No updates and no trace possible

Discussion in 'Trojan Defence Suite' started by Fraha, Mar 26, 2004.

Thread Status:
Not open for further replies.
  1. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Hello all! :D

    There is a problem with my setup of TDS3. I cannot update, no respons at al when I do cnrl-u or via the menu!

    Also a Trace is not possible. No reaction either!

    My setup is WIN XP with a router (Vigor 2200E) and a software firewall (Norman)
    Wich gates should be opened?
    Normally the software asks if the application can get to the internet, but with TDS no reaction at all

    in short: HELP!!!!

    Frans
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    First reinstall it over itself, to the same folder

    Then visit this page and if you have any problems, describe your problem back in this thread

    http://tds.diamondcs.com.au/index.php?page=files

    First install the VB6 Runtime package on that site please :)
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Frans, you do have a registered version, do you?
    As evaluation versions don't allow updating via the menu, manually on the pagen Gavin just posted only for those.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Fraha, It sounds like you have a firwall problem, the Updater goes to port 80 of the download sever and the local port that TDS sends out on is variable.

    With Trace route I should think again it is your firewall, if you leave the ip address as 127.0.0.1 you should get this, if so it is probably your firewall stopping traceroute from outbound connection to a real IP address:

    16:30:13 [Trace] Initialising traceroute to 127.0.0.1 ...
    16:30:14 [Trace] Tracing route to 127.0.0.1 (localhost)
    16:30:14 [Trace] 02: 0ms 127.0.0.1 (localhost)
    16:30:15 [Trace] Trace complete!

    HTH Pilli
     
  5. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    ok, klet me see where to start answering! ;-)

    1. Yes I do have the Registered version.

    2. I already installed the full version over the try version and installed the regkey again.

    Next I'm going to this link and see what I can install there....

    I'll be back!

    Frans
     
  6. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    ok, more problems,

    Where do I install all those DLL files? I see three options. system32, lastgood and dllcache.

    I'm guessing al in system32 but I would like to know for sure!

    samew goed for the VB module, do I run it or plase it over the same file somewhere?
    Where should it go?

    Frans (very o_O o_O
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Default, over the existing one, did you check the version number of the vb6
     
  8. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    please! I'm a beginner. What is default in this caseo_O

    Frans
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    How are you updating then?
    have the TDS download, click on it and it should unpack/install all automatically where it belongs?
    "standaard"
    You might like to tell the installation to do it in C:\ or C:\program files\
    or c:\program files\diamond computer systems\
    or anywhere you like, you will like in this case most probably to do it over the existing installation, wherever it is, after put the keyfile in it again (you did follow instructions for that i hope, if it had to be unzipped or renamed or anything else?)

    Where are the files now then?
    After install put your keyfile back into it, reboot computer and all should be fine.

    I could only imagine a possible problem with the keyfile due to the email, eventually if this wouldn't work. But that could be checked by support.
    First look at this install, just like the first time, over itself preferably.
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  11. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI Fraha.

    While I'll leave the help given to you by Jookse/Pilli/Gavin for the rest, you asked a question re VB6 file. [VisualBasic runtime 6 SP5 it is]

    Simply download that file to, say, desktop.

    Then just double click it, it will install install itself. Even though it may not ask for a reboot, best to do so.

    Then at least that's one problem out of the way, that file will be the latest.

    If it does not cure the problem, then proceed to download each of the rest of the files on that page and simply replace them.

    If unsure where they go, do a Search for Files and Folders, take a note where they 'live' and then put the new downloaded ones into the appropriate place.

    If you don't feel comfortable replacing them, make a back-up of your original ones.

    Simple way is to make a folder on desktop...go to the folder the files live in, then click on one at a time, then while holding the Ctrl key down, drag them into the new folder you created. [You will see a little + sign when dragging, this means it's copying them. In case you did not know how to do this. :) or, right click on each, select 'Copy', then put cursor into the new folder, right click and select 'Paste'.

    In Win XP they live in C:/WINDOWS/System 32

    There is one file at the above link though that is only for Win9x so don't d/l that one. :)

    Cheers, TAS
     
  12. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    oke, this is what I've done and what happened.

    I ran the VBfile from the diamnodcs site and ran it. Booted after that and still no luck with Trace and Update. Not even after closing down the firewall!

