How long does it take DCS to add new trojan once they know about it ?

Discussion in 'Trojan Defence Suite' started by Defenestration, Mar 9, 2005.

Thread Status:
Not open for further replies.
  1. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I sent a new trojandownloader to DCS and received a reply back that it was indeed a trojan. How long do they take to add it to the defs ?
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    in my experience it's normally the next day or so unless it's a very problematic one that needs a lot of research to unpack it & get accurate definitions for
     
  3. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Thanks Derek. I'm sure it'll appear in tomorrow's defs then.

    FYI, it's a Java TrojanDownloader which downloads ISTBAR adware.
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    java downloaders are a bit harder to create definitions for as almost all java applets use similar coding
    but if you have the latest version of sun java you are normally protected against the exploits

    I'm sure TDS will include detections for the istbar and hopefully will for the java downloader as well, but I'm not sure how well TDS3 can actually block java downloads as they never actually get on the computer except in an encrypted cache folder where most AV's and AT's have problems removing them. The main downloader stays on the website and an instruction to use that downloader is in the cache. AV's tend to be better at blocking them if they have a HTTP checking component like NOD or KAV
     
  5. BourgePD

    BourgePD Registered Member

    Joined:
    Sep 5, 2004
    Posts:
    75
    Got tired of those bugs so I disabled Java on this machine. Not much to miss... :D
     
  6. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    KAV found it in the Sun Java cache during a full system scan.

    I am using the latest version of JRE 1.5.01 so does that mean that, while the java class was downloaded during browsing, it would not have run ?
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I can't definitively answer your question about whether it ran or not, but I would suggest clearing out your cache: http://www.java.com/en/download/help/5000020300.xml

    CCleaner also does this if you set it to: http://www.ccleaner.com/

    I run CCleaner daily - thus making sure anything I've tripped across during the day doesn't stay in place - but I'll also use the procedure outlined in the first link, just to be doubly sure.

    HTH Pete
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    the latest version of JAVA 1.5.01 is supposed to stop these dodgy downloaders (java applets) running but I can't guarantee it

    I assume it didn't run otherwise KAV would have blocked istbar being installed and would certainly have alarmed if it had found ISTbar on the computer as would TDS as most if not all versions of ISTbar itself are in both sets of definitions
     
  9. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Thanks for the info. I've heard a lot about CrapCleaner but never used it. However, I think I'll give it a go.
     
Thread Status:
Not open for further replies.