Adding Trojan Signatures into TDS Primary List???

Discussion in 'Trojan Defence Suite' started by mfreemanhcp17, Jan 4, 2004.

Thread Status:
Not open for further replies.
  1. For anyone that has read my recent post re: potential new buyer - I have a final thought before upgrading to full TDS and most likely Wormguard/Process Guard (yet to trial):

    I know I have had two Trojan files that TDS has missed (iosdt & savno.100 not listed in primary list). TH3.7 includes savno.100 in its trojan listing.

    Q1 - Is there any way I can import such info into the TDS Primary List??
    Q2 - If I go for TDS and not TH3.7, I would never have picked up the trojan in the first place, do I need to double up on AT programs for insurance or would TDS pick up the problem eventually? From what I've explored these are not new Trojans.
    Q3 - Can I force TDS to look for and 'force kill' any folders/files containing the text "isodt" for example, or is it not this simple.

    Many thanks to future software owning colleagues!!
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Q1 If you have suspicious files you can send them to submit@diamondcs.com.au. If they are baddies they will be included in the next update, so everybody will be protected from them.

    Q2 Maybe in a rare case there could be a trojan which isn't picked up by TDS, but in most cases it's a false positive by an other AT/AV

    Q3 No, you can't

    Dolf
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again! You can do a search/find with the windows function and delete or zip any finds (and submit them to submit@diamondcs.com.au for deeper insights)
    If i find something questionable i also get a second opinion on line at www.avp.ru scroll all at the bottom where you can "submit virus" and in a few seconds you have an answer.

    I'm not aware of a script in TDS to do such an action automated, but i guess you want to be sure if the files are really nasties before killing/deleting them.
    But if they fall under trojan law, they will be added to the database soon enough.


    BTW: that you don't see certain names in the primary list, can have several reasons, like another name might be used for the detection, detection is already covered by other code, there might be a false alarm, it is not a trojan/worm/leylogger/rootkit/dialer/downloader/something else TDS covers.
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Savno sounds like Savenow adware.. I can add it if you really want ? :rolleyes:

    Really dislike adware myself, some detection is being added simply because there is SO much around now which is adware but uses trojan-like techniques. Such as auto downloading new programs and running them - its just adware, but its being called a TrojanDownloader by the AV companies. To me this lessens the perceived threat of a real downloader - a commonly used trojan
     
  5. Hi Gavin,

    Don't worry about adding if you don't perceive a threat.

    P.S. did you receive my e-mail (thru support addy) of 03-01-04 re: zipped iosdt trojan? :-*
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi :)

    I may well add detection depending :) Sorry I was too busy to reply to you, if you dont mind please also send the savno just in case. It wont hurt to add it of course, so if its unwanted I'll find a spot for it. Thanks for your questions and help
     
Thread Status:
Not open for further replies.