 *and NOD32 are operating properly. If they miss these files, I know there is a problem.

{QUOTE-> I have a few viruses and trojans on my machine on purpose to make sure TDS-3 *and NOD32 are operating properly. If they miss these files, I know there is a problem. <-QUOTE}

Its nice to know Im not the only insane person. *:P
(I downloaded and attempted to infect myself with Sub7)
AVG wouldnt let me (and I didnt disable it) but a TDS-3 system scan turned up all the files (first in the compressed file and later in the recycle bin)

Think maybe Ill load a few onto a CD for testing, keeping them on a HDD is just a bit scary.

In fact you're right (yes, two words, and fact with an A !)
I have several in the test zoo as well, and putting them somewhere apart would be better.

{QUOTE-> TDS is not exactly a trojan scanner which detects and deletes a nasty automatically, as it is now it runs behind/working together with the firewall, and beside AV/AT software, an a lot of tools to actually handle files, connections, data, processes.
<-QUOTE}

hello jooske,

do you mean that TDS3 would not clean my system of trojans? *based on the TDS logs of the other posts, does execprot and TDS just stop the trojan but not clean or delete it? *would you please correct me if i misunderstood you?

Hi Zak_dashiell,

It is stopped from running indeed, and you are alerted which file it is all about, so you can investigate and decide to delete it or whatever you want with it.
In the Helpfile is a very nice illustration and explanation how it works and what we can do under
Disinfection - Removing trojans; while there are fine explanations about hunting even unknown trojans, the hidden datastreams and cleaning (NTFS data streams) etc. And the Scan alerts and quarantine parts give very good explanation how and what to as well.
I'm happy with the possibilities to look deeper into the alerts and find out when and maybe how they came on my system.
With unchecking "scan for compressed executables" you would get only the life infections, with checking that option you get them all in zip files too.

I don't know what more to expect in this area in the new v4 later this year.

{QUOTE-> Hi Zak_dashiell,

It is stopped from running indeed, and you are alerted which file it is all about, so you can investigate and decide to delete it or whatever you want with it.
<-QUOTE}

thanks a lot Jooske... now i am more confident that my tds can and will really do what it is intended for... actually just right now, it caught 4 "possible keylogger"s in 4 system volume information folders... does this mean they are in the system restore files?... i just wonder how they come to be there with tds' execprot enabled... maybe it was the time before i opened tds (i don't autostart it)... i just deleted them from tds... could i still use these files if the need arises?... the parts i deleted were dll files...

You say it said "possible keyloggers" so these were no defenite identifications. Gavin recently added a few hundreds more detections of keyloggers codes to the references, so lots of programs which were on your system might have such suspicious code in them.
If you don't know the code/files they are in, do submit them to TDS lab, so they can investigate for you if they are and if not that enables them to refine the database even more and prevent possible false positives that way.

Restore? which windows version are you using?
In infections removal instructions i see often people first disable restore, then remove the files, reboot and enable restore again (winME for instance)

Exec protection blocks files from running/executing, but it is not on your ports blocking them from entrance on your system. I think you have your firewall, maybe WormGuard, email scanning and scanning of every new download on your system for that part.
You look what is alarmed on, is it a file you know, was it recently modified, are you able to compare it with a possible original? or wehere there legal resons for the changes like a new install, update, etc.

I'm not deleting when i'm not sure! zipping them or renaming their extension, submitting to the lab and ask advice in cases. You might still have them in the restore and have another look. See if there are strange processes, were there autoexec notifications and changes there, etc.
The helpfile gives such fine instructions with step by step images for "how to hunt an unknown trojan" for instance, i'm sure this part gives you lots of insights and confidence how to handle and not to panic.
With this i lost my fear for intruders and infections, as with TDS we are able to handle and get educated in how to handle too.
You could even zip them, see if the system still functions and in the scan disable the "scan compressed exes" to know if there are life infections/keyloggers, after you might like to enable that again.
Even in windows original install files you'll find a warning for a file with password stealing capacity, i just leave it there. Etc.....

Interesting in this matter is also Wayne's answer in this thread:
http://www.security-pro.co.uk/yabb/YaBB.pl?board=dcstds;action=display;num=1022210943

So the future v4 might offer some relief :) in this kind of matters, be it that we still are on the watch what to do in cases of alarms.

Greetings to you all
I was thinking of buying and using TDS after i got hit with subseven *and i was talking about *buying TDS in chat on irc and a lot of people gave me and the whole room this url
http://www.geocities.com/hellfirez65/

which seems to me contains a pretty bad review of TDS now dont get me wrong i have no problem with TDS i was just would like to know whats what before i shell out my money

can you help with this
Thanks

Hello Master,
welcome here.
That's been an old discussion all over internet, which you might find in about every security forum and newsgroup, GRC and DSL among others.
The question is not really difficult: let us put it this way: the one developer likes his product because of some reasons or other emotions. The other develops quality and security for their users in the first place.
I like the TDS as a user because i look at quality and what i can do with it, the further developments and what i experience for my safety. DCS on their sites say "please shop around" and that is exactly what i did and i'm glad it convinced me TDS is the right product for me. Not to forget the wonderful support in every way and the new products in the build. I know DCS is based on a very trustworthy company and i like their way of doing business and the support, the education, the operators helping others, the two official forums, etc etc.
You can only test drive TDS yourself and look if you like it; for that is a trial version you can download at http://www.diamondcs.com.au
Please tell how you like your trial!

Hello The_master... please take a careful look over "Hellfirez" site. There isn't an ounce of credibility to this person. He attacked Steve Gibson and the GRC servers when Steve called him a "script kiddie" - this is the sort of person "Hellfirez" is. His real name is Gavin Holmes and his URL used to be http://websites.ntl.com/~gavin.holmes/
He was exposed several years ago as having links to Lockdown and Michael Paris, and he has written and released several worms and trojans.
I wouldn't trust a review this guy wrote on _any_ program, let alone an anti-trojan program. He wrote that review in the peak of his work to promote Lockdown while attacking TDS at the same time.

If you want a Sub7 detection review that isn't bias, I recommend Eric L. Howes' independent anti-trojan tests - http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm
They're very comprehensive unlike virtually all other tests I've seen

Best regards,
Wayne

Hi The_master_,

The version of TDS used was not even updated. While this has already been discussed by many, just let me point that simple point out. SubSeven 2.2 which was tested, was released long after the TDS version on "trial"

Unfortunately I cannot be sure of the database reference count at the time which is a pity, because since joining DCS I have added a huge number of trojans to detection. The reference count back then would have been below 7000, it now comes close to 14500 with tonight's update which is nearly ready.. please just test drive it yourself :)

You may refer to Eric Howe's more unbiased tests, which are very thorough, and using one of the most common trojans, and some compressed variants

http://www.staff.uiuc.edu/~ehowes/trojans/tr-tests.htm

Ya I noticed that too. The TDS-3 console said updated 95 days ago, and hellfire says that the sub7 version was 30 days old. Odd no?

Oh well, I personally don't have time for that stuff. I have sub7 on my machine in a folder and TDS-3 has no trouble detecting it.

To be sure, download the trials of many AT progs and make your own decision. That is the only way to see through all the BS.