Japanese Keylogger

Discussion in 'Trojan Defence Suite' started by Smacias, Apr 22, 2005.

Thread Status:
Not open for further replies.
  1. Smacias

    Smacias Guest

    Hi,

    Using the Tenebril Spycatcher, this software has found the Japanese Keylogger into the update.exe of TDS-3, Is it exactly right?, Thanks in advances,
     
  2. FanJ

    FanJ Guest

    Well, nobody is going to believe that there is any malware in that file, which I have for a long time on my system and which is many times scanned by many scanners.

    And BTW here is the result from the Jotti online scanner ;)
     

    Attached Files:

  3. controler

    controler Guest

    Sorry FAnj

    but the file Spycatcher I am sure is their way of confirming the user has a ligit copy.
    This has been disscused before.

    & like I have mentioned before, Spycatcher won't differeinciate between
    that sort of behaviour. THey find software that calls out on the internet behind your back. That is plain and simple.

    Any tackers?

    Bruce
     
  4. FanJ

    FanJ Guest

    Hi there Bruce,

    Let me please first tell that I do appreciate your many concerns with respect to privacy !!!
    I do, Bruce :D

    The question was about a "Japanese keylogger".
    I don't know which one...
    And as I posted: everyone can scan that file, on their system and/or online ;)

    And everyone can also put a sniffer up, if they wish to do so.

    Please forgive me, I am not going to restart a very old discussion ;)

    Warm regards, Jan.
     
  5. controler

    controler Guest

    Fanj

    I know I get sensitive at times and also appreciate you input to this forum.
    I am sure we are all on the same side here.
    On certian days I have a hard time deserning the fact software developers need to protect their works also.

    I also think some of our gripes get heard though too :D

    Bruce
     
  6. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    First, there is definitely no keylogger in the update.exe of TDS-3.

    I also don't think anything here is "behind your back" about TDS-3's capability to verify itself upon update - it is discussed in the "Counter-Fraud Measures" section of the TDS help file found in the "help" folder of any TDS installation.
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    That is so cool!

    "Counter-Fraud Measures

    LICENSE REVOCATION: Due to the increasing levels of theft and credit card fraud on the Internet, TDS-3 has built-in automatic license revocation support. DiamondCS reserves the right to revoke licenses if payments are returned, rejected, refunded, or fail to clear, but rarely under any other circumstances, and if your payment is legitimate you have nothing to worry about - your license will never be revoked. IF your license is revoked, it will not be possible for you to update to any new Radius signature databases. If you do, TDS-3 will lock itself and you will not be able to use it, and it will email DiamondCS support letting us know that your license revocation completed. After revocation takes place, you will not even be able to load TDS-3. Fraudulent transactions are not only illegal, but in TDS-3's case they're useless.

    GEOGRAPHIC TRACE: All registration requests are traced back to their source IP. If the geographical location doesn't match or is suspicious your registration will not be processed.

    REAL EMAIL ADDRESS REQUIRED: We do not accept registrations from free emails providers (such as Hotmail, Yahoo, Geocities, etc). Please use your real email address, it will be kept confidential and is only used to send you your license.

    REWARDS OFFERED: If you have any questions or reports regarding this or know anybody who is using or distributing DiamondCS software illegally, please contact security@diamondcs.com.au - rewards are offered, and your identity will remain anonymous and protected - your confidentiality and privacy comes first."

    Awesome, in fact! I love it! Chalk up one for the good guys! Pete
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello there Smacias,
    First of all feel invited to join the forum as a member, it is free and adds lots of more functionallity for using this forum.

    I would like to know the exact name of the "japanese keylogger"
    Thanks for that in advance.


    These days many anti-spyware are alerting on all kinds of legit files. So believe all of them and delete your updaters, firewalls, scanners, windows itself, internet as a whole. Set them to automated and it is done nice and quick for you.
    You know about the riskware, legit files used by trojans to function or using the same names, so the legitimate files are painted riskware and removed in advance by several "security" scanners.
    Great, so it goes when scanners want to make money by looking for names in stead of code for that takes time and experience.
    Especially with the riskware" where the user should analyse and decide to keep or delete certain files.

    Further: any software which needs updating is legit to check the validy of your key, all do, i'm sure there are people who experienced expiry dates of their software not functioning after a certain date.

    The TDS update.exe is not doing anything behind your back: if it comes to updating either you set it to do so like in any scanner needing updates, or you press the update button yourself.

    Developers earn their living, we want to keep our systems trustable so the user should be trustable as well.
    For paying DCS for our software like anywhere else we get more software available.
     
  9. controler

    controler Guest

    Now waitaminit


    I should have reworded it. They claim to find software that does out of the norm actions. Yes I agree DCS and other companies should be able to protect their interests. I didn't say they were gathering demographic data for resale LOL

    They have two forms of finds. suspicious & found. The update.exe is always listed as a found file. This means in their definition of a nasty, update.exe falls into the yes it is a bad file. The first time I saw it, I got click happy and deleted it. Then on reboot TDS complained but just protected itself and replaced the file. I contacted them along time ago about this false find but not being the great support we find from our popular companies, they just keep shrugging it off.

    I have never received a free copy of any DCS products, I paid for every single one. I have however received a free copies from every other company that I have beta or just tested for, including the new UnHackme.

