Mutex found?

Discussion in 'Trojan Defence Suite' started by Checkout, May 8, 2002.

Thread Status:
Not open for further replies.
  1. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    [Mutex memory Scan] Trojan mutex(es) found:

    - and that's all I get.  A full scan finding nothing.  Should I be concerned here?  Latest update was this morning.
     
  2. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    This is getting weird!  DCSMutex wasn't running on my system, because Tiny Trojan Trap prevented its execution.  I moved DCSMutex to a lower security group - si it could run - and now, after reboot, there are NO trojan mutexes found!

    Anyone care to speculate on this?   o_O
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    checkout - Really don't know what to tell you. I read your post, updated TDS, closed it, re-started it and let it run the preliminary start-up scan - "No Trojan Mutexes Found".

    Could TDS be 'hitting' on TTT because of the way you've got it set up (TTT preventing the DCS Mutex from running)? Pete
     
  4. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Doubt it, Pete.  DCSMutex (if I understand it correctly) allocates and writes to a small block of memory (the mutex).  If TTT won't let it run, there shouldn't be a mutex to find.  It's all a bit base over apex!   :rolleyes:
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Are you sure you have the last update of the Radius?
    As some time ago the message was exactly like that as you described in stead of saying this completely:
    8-5 15:58:41 [Mutex Memory Scan] Started...
    8-5 15:58:43 [Mutex Memory Scan] Finished (no trojan mutexes found).
     
  6. Jooske, yes, the update is the latest.  What bothers me is that some trojas work by NOT finding a mutex.  So, when TTT prevented DCSMutex from working, was a real trojan allowed to start?  When I made TTT allow DCSMutex to start, was a real trojan prevented?

    Hmm....
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Wayting for Gavin/Wayne to jump in here!
     
  8. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    Mutex found /Tiny Trojan Trap

    Hi Checkout

    Surely any anti-virus or anti-trojan is only going to be able to do its job properly if it is allows 'unrestricted' access to your entire system?

    Maybe we need another thread,  but why restrict TDS in the first place? o_O
     
  9. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Bubs, I don't believe I have TDS restricted at all - only DCSMutex (which I guess wasn't recognised as a registered process when I installed TTT).
     
  10. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    yeah - i remember now - the first time I ran a full scan after installing TDS3 over TTT, there was suddenly a popup halfway thru as DSCMutex kicked in as an 'unknown' proggy running for the first time.

    As you know, its very easy to click the wrong category by mistake - I put it in 'unrestricted' and had no problems as far as I can remember.

    MY GUESS would be that you got 'half a spoof positive' beacuse DSCmutex didn't run properly the first time.

    The only way you could be completely sure is to do a full scan, then uninstall/reinstall TDS-3 to replicate the condition.  

    Not sure that's worth the time! :D
     
  11. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    If you ever see "Trojan mutex(es) found:" , but nothing listed after it, you can relax - you have nothing to worry about. :)
    I'm not sure exactly why you're seeing that, or if it's TTT that's causing it, but hopefully we'll have some answers for you tomorrow - I haven't personally examined TTT to see how it works but we'll look into it early tomorrow (8pm here)
    Best regards,
    Wayne
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thank you so much for the relaxing message;
    several weeks ago the scan was displayed like that in general with no start nor finish message, but that changed.
    So might be now a TTT reaction, as i did not see others reacting about that this time.
     
  13. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Thanks.  Sleep well.
     
Thread Status:
Not open for further replies.