Check individual file

Discussion in 'Trojan Defence Suite' started by Cobalt, May 1, 2002.

Thread Status:
Not open for further replies.
  1. Cobalt

    Cobalt Guest

    Is it possible to check individual files with TDS3?
    If so, how?
    Cheers, C
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    there is a registry key that can be altered to do this, TDS4 has it incorporated, but TDS3 need this little change. I have a ss3 script that uses the wsh object model to make this entry for you. You will probably see two entries in the right click menu for folders but no harm should be done. Some people could not get the file to work properly but I do not beleive it did any damage. (they did however get rather irate snicker...)

    This file must be loaded by TDS3 (not run, loaded. This is important) The Windows scripting host must be present on your machine for this script to be useful. If you don't know what that is, there is close to unlimited resources here : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/html/wsoriWindowsScriptHost.asp

    This file alters your registry, use at own risk, no warranty expressed or implied. I will not assume responsibility for any damages that may occur while or after this file is loaded.

    Code:
    '//****************************************************************************************//
    '//     Name: RightClickFile.ss3                                                           //
    '//  Purpose: Enter Registry keys to allow file right click functionality for TDS-3        //
    '//  Credits: Code to write registry keys borrowed from Registry.ss3 written by DiamondCS  //
    '//****************************************************************************************//
    'You are free to modify and distribute this SS3 script at will.
    
    'Write to a registry value
    Sub xRegWrite(Regkey,RegValue)
     Dim RegObj
     Set RegObj = CreateObject("WScript.Shell")
     RegObj.RegWrite RegKey,RegValue
    End Sub
    
    Sub AddKey                            ' adds the key
     Dim strTDSdir, strKey
    
      strTDSdir = SysVar("tds.path")                      'Find TDS-3 directory
      strTDSdir = strTDSdir & "\TDS-3.exe -scanf %1"      'Build the key value
      
    
      'build the key
      strKey = "HKEY_CLASSES_ROOT\*\shell\Scan with TDS-3\command\"
    
      'Call the function to add the key
      Call xRegWrite(strKey,strTDSdir)
    End Sub
    
    Sub RegWriteComplete
      speak "Registry keys have been successfully created. Happy scanning!"
      Call AddLine("\plain\f3\fs18\cf12 TDS Registry assos", "\plain\f3\fs18\cf3<= Registry keys created. =>")
      Call AddLine("\plain\f3\fs18\cf12 TDS Registry assos", "\plain\f3\fs18\cf3<= Happy scanning!        =>")
    
    End Sub
    
    Sub Main
      speak "Creating..."
      Call AddLine("\plain\f3\fs18\cf12 TDS Registry assos", "\plain\f3\fs18\cf3<= Creating...            =>")
      Call AddKey
      Call RegWriteComplete
    End Sub
    
    
     
  3. FanJ

    FanJ Guest

    And without that script that Unicron posted, you can still scan a folder with TDS-3.
     
  4. Cobalt

    Cobalt Guest

    Thanks Unicron and FanJ - that registry deal is WAY over my head, but I poked around and have worked out how to check the relevant  folder. Cheers, C
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Cobalt,
    Getting my nose away from the MSAgents stuff:
    the SS3 script Unicron posted, just copy the whole grey part in the TDS Console > SS3 > SS3 Editor
    Save in the TDS-3\Scripts as RightClickFile.ss3
    close it and load it as Unicron explained.
    It does add the right-click option to the mouse menu so you can scan the file you want.
    On the private forum only heard positive results from the people, so you can try it.
    Lazy as i am at times i take a whole folder quite often too :)
    Good luck!
     
  6. Cobalt

    Cobalt Guest

    Thanks for the help Jooske - I've loaded the script, and I think it's working - when I right click a file I get the option to scan with TDS3.
    When I select that, it starts
    [File Scan] Scanning file c:\  (name of file selected)

    After that though, no other messages come up.
    Is that it? Or should I then get a message such as, "Finished" or "No trojans found" or something?
    Cheers, C
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Cobalt - Often wondered about that myself - even though I have the right-click menu option, I've never seen it actually do anything when I've tried to use it.

    Jooske & Unicron - Do you have to have TDS in the Taskbar before you'll 'see' anything happening, or do you not see anything happen unless there's something wrong with whatever you're checking? Pete
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    When you do a scan in TDS, you see an extra window at the bottom opening, where all eventual alerts are displayed; if that stays empty, no nasties in the file.
    If you do a scan of a disc or patition i see the amount of files scanned and amount of possible founds and the time it took; details are then in that extra window and you can copy them to the scandump.txt if it's not done automatically already. (right-click on the alert in that window a little menu pops up with some choices what to do with them)
     
  9. FanJ

    FanJ Guest

    Hi Pete,

    I do have the possibility to scan a folder with TDS-3 when I do a right click on that folder. I have to admit that I haven't installed the possibility to scan only a file with TDS-3.
    In my setting I don't have TDS-3 to start up always with Windows; (I use BOClean as resident AT and use TDS-3 mostly for on-demand full system scans; I like both programs very much!).

    Well, let's take this example:
    I want to scan this folder D:\Tijdelijk_9
    (don't bother about that Dutch name; it means temporary_9).
    That folder has two files in it.
    I right click on that folder, I choose Scan with TDS-3.
    Then TDS-3 starts up in the same way it would do as when I would have started it myself; so first it does all its initial scans that I have set it to do.
    So all the usual messages are shown in the TDS3-console.
    And almost at the end of these usual console-messages I see this:

    13:51:47 [File Scan] Scanning in -scand D:\Tijdelijk_9
    13:51:47 [File Scan] Scanning in D:\Tijdelijk_9 ...
    13:51:48 [File Scan] Scanned 2 files: 0 alarms in 0.2226563 seconds (Avg 9982456. files/sec)

    The two files in that folder were clean, so I got no other messages about an infection.

    I hope this helps.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Ha Jan,
    Fine explanation! (of course):)
    you might like to put some test files in that folder, like the leaktest, mirclean test, that jason tools test file, etc.
    and/or some other infections (zipped for your own safety) you might get in via emails.
     
  11. Cobalt

    Cobalt Guest

    Hi Jooske,
    I don't seem to get that extra window you mention on the bottom of TDS when I use the Rt. click scan single file function (the window that has Alarm , Name, File.)
    It is there if I do a full scan or if I do a folder scan from the TDS console - but nothing on the single file scan.
    Also, as I mentioned, all other scans come up with "Finished" when completed. The single file scan does nothing except indicate that it has started.
    Does anyone get anything different? (like do you get the "Alarm, Name, File" window when doing a single file scan)
    Thanks, C
     
  12. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    if the file is clean, you will get no confirmation. If it is not, it will say so. Try it on subseven.
     
Thread Status:
Not open for further replies.