    Ping gives a one-liner:
    Ping reply from 127.0.0.1: size=32 status=0 time=0ms ttl=250

    The resolve butten gave this:

    21:05:36 [DNS] Resolve IP: 127.0.0.1
    21:05:36 [DNS] Full name: localhost
    21:05:36 [DNS] IP address 1: 127.0.0.1
    21:05:36 [DNS] Alias 1: abcsearch.com
    21:05:36 [DNS] Alias 2: admin.abcsearch.com
    21:05:36 [DNS] Alias 3: admin.abcsearch.com
    21:05:36 [DNS] Alias 4: www3.abcsearch.com
    21:05:36 [DNS] Alias 5: www3.abcsearch.com
    21:05:36 [DNS] Alias 6: www3.abcsearch.com
    21:05:36 [DNS] Alias 7: www.abcsearch.com
    21:05:36 [DNS] Alias 8: www.abcsearch.com
    21:05:36 [DNS] Alias 9: www.abcsearch.com
    21:05:36 [DNS] Alias 10: www.abcsearch.com
    21:05:36 [DNS] Alias 11: acestats.com
    21:05:36 [DNS] Alias 12: acestats.com
    21:05:36 [DNS] Alias 13: acestats.com
    21:05:36 [DNS] Alias 14: acestats.com
    21:05:36 [DNS] Alias 15: acestats.com
    21:05:36 [DNS] Alias 16: www.acestats.com
    21:05:36 [DNS] Alias 17: www.acestats.com
    21:05:36 [DNS] Alias 18: www.acestats.com
    21:05:36 [DNS] Alias 19: www.acestats.com
    21:05:36 [DNS] Alias 20: www.acestats.com
    21:05:36 [DNS] Alias 21: www.acestats.com
    21:05:36 [DNS] Alias 22: actualnames.com
    21:05:36 [DNS] Alias 23: actualnames.com
    21:05:36 [DNS] Alias 24: actualnames.com
    21:05:36 [DNS] Alias 25: actualnames.com
    21:05:36 [DNS] Alias 26: actualnames.com
    21:05:36 [DNS] Alias 27: actualnames.com
    21:05:36 [DNS] Alias 28: actualnames.com
    21:05:36 [DNS] Alias 29: www.actualnames.com
    21:05:36 [DNS] Alias 30: www.actualnames.com
    21:05:36 [DNS] Alias 31: www.actualnames.com
    21:05:36 [DNS] Alias 32: www.actualnames.com
    21:05:36 [DNS] Alias 33: www.actualnames.com
    21:05:36 [DNS] Alias 34: www.actualnames.com
    21:05:36 [DNS] Alias 35: www.actualnames.com
    21:05:36 [DNS] Alias 36: www.actualnames.com
    21:05:36 [DNS] Resolve time: 0,8125 seconds.

    I don't know what to do about this from here.

    Then I tried a trial version on the other computer and there all works fine. The ping is like in the example above (From you guys) m/v (M/F)
    with the 4 lines.

    I'm puzzled. Should I uninstall now boot and install again?

    Frans
     
  13. FanJ

    FanJ Guest

    Hi Frans,

    - in Dutch-

    Hoi,

    Ik heb het gevoel, als ik je lijst van Resolve zo zie, dat er iets gedaan moet worden aan je HOSTS bestand.
    Dit is een bijzonder bestand: geen extensie als .exe of .txt of zoiets.
    Misschien moeten we daar eerst iets aan doen.
    Wellicht ook een HijackThis draaien en de log posten.
    Of anders in ieder geval hier een copie van je HOSTS file plaatsen.
    Ik ben geen expert op het gebied van HijackThis, dus ik moet dat aan de experts als Pieter overlaten.


    - in English -

    I have the feeling, after looking at that Resolve, that there is something wrong with your HOSTS file.
    Maybe it is a good idea first to look at that.
    Maybe even better to run HijackThis and post its log so the experts like Pieter can have a look at it.
     
  14. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Thanks for your input!

    I renamed the HOSTS file (TDS is complaining about it) bootet the system en all is the same.
    I'll goto the hijack this forum and publish that there for Pieter to look at!

