Has anyone had TrojanHunter Guard catch a trojan?

Discussion in 'other anti-trojan software' started by UCI_MECH, May 29, 2005.

Thread Status:
Not open for further replies.
  1. UCI_MECH

    UCI_MECH Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    15
    I'm wondering if anybody had TH guard (resident scanner) catching a trojan in real time?
    I'm asking this because I had TH Guard for 3 months without any alert. On the other side, the real-time protection of KAV had caught many trojans.

    To give credit to TH, the on-demand scanner found a trojan that slipped from KAV and TH guard as well.
     
  2. ReGen

    ReGen Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    61
    Location:
    Scotland UK
    Hi UCI_MECH.

    If your AV software detects a Trojan, it will lock the file and prevent your AT software seeing it. Your AT will always act as a second line of defence to your AV.

    The advantage of an AT memory monitor is that it can detect most packed Trojans that your AV/AT scanner might not have a rule for or be able to unpack.

    TH Guard is a memory monitor and will only alarm if the Trojan is active in memory. The fact that the TH scanner detected a Trojan that TH Guard didn’t see just means the Trojan wasn’t active. HTH.
     
    Last edited: May 29, 2005
  3. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    To be fair to all of the ATs, KAV's coverage is so good that there is practically no chance that any of them will ever find anything in real-time that KAV does not. I have Ewido, BOClean, TDS-3, and Trojan Hunter and none of them have ever found anything in real-time that KAV has not. However, I do use each of these tools to clean other machines when my friend's request help. Each has its own special capabilities.

    Rich
     
  5. UCI_MECH

    UCI_MECH Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    15
    Thanks to everyone.

    I'm still interested to know if anybody had TH Guard finds something that has been missed by his AV.

    The reason I'm asking this is because I'm trying to decide whether should I keep TH Guard or may be it's better to save the RAM and CPU usage for something more useful. I used to run the real-time protection of TDS-3 but since KAV was doing all the necessary work, now I'm using TDS-3 only for on-demand scanning which I do on a weekly basis. Now I'm wondering if I should do the same for TH.

    Right now I'm running KAV Personal, PG, RD.
     
  6. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi UCI_Mech,

    I came to the conclusion that KAV+PG+RegDend will probably enable me to catch most all software. I do think that some scrpting protection is required to close up another possible hole which is why I am using WormGuard.

    If you are looking at saving resources, then I think that TH in your configuration, can be used on an on-demand basis with almost no loss in security. I too am only using TDS-3 on-demand nowadays. Nothing has ever gotten past KAV+my other real-time pro-active defenses.

    As an aside, there is a running thread in the RegDefend forum concerning additions to RD that you may be interested in. If you haven't seen them, you may want to take a look and see if you want to adopt any or all of these user-contributed additions. Some fill in some holes from the registry perspective.

    Rich
     
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Can you briefly state how the capabilities of each are different? I know that BoClean does not have a scanner for instance.
     
  8. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    My own experiences are:

    1) TDS-3 is the best at finding trojans once they are on a machine. So it is great for cleaning. It is not well behaved next to my other real-time applications, so I don't run it in real-time.

    2) Ewido's scan seems best at catching lots of different types of malware (including less malicious types such as tracking cookies) . In real-time there are less spikes compared to BOClean, so I can run it all the time. The spikes are probably the result of conflicts with ProcessGuard.

    3) BOClean, is very quiet, but seems redundant with Ewido, especially since I am running KAV. I run BOCLean once in a while, but it has never found anything.

    4) Trojan Hunter also conflicts with other real-time applications so I run it on-demand sometimes. But it does not appear to have any great capabilities than TDS-3 or Ewido in on-demand processing. I purchased the product a long time ago.

    Of the four, I use Ewido all the time. TDS-3 comes in handy if I need to do a deep, on-demand scan, e.g. looking at ADS.

    Hope this helps,
    Rich
     
  9. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Yes it helps quite a bit thanks.
     
  10. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    That's interesting, Rich. I trialed ewido and found it heavier on system resourses with more memory useage (about twice as much) than the TrojanHunter Guard, which I am currently trialing. ewido also seemed to cause overall slower PC responsiveness compared to TH Guard and I experienced various problems with ewido, such as a "flickering" screen when scanning, incorrect scanning progress data, slow scan times, and I didn't like the siren alerting me by stopping during a scan if it found anything (I'd prefer it to finish the scan, and THEN ask me what to do with each entry it found). Oh well, I guess all this proves is that different machines with different configurations and differing active applications will respond differently to different products (I know, kind of redundant, huh :D).
     
    Last edited: Jun 9, 2005
  11. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi John,

    Yes, Trojan Hunter uses less resources than Ewido on my machine also. My problem is conflicts with other real-time programs. Things just hang up now and then. Ewido is better behaved. I think there are reasons that Ewido may be using more resources than TH, e.g. self-protection, more extensive process memory scanning, etc. But this would need to be researched more extensively.

