Warning Red alert TDS FALSE READING

Tds is makeing this false reading after a Boclean update

after sending boclean update to recycle bin

Scan Control Dumped @ 18:05:37 02-06-02
File Trace: Default trojan filename: RAT.DKAngel
 File: C:\Recycled\dc2.exe

the boclean update was 5\30\2002
when deleting it it siply delets the boclean update patch from the recycle bin lol.

still perty scary

 

Hi Blaze,

I'm afraid that I don't understand this fully....

I do have both BOClean and TDS-3 on my system.
I don't have a file dc2.exe on my system.

What exactly do you mean by this:

Why sending an update for BOClean to the recycle bin?

Anyhow, I will do a full system scan with TDS-3 to see whether I get any warning like that....

 

This is funny
When I do a search for DC2.*  
Find shows a deleted file in my recycle bin called
SpybotSD.Results
This is suppose to be the text log I sent to the recycle bin after installing Spybot to do a bit of testing.
Am I losing it here?
Scratching head yet again

Using WIndows XP home addition right now.

[glow=red,50,300]controler[/glow]

 

Oh i dowenloaded boclean update 5-30

after i was done with the update patch i simply deleted the patch and send it to the recycle been.

i updated tds afterwards after the tds up date today i ran a scan and got  this

File Trace: Default trojan filename: RAT.DKAngel
 File: C:\Recycled\dc2.exe

i looked and could not find the file but when i deleted it with tds boclean update patch that was sitting in the recycle been deleted right befor my eyes lol.

it was a false warning it read Bocleans update patch as a rat false trojan alert.

File Trace: Default trojan filename: RAT.DKAngel
 File: C:\Recycled\dc2.exe

dc2.exe  this was no where on my system it was just tds reading boclean update patch or instalation patch as such

 

lol see its not just me todayss tds update is makeing false alerts with stuff thats been deleted and sent to recycle bin lol=)


should get the boys on this lol could cause problems if it makes false alerts

 

Two remarks, as i don't run neither BOClean nor Spybotclean etc.
Didn't you never notice, when you send something like an executable file to the recyclebin it is very often renamed as dc0, 1 2 etc to start with?
Check via your windows\exlorer\recyclebin as i'm not sure if it shows that way via your desktop as well all time.
Many files keep their original names though.

Further, if it is a patch from another AV/AT developer, i am very sure the DCS lab is very happy if you send them the sample so they can check and eventually correct their definitions to prevent false alarms.
After if DCS tells you it is a positive identification you better hurry sending it to BOClean so they can look if it is still their original or something might have happened on the way with it or on your system.
As this same RAT name was mentioned recently and the definitions for it are refined in the Radius references, so don't think immediately it is all 100% definitely harmless. It can be, it can be not but better be sure.
More because Jan did not get this same alarm.
But it stuns me to say honest you patch and after delete a patch. Isn't it supposed to be just there?
So if you still have, please send the sample to submit@diamondcs.com.au with a few lines of explanation.
MrBlaze, if you get a new download and put it in the recyclebin, does it alarm on that new one too?
And Jan, if you do the same, same alarm?

 

WHAT THE HECK IT AINT DOING IT ANYMORE HMMMM OH WAIT I HAD THE 6MB NAV 2002 UPDATE VIRUSE DEF IN RECYCLE BIN TWO LOL I WONDER BRB LOL.

 

OK I GOT BOCLEAN UPDATE ALGAIN AND SOON THE NAV INTELGENT UPDATER

I will stick them in recycle bin and see if it dose it algain

also wanted to know why  theres no info on this trojan look

Backdoor.DKAngel
Detected as:
Backdoor.DKAngel

Aliases:
None

Characteristics:
Wild


No additional information

 

Now you sent them again to the recyclebin, did you get the same alarm on the DKangle?
and did it rename indeed to DC2 too?
So the NAV download sent there too (i hope after install) would maybe get DC1 or DC3 whatever......
Do promise me instead of emptying the bin if TDS alarms on it again, that you send the sample to the TDS lab to grind it an take it inside out, (what you do with garbadge normally anyway)
Nothing is certain until Gavin/Wayne tells so about it.

 

Hi Blaze,

Good suggestions that Jooske posted, please do what she asked.

I never have seen such thing happening (but my recycle bin is automatically cleaned).
I did a full system scan with TDS-3: nothing found.

I'll ask Nancy to have a look here and see whether it might be BOClean-related (which I really don't think so for the moment....).

 

I think you TDS peoples are on the right tyrack now
There is a problem with that same trojan false alarm and TDS and the recycle bin.
For some reason TDS has been detecting harmless files in the recycle bin as DKangle or maybe some new sneaky RAT lurking in our recycle bins ?
MRBLAZE  there is info on DKangle all over the internet and it is an old RAT.  
Seems like after you restore that same file and scan it
you don't get the alert and if you put it back in the bin,
you don't get the alert.
SO Jooske? Why is TDS and these DC0,DC1,DC2, ect
files messing with TDS?

