Couple questions

Discussion in 'Trojan Defence Suite' started by Paragon, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. Paragon

    Paragon Guest

    I was wondering if I could get a little more info on how the antivirus test works, because I tried it out, but my AV didn't detect it.

    Also, what kinds of things does TDS not detect? I'm thinking it doesn't detect keyloggers for one, because I put on on my system and TDS does not detect it.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    That's interesting! Care to submit that one to support@diamondcs.com.au ? As they have a lot of them, but maybe this one slipped through it.
    TDS is especially build for trojans in the first place, detects trojans, worms, keyloggers, NTFS streams, and lots more. It is not build for viruses.
    It has this special virus test independent of named viruses, described in the helpfile under "File Infection Test (Anti-Virus)"
     
  3. Paragon

    Paragon Guest

    Alright, I'll send the name of the keylogger, but I'd still like some info as to why my antivirus didn't pass the test. So I'd like to know how this test works.
     
  4. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Paragon, are you referring to the file infection test listed under system testing in TDS? If so, this is not a test to check your antivirus. TDS puts out a little bait(test.exe, test.com) to see if a virus attempts to modify these files. In the console you should see this. It should,hopefully, tell you the files remained untouched. Even though I said this wasn't to test your antivirus program, if you should see a message saying these files were changed, I think it would be wise to do a little investigating to find out exactly what is going on, as soon as possible. Don't know exactly what the message might say, never having seen it and hopefully never will! Hope this helps, but if this is not what you meant, post back and someone will be more than glad to help you, I am sure.
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    TDS also detects a huge number of real keyloggers. We are adding internet and system monitoring programs which are commercial products, however these must be treated differently. We do appreciate links to demo versions of these programs, but remember they are essentially not real trojans. Most cannot be installed remotely without some sort of install procedure, and many show up in the programs list and under Add/Remove programs.
     
  6. Paragon

    Paragon Guest

    Ah, I think I misunderstood the purpose of the test. It is supposed to test to see if there is a virus? I thought it was making a pretend virus to see if the antivirus picks it up.
    As for the keylogger, I'm glad you're adding the capability to detect system monitoring and commercial products, but I am more interested in TDS being able to detect trojan keyloggers that use methods the same as, or similar to the keylogger I mentioned (As well as any methods used by other commercial products of course, as they could all be used in a trojan).
     
  7. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hi Paragon, if you want a little more detail about the virus test, check in TDS's helpfile. This is what Jooske was pointing you to in her reply at the beginning of the thread, and it explains it better than I did. Don't know how long you have been using the TDS-3 program, but TDS's helpfile is, in my opinion, very helpful. One thing you can count on, there is no shortage of help here at Wilders on TDS, or just about any thing else, for that matter!
     
  8. Paragon

    Paragon Guest

    Thanks, the helpfile is actually pretty helpful. :) I like how it explains things.
    I have a another question about the infection test though, would a stealth virus be able to trick TDS into thinking the files have not changed, when in fact they have? Because there are many stealth virii that "spoof" the correct filesizes and time/date stamps to make it appear the files have not changed, and can hook themselves into the interrupts to intercede upon all disk access, among other things. So would a stealthy virus be able to evade detection from TDS, or does TDS use methods that would detect such things?
     
Thread Status:
Not open for further replies.