Is it possible that a trojan is changing program components?

Discussion in 'Trojan Defence Suite' started by strategia, May 19, 2004.

Thread Status:
Not open for further replies.
  1. strategia

    strategia Registered Member

    Joined:
    May 17, 2004
    Posts:
    10
    I've run TDS-3 with the latest database but it does not find any trojan on my system.

    If not a trojan, can anyone suggest why Outpost is giving me a warning that components have changed in one program after another — all of which I use to connect to the internet: IE, Opera, Crazy Browser, ePrompter, Eudora.

    I choose to block the program and that therefore cripples the program where it needs that internet connection to function. When I replace sytem files with older versions and reboot, I can again use the program for sometime before the warning appears again and I have to repeat the loop.

    AVG6, Avast, SpybotS&D and AdAware also fail to find anything.

    Cna anyone please offer some guidance to fix this problem?
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi strategia, When any internet enabled programs or there components are updated Outpost will notice the change and ask if you want to allow it.
    A simple windows update will quite often change a file that Outpost recognises in this way.
    Check the OP help file search for MD5 for more information.

    HTH Pilli
     
  3. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    You can click on the details and it will tell you what has changed. ;)
     
  4. strategia

    strategia Registered Member

    Joined:
    May 17, 2004
    Posts:
    10
    Thanks Pilli,

    But that's my problem: I haven't updated (nor do they auto-update) any of the flagged programs. And now it seems that if I block the program after OP warns me, close it then reopen it... whatever the (apparently unrelated) component that has OP says has changed, no longer prompts an OP warning [until some time later].

    I searched OP help for MD5 but got a "no topic" result. I am I reading what you say too literally?
     
  5. strategia

    strategia Registered Member

    Joined:
    May 17, 2004
    Posts:
    10
    Thanks Eliot,

    I've followed that trail many times only to find that it's apparently a dll in the folder of another program altogether separate from the one that's running and generating the warning. And I've made no conscious to the running program nor to the dll.
     
  6. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hi Strategia.......this explains nothing but for what it's worth.........when this happens to me i refuse the.dll and close and reopen the browser............... more often then not i receive no other requests for that .dll.....if i don't know what the .dll is then i am not allowing it and if everything seems to be working then i don't concern myself, but again....this explains nothing and maybe my method is not is not such a good idea.....more help will jump in :)
     
  7. strategia

    strategia Registered Member

    Joined:
    May 17, 2004
    Posts:
    10
    Rainwalker, I'm using the same "system" but it drives me crazy stoping and starting — I wanna be "normal". THanks for the try.
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    When a file is last used it might get a new date stamp "last accessed" and that date might change the checksum and thus telling Outpost something changed? Did you have a change to look at details what was changed?
    For instance if we run in TDS a scan several files we don't know about and don't use consiously do change, at least for the date stamp like i just said, guess it's something equal with the other files.
     
  9. strategia

    strategia Registered Member

    Joined:
    May 17, 2004
    Posts:
    10
    If it's simply a date stamp change, why was it not being picked up before by OP? Why does it take some time to change in say, Opera but is (now, pretty) immediate in IE & ePrompter? And my third why -- why are the changed components dll that reside in the folders of apparently unrelated programs and in windows\system?

    Getting to the point of giving in and letting the changes pass -- already have with ePrompter. THanks for the observations none-the-less.
     
  10. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    It wont be the date, but it could be something unimportant. Can you give us exact details of the change ? What DLL's exactly ? Send the DLL to submit@diamondcs.com.au
     
Thread Status:
Not open for further replies.