Binded.Hir.20

Discussion in 'Trojan Defence Suite' started by wesleytheant, Jan 8, 2004.

Thread Status:
Not open for further replies.
  1. wesleytheant

    wesleytheant Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    9
    TDS has found a Binded.Hir.20.

    Anyone know what this is?

    Thanks and standing by...
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello Wesley and welcome.
    In the TDs helpfile there is a part about binded executables, whish is very informative.
    Part of it
    "TDS-3 knows of all the hacker techniques used to 'hide' a trojan server from their potential victims. Binding/Joining a file to another is one of them. What a Binder does is actually combine more than two files to make one. For example, a ZIP file can contain 3 or 4 files inside. Yet it is one file."

    Interesting to read. So your binder is one of the used variants. also look in the helpfile in the Advanced deep search.

    Make sure you have the last database, and check all options in the TDS scan options to see what is the file about.
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Binded.Hir 2.0 (EditServer) is the trojan binder application and is not dangerous itself. It can be used to join files together.

    If you have a file detected as Hir 2.0 (Variant) then it is the PRODUCT of the binder, and is a malicious application (bound trojan) which drops a trojan. I recommend sending such files in before deletion just in case.
     
  4. wesleytheant

    wesleytheant Registered Member

    Joined:
    Jan 7, 2004
    Posts:
    9
    Thanks again; you guys are great.
     
Thread Status:
Not open for further replies.