best anti-trojan software

What you say sir?? Me no comprenday(sp)

 

What you say sir?? Me no comprenday(sp)


Yo Pretender


Go With The Flow


Robert

 

TrojanHunterz can't cope with Armadillo packer. use it with Optix Killer: will finish it once and for all. .

 

What is Armadillo packer ?

Optic Killer is in TrojansHunters data base. So i really don't know where you are coming from.

Regards Judgedredd

 

Not true, TrojanHunter does deal correctly with the Armadillo packer, and identifies trojans packed with it.

 

Hi Magnus,

I didn't know.

Great product, indeed.

I'll try to use FSG 1.33 or PEBundle 2.36 with Exe Bundle 2.2
on a known trojan and see if I can cheat TH

Hold on the rope

 

Partly right. Any memory scanning packer has problems with Armadillo. Its quite easy to say why ...

Armadillo has several packing and crypting modes. A few modes are using memory copy and encryption techniques. This means only a few parts of the exe file are unpacked and decrypted in memory.

Every programm consists of a main routine and several subroutines. Most packer (as far as i know all besides Armadillo) will unpack the main and the subroutines if the program is started. So memory scanning is no problem.

Armadillo will in some cases (if you are using special settings) only unpack the main routine and leave the other things packed/crypted. Than it runs the main routine and if a subroutine is called it will unpack/decrypt it.

There are several mechanisms Armadillo uses. It depends on how good/bad the chosen signatures are. If you take a signature of the main routine there wouldn't be a real problem. If you use a signature of one of a subroutine the chances are high that it will miss the trojan.

TrojanHunter can most times deal with armadillo packed trojans. It has only some problems if you pack a very tiny trojan.

BTW:
This behaviour of Armadillo is the reason why most av programs that uses unpacking like mc afee or kav had big problems with Armadillo and still have few problems.

 

TrojanHunter correctly identifies and removes Armadillo-packed trojans protected even with the highest Armadillo security level. If anyone has any other information or findings, I welcome them to e-mail security@misec.net describing the problem, but as of now there are no known issues with Armadillo or any other packer.

 

Magnus - Are there any known conflicts between TH and TDS?

Or, is there anything special you have to do if you want to have both programs on your computer? Pete

 

No conflicts have been reported that I know of.

 

Spy1.I have Trojan Hunter and TDS-3.I have TH guard always running and TDS-3 has exec protect activated.I do a full system scan with each program on average once a week.I haven't had any problems whatsoever yet!