TDS-3 still the Best !!

TDS just found a trojan while I was doing a monthly full scan of my machine, even with its old database !
Trojan that neither KAV, Ewido or A² found.

I was going to uninstall it in order to move to another product but in conclusion I will just keep it till our dear friends at DiamondCS release their new product.

A real true great product....

 

Hi there,
Nice to read. With an older database there could be a growing chance for false positives, so in case of doubt, check the file for instance at jotti's or KAV online scanners and in case of no alarms there try it another time after a few days.

There is not any reason to uninstall TDS because of the detection and other many features it has and the possibilities with some scripting to add more functionallity.

 

Unfortunately I am not using scripts or the other features. Oh well, no big deal!
BTW as I said I tried KAV as it is my main AV. No alert. But no time to waste. No risk to take. I just deleted the file

 

Are you sure it wasn't a false positive? I'd be concerned about that if KAV didn't find it - at least submit it to Kaspersky to check before deleting.

 

No I am not. I saved the Trojan name in a TXT file but TDS replaced it. Then I do not have anymore the trojan name.
Anyway next time I will submit my file. I stop doing that as they all
(newvirus@kaspersky.com; submit@diamondcs.com.au; heuristik@antivir.de; virus_research@nai.com; submit@misec.net; virus_submission@bitdefender.com; research@lavasoft.de; virus_doctor@trendmicro.com; esafe.virus@eAladdin.com; virus@asw.cz; cat@vsnl.com; virus_submission@centralcommand.com; virus@commandcom.com; virus@cai.com; ipevirus@vet.com.au; Antivir@dials.ru; samples@nod32.com; viruslab@complex.is; samples@f-secure.com; submit@finjan.com; virus@grisoft.cz; hauri98@hauri.co.kr; Analysis@norman.no; virussamples@pandasoftware.com; virsample@pspl.com; samples@sophos.com; avsubmit@symantec.com; submit@emsisoft.com; submit@ewido.net; virus@mks.com.pl)
get me different answers.
Then I just do not want to take any risk...

 

I'm not surprised this happened... can you remember what it was ? one of the <Adv> detections ?

Nearly all of the major client/server FWB trojans from a while back like Beast, Bifrost, Optix and lots more are detected with generic signatures which will detect even the most modified of variants (in some regards). Its a complicated issue but sometimes even the most technical AV like KAV will miss the trojan because of packing and deliberate obfuscation. Then the generic detections work wonders

 

Actually I did save it under TXT format in order to post it. Unfortunately I realized it has been overwritten by another report. Also I could not get anymore the name of the Trojan. Next time I will make a back up of it.

I hope that DiamondCS will at least release their new product for Christmas. That will be a nice gift!

 

When your scan finished, rightclick one of the alerts and save to scandump.txt. Now, go into that TDS directory and rename that file, for instance into scandump120905.txt so it will not be overwritten.
Or open the file with notepad and copy / paste the wholr content in your posting or email, wherever you want it.
Hope this helps for a next occasion.

 

Thanks