    Rich
     
  12. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Isn't this funny? We've had almost exact opposite experiences. I'm pretty sure that other running applications and system configuration (like which AV, other anti-spyware, etc., etc.) has an aweful lot to do with this. It's probably good for others to see different examples, though, because hopefully it will prompt them to try each themself and see how they react on their own system (since they both offer "trials periods"). I do think that different products "behave" better on different systems, and I'm also relatively sure that it likely has something to do with OTHER applications and processes which are running in real-time alongside them, etc. Good stuff, Rich....
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
  14. jonnypop

    jonnypop Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    16
    Good thing that you have Kaspersky, it has excellent detection. As for Trojan
    Hunter, I have had less that stellar results. Items that I have tested which have been detected by TDS-3, Boclean, Ewido, have been missed by TH (I have licensed version). Most recently I tested a file infected with trojan backdoor.win32.bifrose.d at Jotti online scanner. Every scanner detected it except ClamAV. Also, Boclean and Ewido (free version) detected it. Trojan Hunter scanner and guard both missed it and it infected my test machine (cleaned up easily with KAV).

    I can only recommend Boclean (best value for updates and using on multiple machines) or Ewido. As far as that review Rasheed187 posted, I would not put much faith in it judging by some of the comments I have read on this forum.

    ps. I do not have any malware, please do not ask me to send you any.
     
  15. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Well, this test was made from a testbed of 16 samples, not exactly impressive..........................But, you can buy cheap inkjet cartridges through there. ;) :)
     
  16. Goodone

    Goodone Guest

    Made me laugh. Thanks for that. :)

    Now ask yourself would you take seriously a review performed by an inkjet salesman?
     
  17. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Well, at least I give the "inkjet salesman" some credit for doing something that NOBODY ELSE is doing. After all, where is Spyware Warriors and any others on this?

    Besides, he provides this to others free of charge, and admits up front his sampling methods. He also tests and reviews a ton of other software as well.....so he shouldn't be criticized for at least making an effort to do something that nobody else in the software security field seems to even be attempting to do.... ;)
     
    Last edited: Jul 30, 2005
  18. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    No, nobody should criticize him for making a review of AT's, but he should be criticized for not using enough trojan's to test them with, 16 is just not enough to make any sensible comparison.

    If he wanted to he could "just" pick 16 not detected by vendor (A), but that is detected by another vendor (B) he likes better, if he had thrown 5000 (or more) thousand trojan samples at them, vendor A might very well have kicked vendor B's butt thoroughly.

    I do agree that we badly need an AT-Comparatives though, maybe something for Andreas Clementi & cie. :)
     
  19. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Totally agree with that. 16 samples is ridiculous. You don't see AV-Comparatives testing the AV's with 16 samples. Look at the results of the AV tests sites and you see even the best missing as many as 500. Why? Because they test against as many as 100,000 samples.

    I agree that there are no good tests out there. But using those tests as a comparison of an AT's capabilities is just plain silly.

    muf


     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Yes we really need a good AT test, because I really wonder if it makes sense to run a dedicated AT scanner or not. I did find an old test, which was interesting, because Trojan Hunter performed quite badly. KAV was one of the best way better than Nod32. ;)

    http://www.claymania.com/tests-trojan.html
     
  21. jonnypop

    jonnypop Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    16
    I think a dedicated AT is very important to have, even if you run KAV, although it is way ahead of all others at av-comparatives at trojan detection. Having something like Boclean running is alot easier for an average user than a complicated firewall trying to catch a trojan by popping up a message about an outbound connection which they probably have no idea whether to allow or not.

    Kevin McAleavey had something very interesting to say about the "inkjet" trojan test in the TDS discontinued thread, but I think it was deleted due to being off topic.
     
  22. I purchased TrojanHunter last September. Since then it has caught nothing. All the infections I've had to cope with I've dealt with using Ewido(free). TrojanHunter seems to be blissfully unaware of any problems of any kind whatsoever. I've been wondering for a while whether or not to turn off TH Guard, these posts have helped me make up my mind. Thankyou.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Well I would like to hear what the developer of TH has to say about this subject. And about post 2 and 3 in this thread, so AT´s are only good for spotting trojans in memory? And that´s why TH doesn´t catch nothing? o_O
     
  24. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    You could email Magnus at Trojanhunter, he has always responded to my queries very-very quickly.... :D
     
  25. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    kaspersky is also the av that is the most targeted by trojaners. they all want to make their rat undetected by kav, and it is possible to do so. thats where the AT's come in

    ive had trojan hunter guard pop up warnings many times, even when my KAV remained silent. same goes for boclean, it has blocked something missed by my av's ( KAV; NOD32 and DrWeb) numerous times.. ut i collect trojans and my chances of seeing an undetected rat are really somewhat higher..and some of them are btw undetected by AT's too
     
Thread Status:
Not open for further replies.