My first dumb TDS-3 question!

Discussion in 'Trojan Defence Suite' started by TonyKlein, Jul 8, 2002.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. bubs

    bubs Registered Member

    Joined:
    Apr 28, 2002
    Posts:
    106
    Location:
    Suffolk, England
    I'm starting to feel like a little schoolgirl with a particle generator...

    I LIKE that!!! :D

    NOD will detect some trojans, including some subseven variants......... the issue is to do with AMON, not TDS.

    The trojan is in the NOD database, therefore AMON locked the file as soon as you tried to touch it. Therefore TDS couldn't scan it. :mad:

    If you go throught the same exercise with a trojan which is not in the NOD database, your experiment will work. Alternatively (easier and quicker), tell AMON to exclude the file, then try again. TDS will now be free to behave as it should. :)

    If you try to execute the trojan with your trial version, you will be able to. When you decide that you want to keep very own particle generator, you will be able to install 'execution protection'. The trojan will be prevented from doing anything.

    FWIW I also use Tiny Trojan Trap, which (amongst other things) warns you when any 'unknown' executable tries to do its thing. I found that TDS 'exec protect' kicked in long before TTT had got out of bed - so rest assured - that feature works like a dream. :D :D
     
    bubs, Jul 9, 2002
    #26
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Well, you were right, of course.
    Amon did stop TDS-3 from doing what it wanted.

    I disabled Amon, downloaded the little bugger again, and this time opened Scan Control and scanned the downloaded zipfile itself.

    Sure enough, TDS-3 detected everything, and emptied the xDynamic\TDS.Unpk folder straight away as well.

    I'm so relieved I think I'm going to register now... :D

    I must remember to turn off Amon in the future, before scanning with TDS-3

    Thanks heaps!



    [year-old attachment deleted by admin]
     
    TonyKlein, Jul 9, 2002
    #27
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi Tony,

    Sorry for the slow reply, to answer your original question..
    We are looking at a different scan file with TDS registry entry for upcoming versions. The current HKCR\*\ entry is causing this problem, you can remove this entry manually or by downloading a small patch :

    http://tds.diamondcs.com.au/tdsregpatch.exe
     
    Gavin - DiamondCS, Jul 15, 2002
    #28
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    Hi Gavin,

    In fact you had already answered me in the private forum, and I'm glad to hear there may be a fix for this in TDS-4.

    Thanks for the patch, but I'd already removed the entry manually.

    Cheers, Tony
     
    TonyKlein, Jul 15, 2002
    #29
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...