    Here is a Beta that look promising as a side note. It is an easy way to see app & system conflicts. ZFor NT systems only, so yes it must use a driver.

    http://www.eventlogxp.com/



    Bruce
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    https://www.wilderssecurity.com/showthread.php?t=72271&page=1

    We had that discussion before.

    Can we stay on topic about detection of spyware / riskware?
    Not interested in other products betatesting here in this thread, as this is the TDS support forum.
    But feel free to post them in the right forum here at wilders, as there they do fit i guess! :)
     
  11. controler

    controler Guest

    Yes my dear jooske

    I am staying on topic here. As I mentioned, I paid for all my DCS software,
    PE,WG,PG TDS. Which means I LIKE it.

    Yes I remember the disscussion that you linked to.

    The only reason I included the link to a beta was to help some other that are testing to see conflicts between programs.
    This is how I found my conflict with the new NOD Beta.

    The only other thing I pointed out is some companies are more greatful for the work being done.

    Bruce
     
  12. Smacias

    Smacias Guest

    More details: Japanese Keylogger in update.exe

    Hi all,

    First the all, Thanks to everybody for their prompts.

    A little more explanation of this case is as a follow:

    I have been using the TDS-3 v3.2.0 since 2003 (licensed, of course), and two days before, I have installed an anti-spyware software called SpyCather of Tenebril Inc (http://www.tenebril.com/) ,

    And searching for spywares, this software found that the file update.exe in TDS3 folder, have a spyware called Name: Japanese Key Logger, Type: Keylogger and Danger: Medium More info: http://www.tenebril.com/src/info.php?id=122991546

    So, at this time I am not sure, what is right or wrong,o_O Because, this spyware software removes the update.exe file and some links.

    Jooske, you can download a trial version of the SpyCather from the site below, and check this case.

    Thanks in advance and sorry for the inconveniences,
    Smacias
     
  13. hardhead

    hardhead Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    292
    Location:
    Blue Ridge, Va
    Hello Smacias,

    This has been discussed in the private DiamondCS forum too. Do a search for 34 hidden streams by hardyhar. You can also find information here and here .
     
  14. smacias

    smacias Guest

    Thanks a lot, hardyhar and everybody


    I have read all of threats, forms, etc .. That you and another people advice to me but I am a little bit lost, and I am not sure what I can do,

    I did not find any solution, because of I am not a specialist in this kind of matter, only I am a common user worried about security.

    So what can I do? Disable/allow this "special" spyware from Spycatcher soft, or delete the update.exe file when TDS-3 is running o_O?


    I appreciate your points of view, comments, ideas, etc.

    Thanks again and Best regards,

    Smacias
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Don't do anything with the update.exe from TDS. Leave it in place as it is your update function. Nothing wrong with that and don't get confused by all kinds of scanners.
    People here know what they're talking about, as we adviced you many days ago.
    You've seen other people's comments your scanner is known for the many false posiotives it has, so don't believe any of the finds of it, just ask here, scan all the detections with TDS, tell us here which files are detected and which are the comments before doing anything with them, submit the files and the DiamondCS lab will advice you what to do with the file.
    Please believe us now after all those weeks we're telling you the TDs update.exe is OK, and don't get confused by your scanner.
    Thanks.
     
  16. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    My recommendation is to delete Spycatcher, not update.exe. False positives can someone cause more harm than real malware. Go get Ewido free.

    Rich
     
  17. controler

    controler Guest

    I never implied update was a keylogger. I only said it was tagged as such.

    I can tell you this since you haven't been paying attention. This is not found by a file sig. They are using a search by behaviour. not heusteristics, not a file sig.
    I am guessing it is because TDS is looking at more then Tenibril thinks is normal. Like the users IP ect. "Counter-Fraud Measures"

    So don't get down on Spycatcher for that. I think they are unique and if I have my way, they will add packet sniffing.

    This is not about a false possative based on some file sig. That is all I am saying. Take the time to find out why ok?

    I want to see the post where someone from DSC contacted Tenibril about the update file and what the responce was. please post the results at will.


    con
     
  18. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    To put it simply:

    If you wish to keep using both programs (Spycatcher and TDS), then "Allow" or "Ignore" (if there's such an option in Spycatcher) the detection of TDS's Updater.exe.

    Updater.exe is not malicious - it's simply TDS's way of protecting itself from people using cracked (stolen) version's of the program.

    Update.exe is right to protect itself - and SpyCatcher is right to note the behavior of how Update.exe goes about doing so (although the "Japanese keylogger" description is mis-leading/in-accurate).

    As Bruce (controler) noted - even if you use Spycatcher to delete Updater.exe, it's just going to come back anyway the next time TDS opens (which it should, since it's a self-protection measure).

    Hope this helps. Pete
     
  19. FanJ

    FanJ Guest

    In addition to all the good postings already made :

    Here is the MD5 checksum of update.exe :

    The file <C:\...\update.exe> has the following Checksum(s)
    MD5 - E5977B5549EB8BAC514A3EA64F8B3175

    And that file is most definitely clean ! :D
     
  20. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Update.exe does nothing except connect to a server and download a file. Its a FALSE alarm that should be fixed by the vendor. You should send the file to them, in our experience vendors only listen to customers (if they listen at all)
     
  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I would uninstall software from vendors who don't listen. No matter if it would be games (i never play them) or serious software.
     
Thread Status:
Not open for further replies.