[glow=blue,2,300]controler[/glow]

 

When the samples are sent to the TDS lab they might be able to answer that part.
Have you seen the renaming in the meantime of deleted files there? That's what windows does.
I know there was written some about this detection, and refining the references for that, must find it back what exactly it was.
Did you send in your own sample, and what was the TDS lab responce to that?

 

Jooske?

You having trouble remembering stuff too now?

I sent that info to you didn't I?
it was from

BTW  I love yard sales too

HTTP://WWW.FUCKMICROSOFT.COM

 

Ok snif snif i guess i relly did have a trojan

File Trace: Default trojan filename RAT.DKAngel C:\Recycled\dc2.exe

i used tds to wipe it out did several scans and restarted puter no more sighn of it =(

what does it do and how did i get it?

 

We posted about it in this thread
http://www.security-pro.co.uk/yabb/YaBB.pl?board=dcstds;action=display;num=1021255239;start=13 and i know for sure to have seen somewhere Wayne or Gavin reacting, but can't find it this moment, maybe in the private forum.
Anyway MrBlaze do i understand well you did download the BOClean Patche again and sent it the same way to the recyclebin and this time came out clean?
As DCS can only react when you actually send them the sample on which is alarmed.
There was something specific why not to worry too much, but i can only say for sure when i find their posting about that back.
Like you found out yourself, there is hardly any info about that thing, so i can't tell you more either.

 

Thx joosky and every one still wondering after reading that if it a false or real alert?

also am even more wanting to know what it is or does or how i got it.

as many of you know im the most parynoyed person here lol i know there out to get me lol=)

im just wondering how boclean and tds exe protection and nav 2002 ,za pro as will as dimonds regystry protect administrator

spybot ,adaware,script trap,sock lock,dso stop 2 and hta stop

and these settings
Download signed activex controls - Prompt
Download unsigned activex controls -Disable
Initialize and script activex controls not marked as safe - Disable
Run activex controls and plug-ins - Enable (I know! I know!  )
Script activex controls marked safe for scripting - Enable
Allow cookies that are stored on your computer - Enable
Allow per session cookies (not stored) - Enable
(Note: my cookies are handled by CookieMuncher, SpyBlockers' hosts file and IE SpyAD for 'Restricted' site entry, so you may want to do something different with the two 'cookie' settings above if you aren't using those programs).
*File download - Disable ('Enable' as needed only!)
Font download - Prompt
Java permissions - High Safety
Access data sources across domains - Prompt
Don't prompt for client certificate.... - Disable
Drag and drop or copy and paste files - Enable
*Installation of desktop items - DISABLE
Navigate sub-frames across different domains - Enable
*Launching programs and files in an IFRAME - DISABLE
Software channel permissions - High Safety
Submit non-encrypted form data - Prompt
*Userdata Persistence - DISABLE
*Active Scripting - DISABLE
Allow paste operations via script - Disable
Scripting of Java applets - Disable


along with my missle defense system and nukes

and caltech collge student trap in my basement watching my computers ports at gun point had this trojan rat got threw=(

 

did you get a new alert on the new download and did you send it this time to TDS lab first before removing it again?

 

Hi,
I posted about the same situation in the TDS members forum on 5/21/02. Gavin said to ignore it. ( Or send it in if I was concerned). If there were no other alerts you can disregard it.

Regards, Gerry

 

I did some search:

BOClean:
768. DARKANGEL

TDS-3:
RAT.DKAngel

Symantec:
DarkAngel.3250
I do not know whether this is the same one.
http://securityresponse.symantec.com/avcenter/venc/dyn/32304.html

TrendMicro:
W97M_DARKANGEL.A
I do not know whether this is the same one.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_DARKANGEL.A&VSect=T

CA:
Angel.A
I do not know whether this is the same one.
http://www3.ca.com/Virus/Virus.asp?ID=2884

Kaspersky:
28 hits on the search for Angel:
http://www.viruslist.com/eng/virusl...0&rub4=001&findWhere=&findTxt=Angel&x=40&y=13



I suppose that the ones from TDS-3 and BOClean are the same.
I also think that, since TDS-3 has cleaned it (as far as I understand you right Blaze), you are not in danger at the moment.

Keep an eye open to see whether TDS-3 execution protection and/or BOClean comes with an alarm (depending on which one you have running).

BTW:
Did your ZAP give you any alert that a new program was seeking contact with the internet?

I will also have a look at the thread that Gerry mentioned.

 

Hi Gerry,

Could you please email me the link of that thread, or use the IM on this or the private board.

Thanks, Jan.

 

NO I DIDNT GET A ZA WARNING ON IT

trying to acess internet good point

yes joosky i put them in but this time didnt get the alert.

so i guess it was either a false alert or im clean of it either way its good.

=)

if i did get it wondering how it was posiable im very careful on dowenloafds everything gets a virus and trojan and spyware check befor i open it or excute it=)

 

by the way thx fan j and joosky and thx everybody =)

 

Hi Blaze,

There are new definitions for BOClean.
I'm curious whether it happens again on your system; keep us posted.

Cheers, Jan.

 

=) ok i updated so far so good nowit in recycling bin.

=)starting tds

=) nope all clear fan j sunny cyber space alwaits lol thx for loking out for me