Lots of false positives after todays wrong radius update

Discussion in 'Trojan Defence Suite' started by FanJ, Jul 12, 2004.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I started this thread:

    https://www.wilderssecurity.com/showthread.php?t=40873

    That wrong radius update is suddenly causing me lots of false positives:

    Scan Control Dumped @ 12:36:57 12-07-04
    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\windows\system\kernel32.dll

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\windows\system\kernel32.dll

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\windows\system\kernel32.dll

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\acronis\schedule2\schedul2.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\acronis\schedule2\schedul2.exe


    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\windows\mxoaldr.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\windows\system\pdesk\pdesk.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\nsclean\boclean\boclean.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\acronis\schedule2\schedhlp.exe

    Positive identification (embedded in file): TrojanDropper.ÿÿÿÿÿÿÿÿÿ
    File: c:\program files\common files\acronis\schedule2\schedhlp.exe

    File Trace: Default trojan filename: Keylog.GOD
    File:

    File Trace: Default trojan filename: RAT.Cabronator
    File:
     
    Last edited by a moderator: Jul 12, 2004
  2. ceejay13

    ceejay13 Registered Member

    Joined:
    May 1, 2004
    Posts:
    34
    Location:
    Basingstoke, UK
    Same here:
    10:56:15 [Radius] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    10:56:15 [Radius] • Systems Initialised [35477 references - 13720 primaries/9984 traces/11773 variants/other]
    10:56:15 [Radius] Radius Systems loaded. <Databases updated 12-07-2004>
    10:56:15 [Radius Update] Update complete.

    Downloaded the database from Jooske's link:

    http://radius.turvamies.com/radius.td3

    and all now appears OK - phew - had me worried for a while there!!
     
  3. FanJ

    FanJ Guest

    You're right Colin:

    the radius file from the Turvamies site does not give those false positives !
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yep, with a corrupt radius one can expect wrong scan results, i alarmed DiamondCS about the server.
    Do you remember where you updated?
     
  5. FanJ

    FanJ Guest

    Hi Jooske,

    Yes, I got the corrupted one from the TDS site:

    http://tds.diamondcs.com.au/radius.td3

    Do NOT use that one !!!
     
  6. ceejay13

    ceejay13 Registered Member

    Joined:
    May 1, 2004
    Posts:
    34
    Location:
    Basingstoke, UK
    Same one here.
     
  7. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    I just tried the turvamies mirror and after a restart I still got all the false positives. The one at fileburst.com didn't throw up all the errors...

    This one worked for me
    http://diamondcs.fileburst.com/radius.td3
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks for posting that one.
    For me the turvanies was ok today again, but it seems to depend on o_O
    Glad that one works for you and thanks for posting.
    We can always see the current amount on top of the DiamondCS forum and at the TDS web site to check if we are complete and in Gavin's update postings.
     
  9. kohryu6

    kohryu6 Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    7
    wow am I relieved to find out that this isnt serious. My TDS-3 started to detect hundreds of Trojandropper.yyyyyyyy (the y's with the two dots on top)

    This happened right after the update from today. How can I go about fixing this problem?

    EDIT: You can ignore, Ive figured it out :) I just put the radius.td3 file in my tds-3 directory and it worked!
     
    Last edited: Jul 12, 2004
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    That's what they call self support! :) Welcome to the forum and have fun with TDS!

    For your other question you might have in relation to your other scanners (NOD32 and NAV) : TDS runs fine with either of them; the resident protection "exec protection" (for registered users) does not conflict in any way with any other scanner and never needs to be closed during any scans with whatever scanner.
     
  11. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
Thread Status:
Not open for further replies.