tron.zip Detection

Discussion in 'Trojan Defence Suite' started by Bouch, May 30, 2002.

Thread Status:
Not open for further replies.
  1. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi guys,
    so nice you don't make it always so difficult that i can seem at least a little smart knowing some answers in the discussions :)
    And i don't even eat smarties, prefering M&Ms!
    I doubted at the link as well, altering it or not, as this site's TOS is not to allow any link to real warez and trojans and thus i left that part the responsibility of the board owner.
    But i had in the meantime downloaded the thing to be able to do the testing you did, but i did not unzip it as it was detected as it was already, like Paul's screenshot.

    Gradually i am building my own test zoo from the nasties that come to my system and some i forwarded to the DCS lab and keep a copy. Very seldom i would download a sample myself, although it is recommended when we run into a nasty to keep a zipped copy of it just in case and we might like to submit a sample to the DCS lab. On the DiamondCs site are some samples, like i remember a test file in the Mirclean script and some more. If you get Gibson's Leaktest it will be detected as a demo, etc. I do in between some online scan when i think of it, at housecall, panda or bitdefender, just as all have other methods of detection and i know of course my test zoo and don't allow them to clean that valuable collection out.


    I know the feeling of never detecting a thing so i ever went to housecall for an online scan my first days of learning some about security and was shocked about the many finds, including CIH which mcafee had not found at all. So byebye m.a. Nice to beta test several to see what suits you best. Without WormGuard and TDS i would not be so confident and quiet at all i suppose.

    Convinced TDS is doing it's job? And it's getting even better soon!
     
  2. Bouch

    Bouch Registered Member

    Joined:
    Apr 14, 2002
    Posts:
    26
    Location:
    Toronto Canada
    Hi Jooske!

    Nice of you to respond with your comnments. As you know more than most, the job of any AT is to identify and remove trojans. It's the raison d'etre for TDS-3 and its competitors, and why nice folks like you and me purchase a licence to use it.

    When I purchase any product, the first thing that I want to do is watch it successfully perform the task that I purchased it to undertake. IMHO, that certainly doesn't make me unique. Two months passed in the case of TDS-3 (two years in the case of Tauscan!), and I had yet to see TDS-3 demonstrate its capacity to perform the task that it was purchased to perform: namely, detect a real trojan (not Steve's Leaktest which, as you know, TDS-3 identifies as "not a real trojan") and remove it.

    Now, I'm sure that all the folks at DiamondsCS (Wayne, Gavin etc.) are among the best examples of humanity to be found anywhere on the planet and, if they tell me that TDS-3 is the best product available to detect and remove trojans, I should accept their statements as gospel without question. Yeh but .... I may be Canadian Jooske but, in this regard anyway, I'm from Missouri. Show me! I wanna see it happening! Am I the only one who thinks this way? I may be wrong, but I doubt it in this case. That is why this experience with tron.zip (containing the nasty tronserver.exe) was so gratifying for me (I'm almost retired so it doesn't take much these days lol). I posted the link so that others might enjoy the same gratification. Perhaps this was an error in judgement on my part but I have a tendency to think not.

    While I both understand and accept Paul's action in rendering the link non-functional (he's the owner, he calls the shots and that's as it should be), I remain unconvinced that it was necessary. Based on the information that was provided, it was about as close as a home pc user will likely come these days to a controlled situation IMO. Oh well, water under the bridge as the cliche goes.
     
  3. controler

    controler Guest

    The trojan you are chatting about is a common one.
    All the trojan making software uses compresed exe
    then binds them.

    The sites I have been to have some new stuff comming down the pike. Their kick is to always stay one step ahead of trojan scanners.
    These guys are releasing software that alows you to name your own server. You then have the chioce of adding the entry to the run, run once , and one hidden
    ;) The only way these trojans can start is through one of the known startups in Windows.
    If thier new version only loasts a day without detection, That is long enough to do massive damage
    to government agencies around the globe.
    Don't sweat the little stuff..
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Hi Bouch and all,

    The reason why we do not allow malware URLs being posted is twofold:

    a) the same causing me to critized Gibson over on GRC say one year ago for posting such a link - resulting in many, many people without proper defenses installed becoming infected (and my person being flamed all over GRC - grin);

    b) the reason as stated by Controler:

    Although I can see why anyone with good and updated defenses installed feels the wish to check his/hers defenses using a "real one", our policy as stated in the TOS is for good reasons: we do want to avoid in any circumstance unprotected/badly protected systems becoming infected.

    regards.

    paul  
     
  5. Bouch

    Bouch Registered Member

    Joined:
    Apr 14, 2002
    Posts:
    26
    Location:
    Toronto Canada
    Thanks Paul. Understood.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.