Armadillo ??

Discussion in 'Trojan Defence Suite' started by Rainwalker, Jun 23, 2003.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Greetings all,
    I have a program named 'Armadillo' in my system and have no idea where it came from. A file search turns up nothing, as does a AV scan and a Tds scan. Apparently it is a program that wraps itself around another program in order to protect that program. Now, I also have this dotted line in the shape of a square that shows up on my desk top surrounding the 'My Documents' icon during boot up then rather quickly disappears. Anyone have any information?
    Thanks
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Armadillo is a Win32 executable compressor (aka. packer). There are many, some of the more common ones include UPX, Petite, and ASPack. I suspect that you may not necessarily have the Armadillo program, but rather a program that was packed with Armadillo.
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D Blaze grab base ball bat d#$%^ Armadillo anti pirating software spyware thud thud kick thud Armadillo blaze yell out over Armadillo twitching corpse how you like them pass words grrrrrrrr


    Armadillo usealy comes pact with software very populer usealy set there to criple any one trying to crack there program or runs a black listed serial.

    thers no way to get rid of it if you do you end up cripling your software lol.

    its mainly there to protect some ones product from bing pirated theres nothing evill about it.

    theres even a program they sale called Armadillo they bind it to there software and if you dont use the right password to install the program it starts to uninstall lol or says not valid password.

    mainly for copyright protection
     
  4. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks guys..  I kinda knew how it was used but was concerned because I could not find it while doing a file seach so o_O have no idea who or what installed it. Why is it so hidden? Also, that weird dotted line that shows up around 'My Documents ' at boot up may have showed up at the same time.... not sure. The third party software I run is minimal and what I do have a lot of the folks here run. Not sure if it is cool to post it or not. Anyboby seen that dotted line thing before?
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    nope next time it hapens press the print scrn sysq button on your keybord.

    then open microsoft paint there should be a pic of your desk top click on file tab on microsoft pain and select save as .jpg

    hmmmmmm i dont think it something evill does it do it all the time.
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    http://www.siliconrealms.com/armadillo.shtml

    see it for software protection lots of companys use it no bigy
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks Mr Blaze. Yep, Siconrealms is the one I have. I will do as you suggested next time I boot up and get back here with results / should'nt Amadillo show up in a system file search??
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    it usealy has the company name rather then the actual .dll file usaly with hiden extention on it
     
  9. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    MR Blaze,

    I see your head is getting bigger (not yet watermelon sized, but maybe a honeydew), you will be a DSL Reports guru yet! ;)
     
  10. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Having a dotted line around an icon on your desktop is easy.. just select one, and then select a blank spot on your desktop. Press F5 and the desktop refreshes and the outline goes away :)

    I would assume therefore, that some application has simply set the "focus" to the desktop as it is booting, which then disappears when other (hidden) windows get the focus during initialisation.

    Armadillo "shows up" ? What does this mean ? I haven't used an Armadillo protected app in a while, I dont remember any visual signs showing up however.. o_O
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    ;)what he said lol
     
  12. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    OK..... let me put it this way. Is it possible for a trojan to be hidden inside the Armadillo shielding to the extent that TDS would not be able to see it and could it do it's nastry work from behind the protection w/out being detected? Not knowing very much at all I'm thinking that a trojan program could possibly protect itself with Armadillo. OK I'm braced, let me have it. :doubt:
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Be asured iof a trojan was trying to be hidden that way TDS would find it as piece of malicious code.
     
  14. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Yes. Armadillo is essentially still just a compressor, and once a trojan protected with it is running, TDS will be able to scan it in memory and detect the original trojan :)
     
  15. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks all..very much I'll put it to rest. It has been bugging me for some time now and finally had to ask. As far as the dotted line thing(y), well, I'm still trying to fiqure out that one. I have tremendous faith in TDS and now even more so. Once upon a time I ran BoClean for about a year when a trojan got into my system and absolutely reaked havoc; so went to TH for awhile but after reading many postings here decided to switch to TDS and I will most difinitely stay.
     
