What is TDS-3 doing still loaded?

Discussion in 'Trojan Defence Suite' started by EvilNewbie, Aug 1, 2002.

Thread Status:
Not open for further replies.
  1. EvilNewbie

    EvilNewbie Registered Member

    Joined:
    Jul 26, 2002
    Posts:
    6
    After I bootup, TDS-3 loads and does a scan of the system. After that it minimizes to the taskbar. Is it in the background just scanning what's going on, on my computer? Or is it done and I should shut it down? I would think that if it was done, it would shut itself down. But since it is an anti-trojan hunter, it should be active and continuously monitoring my system like norton anti-virus. What exactly does it do after it finds a trojan? It says that it blocks the trojan from executing but does it REMOVE the trojan at all? Let me know.. thanks...
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again,
    i would most certainly not close it down, because of the exec protection (in the registered versions) and the many tools you have at hand to do stuff like checking running processes, netstat, autostart, in which you can all delete unwanted items, running scripts, and the many network tools, all together a tool box with some 50 functions you'll gradually like to learn in it's use.
    No, TDS is not automatically removing all what it alerts on, as you get a fair chance to look at the file and either submit it for closer examination by the TDS lab, find out when it came on your system, where it came from so you might be able to locate other files dropped by a trojan for instance, etc.
    You can see if it's a life trojan or worm or a sleeping one in an archive for instance, etc.
    Submitted infections can be sniped out in the lab to find out about the payload and origin where possible to create the best defence. Of course you can also decide to delete the nasty immediately.

    The startup tests if you have all those checked in the configuration look to every bit and byte in the memory and processes there, changes in files and autostart, mutexes, etc.
    After updating the (daily) radius database and as often as you might like it's advisable to do a full system scan and see what you do with possible finds.
    Did you for instance find the origin of the http.troie which caused you a reformat the other day and which could still have been in possible back-upped files?
    In the helpfile is a very fine description what to do when there is a life trojan found, of which the first is not to panic and if possible not to reboot but trying to do all tests and what is advised on that page.

    You did see the (already older) pages about the 17 ways to smell a rat? In the meantime there are many more ways to detect and get rid of it.
    With the network functions i mean you can look at all what's entering or trying to enter into your system, datapackets you can look with the port listen and traffic bridge, in case of port scans you can really look what's going on and react on that in many ways.....

    I am here talking about TDS-3; with the coming new version and more tools coming soon nobody can tell yet what new functionallity will be build in TDS-4 and/or the new products. The only thing we are told is that it will make lots of other software jobless.
    For the moment, from your other postings i remember you have a specific resident at scanner (av as well?) which should work fine together with TDS, say TDS is a lot extra and you can start (with scripts) your other scanners from TDS. Let's expect the new version and other new tools between now and Christmas, which is a nice period to get used to it and learn some of it's values.
    You can use it almost as a start and forget program, but then you do yourself a lot short with the many more possibilities which you will not find in av/at scanners.
    I'm very happy to have WormGuard beside it with the many additional functions and blocking as well as the safe mode to look inside a file why it's alarmed on, etc.
     
Thread Status:
Not open for further replies.