TDS3 false alarm !?

I assume to get a false alarm from TDS concerning the Program Hacker Eliminator: When I make a process memory scan TDS-3 tells me that Hacker Eliminator is RAT.Netbus.1.70.

I think that can´t be true, because Hacker Eliminator seems to be an official Tools. !?

 

Hello Megafreak,
welcome at DCS in the Wilders forum.
Which filename is it exactly?
Does it say positive id or suspicious?
I think Gavin will like a sample to refine the detection and avoid next alarms in case it is a false alarm indeed, submit@diamondcs.com.au so you see TDS finds really lots!
Best zip the file, btw.

 

Hi,

It does sound like a false alarm, but send the file in just in case. Another program keeps a Netbus detection signature inside its main EXE, which means when it is running it looks like Netbus. Surprising that a second program would use the same signature as TDS-3, and have it embedded inside its program while running !

That of course is a bad practice, all of the TDS databases are external and are loaded when TDS starts. The process space of TDS-3.EXE does not contain trojan signatures of course

 

TDS-3 tells me following:

Live trojan found: RAT.Netbus 1.70
File: C:\Program Files\Hacker Eliminator\HackerEliminator.exe

Tell me if you want the file nevertheless then I can send it, but I think it is the standard version of HackerEliminator so you just have to download from the webside to see the message.

 

If you dont mind sending a copy in then I'll take a look at it Best to get the file directly from you I feel, thanks

 

I installed the trial version today, no alarm

Had a look at the EXE, theres no reason for it to alarm, and it doesn't so how can you be getting an alarm if you are using the same program as me ? I would download again perhaps

 

Better get Megafreaks's copy, maybe something slipped in from elsewhere? Think the developer will be interested to know as well of course.
Or could it be there is a difference between the trial and a registered version? More reason to get the exact alarm to check what is happening, in name of the internet community we will all be very grateful for this!

 

I sent the copy to you via email, maybe the problem is really focussed on the trial, but like you told it doesn´t occur on your system, but why does it occur on my system? I hope you will find a solution for that false alarm.

No matter on what time I installed hacker eliminator always the same, I loaded it from the original webside, but always the same: RAT.Netbus.170 was shown for the exe of Hacker Eliminator, but you have to do a process memory scan to see this alarm.