  16. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hmm That really surprises me for BOClean, honestly said, but my own experience is with TDS (among others) and i am really happy with it.
    Don't forget to grab the SS3 scripts from the TDS site and you might like to load the smaller ones to try and you might discover one from my hand :D (among others)
     
  17. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hello Jooske,
    Yes, surprized me also. I always had it running as well as my AV program. One day things started getting very strange. Heck, I even had sound effects!! Oh well, life's a trojan
    OK, I'll give the SS3 scripts a shot ...... thanks
     
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    BOClean runs fine beside TDS, no reason to uninstall either of them, just update/upgrade when available.

    So it seems you might have been infected or even hacked, with that music and other strange happenings.
    Maybe your AV or email scanner overlooked a nasty, or a hole in IE / windows not patched right in time?
    Was anything discovered and cleansed all out?

    In the SS3 scripts is a jukebox to play your favorite music, which Wayne ever created in 5 minutes to please the TDS operators family.
    The InnerPeace script is a demo to use TDS with msagents. (you must be msagent ready to play those and have the SAPI4 runtimes installed if you run XP)

    Once you register TDS you can use them all, including the larger scripts, of which the Screx we wisper the name in all admiration.
    And registered you can install the exec protection, which checks all executables for malicious intentions before allowing to run. And there are a few more tools possible.
     
  19. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hmmmm.... why do you run both BoClean AND Tds? Is not TDs enough?
    'Was anything discovered and cleansed all out?'
    Nothing discovered - too far gone
    Thanks for more script info... very cool
    Been registetered for awhile now.
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Wrong understood:
    There are several reasons why people first had the one and after discovered the other. So the question is more if it is possible or necessary.
    Possible yes, necessary not really.
    TDS has as resident protection the exec protection, while in the TDS4 family will be a whole resident guard.


    Great that you like the scripts too: seeing the examples and what we posted in the SS3 scripts area you get a feeling of scripting yourself and having some msagents jumping over your screen and having other applications started, whatever.
    TDS makes real security fun again!
     
  21. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D SS3 i want to get in to that but my stupit pc wont let me it really sucks.

    Will i use boclean and tds.

    my boclean acts as a sniper or hit man on line very light on resources.

    and my TDS acts the a whole group of navey seals spechial ops if something gets past my sniper he he he

    its always good to have a back up software for everything.

    boclean and tds work great together
     
  22. FanJ

    FanJ Guest

    Could the script blocking of NAV be the culprit here?
    I don't have NAV at the moment so it is only a wild guess........
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Blaze, make sure you have WSH enabled, Windows Sript 5.6 installed, i gave you the d/l links in another posting.
    And get rid of that Norton (or other) script blocker!
    You had WormGuard to secure you, so please get rid of that other blocker finally.
    I just emailed you a test script in HTML /vbs combination which i also attached in the SS3 forum at DCS.
    Your version should run from your mailbox, the file in the forum should be saved on your desktop as testagent.html and click to open while connected to internet to make sure missing parts can be grabbed from internet..
    It also answers your question to have MSOffice agents used with speech.
    You can try to copy the source as a SS3 script and put a ' in front of the lines which don't work when loaded in TDS.
     
  24. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Cool analogy Mr Blaze ...... I am feeling a bit bad about all this. It very well may have been my fault ( in a way ) as to why the nasty got me. It is too much to get into now.....off to work but will post the pathetic short story this week-end. Mr Blaze, good see you again... ;)
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yes, it's good to see all you guys exchanging experiences so we all can learn from each other.
    In cases i would like to be able to look inside somebody's system to make sure a certain nasty or condition is not there and to help the best i can.
    Long before i ever found TDS and firewalls i was really badly hacked and my system destroyed beyond repair so i had to buy a new MB and CPU and HB, and even with all the proof there and the hackers known the ISP and police did nothing.
    Fortunately found TDS and learned step by step and with very great patience of the DCS support to use it and to recognize suspicious behavior and to solve things, etc.
    OK, i'm not the security expert, but on practicle level i learned a lot and can post links to other info.
    I have been trembling, afraid, intimidated, infected and common AV/AT of wellknown names did not find it where TDS did immediately, so i found back my place on internet.
    I learned to deal with nasties, for instance zip them if i was not sure if they were legally there or possible nasties, submitted so many files to the TDS lab for advice, etc etc.
    The best part is to have all those support emails and the two forums as a large support database to help others, so it was really not for nothing nor spoiled energies.
     
Thread Status:
Not open for further replies.