Mr.Blaze TDS killler

Discussion in 'Trojan Defence Suite' started by Mr.Blaze, Mar 11, 2003.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DYup that what im calling it lol

    Im very excited i think i found a trojan that TDS cant scan.

    Since im the first hopefuly to discover it i get to name it lol

    Im not sure if it the real thing or just a gag but i ran it threw the ringher :D

    i did everything huemanly posiable other then geting out a hex editor lol.

    Now at first you all might be gasping why would blaze be excited lol.

    it simple i been looking for a year lol and nothing has bypass TDS plus if i discover something new shouldnt i get to pick the name lol. :D

    heres just a few apps i tested this on
    Nav 2002-2003 system works
    Gav
    Ants
    boclean
    Kaspersky AntiVirus Personal Pro v409

    Tds full blowen everthing in its arsenal on

    spy bot search and destroy

    Spy Cop

    dimonds regstry administrator

    adaware +6.0 pro

    trojan check 5

    these jus a few apps that turn up nothing

    im have some one look at this and tell me if its for real lol wish me luck

    actualy TDS might have discover it but nly when the trojan excutes and runs

    so it might not be the trojan that is awsome but the method by which it is undectable by scans.

    locking out profestional software from scaning it till its excuted hmmmm

    hers a pic
     

    Attached Files:

  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    We've analysed your JPEG image and found no malicious content. ;)
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DLOL LMAO YEAH BUT NO I WASNT KIDING LOL GIVE ME YOUR E-MAIL TO SUBMIT THIS
     

    Attached Files:

  4. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DLOL PERSONAL I THINK IT A GAG LOL CAUSE I DONT RECONIZE THE DETECTION BOX LOL IT MIGHT BE SOME ONES PRANK

    THE PROBLEM IS I HAVE SO MUCH STUFF ON THIS PC OTHER
    then what i listed i cant tell which program does that but on tds scan it show nothing only when i excute file
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    So do send in the stopped exe file Blaze, how about submit@diamondcs.com.au ?or
    gavin@diamondcs.com.au
    Hurry in name of the internet community, thanks!

    Don't know the dunprotect but i'm getting suspicious feelings. What does PE say for connections?

    BOClean you said? Must be their alert.
    TDS does detect sleeping nasties as well if you configured your settings to detect everything in archives and compressed executables too.

    I see in routers/nat also the instruction to run duncontrol up to dial via telnet to the host in a network, so there seems something the matter. You could see that as a trojan, maybe, Gavin/Wayne will tell us as soon as you sent in the nasty!
     
  6. FanJ

    FanJ Guest

    Yep, I already adviced Blaze via IM to send it to Gavin; I gave him Gavin's email-addy.

    Blaze, BOClean calls Duncontrol a Trojan !

    Open up your BOClean menu (double left click on its icon near the clock). Then click "Covered Trojans". Then you will see a list. Do a search on that list, and you will see that BOClean has two times mentioned Duncontrol in its list, which means two variants. The name of that Trojan (at least the name that Kevin gave it) is Duncontrol.
     
  7. FanJ

    FanJ Guest

  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    o_O what you mean it might already have a name

    But that strange cause when i got the warning if it was indeed from boclean i should had gotten my customized smiley warning that i put in boclean to tell me when i get a nasty.

    :doubt:will i mailed it off i guess will have to wait and see if it a joke or a real trojan

    then i have tofind out lol which application detected it man thats going to be a long process lol

    hopefuly it real and a new varient
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    will port explorer good it saying im ok from this end
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dit 319 am here what time it there guys
     
  11. FanJ

    FanJ Guest

    Well, at the moment I'm not quite sure whether it is a trojan or not; let's indeed wait for Gavin.
     
  12. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dhey fan j hey joosky im off to bed ill be counting monkeys to sleep lol nite nite thx for your help i really alprechiate it
     
  13. FanJ

    FanJ Guest

    Hey buddy, have a good night and sleep well !
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    i'm surprised we seem to have 9 hours time difference then, and Perth is another 7 hours advanced from us!
    Sleep well!
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dwoke up 1114am :Dlol removeing crusty from my eyes

    no e-mail back yet im guessing either no bigy or there working hard at work in tds lab or suntaning by the pool with imported models lol :cool:
     
  16. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Remember 16 hours time difference, so you sent it in their night almost! Give them a chance for some sleep too please and they'll look asap for sure, of course we're all looking at the possible answer.
    Where did you get the nasty anyway, do you remember?
     
  17. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dyup they got ahold of me less then 24 hours and they ran it threw the ringher for me it not a trojan turns out it was a program giveing a fallse positive

    The G man N wayne come in for blazey :D
     
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Great Blaze, it can be alarmed on as it can be used malicious maybe, as i understood from the description. You said it only alarms when you run it, which might confirm this.
    I wonder if you open notepad and type in a bad name like backdoor.rat or this one and save as test.vbs if anything would alarm when you click on it. It should not, as it's just a name and then things could alarm on any primaries names list, but never know. PestPatrol would, if you have it check txt files too.

    BTW Blazey, you can have your avatar back visible if in your profile you add "archive" between the com/ and the /avatar like this: www.wilderssecurity.com/archive/avatar/......
     
Thread Status:
Not open for further replies.