In need for a "trojan" sample

Discussion in 'Trojan Defence Suite' started by eyal_car, Aug 25, 2004.

Thread Status:
Not open for further replies.
  1. eyal_car

    eyal_car Registered Member

    Joined:
    Aug 25, 2004
    Posts:
    1
    Hello,
    I would like to test the execution protection capability. Can you recommend of a trojan sample that is both safe and simple?
    Thanks
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hello eyal_car, welcome to forums :)

    Go here.. this is a trojansimulator.... ok....

    Similar to an AV's Eicar test.

    http://www.misec.net/trojansimulator/

    Have fun.... Cheers, TAS
     
  3. sleepy

    sleepy Guest

    TDS clearly detects this trojan sample but it didnt stop this from installing. i have TDS in the system tray, execution protection installed but when i installed this trojan sample, TDS didnt do anything. when i look in the task manager the trojan server is running, TDS is also running.

    it only detected this sample when i click on reload. i then deleted the file with TDS hoping that it could clean all that remains of that sample but it only deleted the server, not the registry that it created.

    now what if its a real trojan?

    or is there something wrong with my settings?
     
  4. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Sorry sleepy for not getting back to you sooner, for some reason this post was not highlighted as 'new' for me after your reply, and only remembered it when I saw a similar post.

    Anyhow, I noticed another thread exactly the same as this, where Pilli answered another user's query and the answer, about settings. Making sure you had Clients/EditServers checked in Scan Control settings, on the main GUI of TDS [attached pic to show you].

    One thing, you stated that the registry entry was still there, that in itself is not a worry, the main serverclient was removed via TDS, just left a reg entry, however, :) ... it did say on the test site, to remove via the simulator itself [Uninstall] and that will remove everything completely...including the reg entry. You will have to have the TDS GUI up on screen to see results also.

    In testing, I would run the test, see TDS response, but Unistall via the Simulator.

    I personally haven't tried it, simply because I cannot even download it. :D

    Kaspersky 4.5 PRO [my AV] jumps up all over it, and stops download [it even says it's 'Not a Trojan', so cannot complain about that]. I have no intention of turning off KAV for a second, just to try a dl of it either. ;)

    Cheers, TAS
     

    Attached Files:

    • 057.GIF
      057.GIF
      File size:
      14.7 KB
      Views:
      102
  5. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    A thread over at DSL Reports on this topic also :). Have a look here.

    Regards,
    Jade.
     
Thread Status:
Not open for further replies.