    Any more tips? It's getting quiet here! ;-)

    Frans
     
  15. FanJ

    FanJ Guest

    The HijackThis log from Fraha is posted here:
    http://www.wilderssecurity.com/showthread.php?t=25867

    Frans,

    I have some problems with my eyes at the moment, but I saw this at your HijackThis log:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>


    I have to admit ( :oops: ) that I am not quite sure about those two lines.
    I need experts on this......
    Sorry !

    In that context I am wondering what your settings are in TDS-3 for your proxy server; see screenshot.

    Cheers, Jan.
     

    Attached Files:

  16. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Hi Fanj

    After a quick check i can tell you that the proxi is not active. Not in the browser and not in TDS!
    I guess the second line confirms that?

    Frans
     
  17. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi Fraha,

    If you are sure you are not using a proxy, then have HJT fix those 2 lines and reboot....

    Regards,
    Kent
     
  18. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Did that, booted and looking again into HT-log it is back again!
    o_O :rolleyes:

    Should that happen or is this a trojan / worm?

    Frans
     
  19. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Do you have any type of proxy software that runs on startup that could be changing these entries?

    Kent
     
  20. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    Not that I'm aware off!

    Now I did the following:

    Deleted all entries for TDS from the firewall rules.
    Uninstalled TDS totally. Only execprot.dll could not be deleted (Could be that execprotection was on, but by that time the software was uninstalled) Even after a boot this file could not be deleted so i installed again tds, put the key in there and it knows me again!

    When I send the test message, the firewall complained. Gave the tds3smtp.exe file permission to goto the intenet. After that no questions from my firewall when trying to update what soever!

    This is NOT good, I guess...

    Now I reset my firewall to default settings, again no luck!

    This does not surprise me because when I switched off the engine of the firewall, all stays the same!

    Can I have a list of stuff that should be in the registry for TDS? Perhaps there lies the problem? Is that possible?

    Out of options now. Off to bed!

    Frans
     
  21. FanJ

    FanJ Guest

    Hi Frans,

    Some general remarks:

    1.
    In general:
    With respect to un-installing TDS-3:
    You should first dis-able in TDS-3 itself execprot.dll :
    In TDS-3:
    TDS > Execution Protection > Remove
    And then a reboot, and then un-install it.
    That's the way to do it.

    2.
    Once again:
    I'm really not sure about those two registry-entries:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>

    I hope some experts will jump in here.

    Maybe also some users of the Dutch provider "xs4all" could jump in here and tell us whether it needs a proxy-server; I really don't know....
    There ARE here at the Wilders-board users of that Dutch provider !
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In the IE browser, > Extra > Internet options > Verbindingen (connections) > look for your default connection (standaard) > bottom LAN settings > there could be the xs4all proxy checked. Note down what there is so you don't lose it if you need it back.
    Uncheck the proxy, ok, ok close and reopen all browser windows before you start again.
    Many ISP's like you to use their proxies as it saves them lots of bandwidth, and it should not make much of a difference for users, certainly not the kind you run into. But ok, first try it without the proxy to get correct results.


    What is happening at the moment with your TDS install is not clear to me.
    Gavin only asked to get a new version of the VB6 from the site and install TDS as a whole over the eisting one.
    There is a warning on the site XP users don't need to replace those system files generally spoken, as XP has it's own protection for overwriting files.
    Now i understand your question with what you're all doing where to put files.
    Since you're mentioning system32 i suppose you run XP so all those files should not be needed for you.
    Look for the names of the files one by one, search for them on your system, and you will see rightclicking on them you have the same or newer versions on your system.
    Only if some would have been overwritten due to some install it should be replaced, but XP would have warned, i guess.

    Now the exec protection was still installed while you uninstalled TDS, to have that part working properly again you'll have to install TDS, get to that exec protection and uninstall it, reboot, try in TDS to install it again
    (where's a test? anybody has a testfile which should be stopped but is not dangerous?)
    look carefully at the message you get, if it says "failed" press the uninstall of exec protection, uninstall TDS, install TDS again over itself, reboot, install exec protection again and all should be well.

    Did you reboot after your first install? not doing so could give some problems of TDS not working properly.
    This is for most security programs i know, so even on XP you're not rid of the reboots in all cases.



    How is now the current situation?
    You have now a working re-installed TDS, have you?
    Does it update or tell you are uptodate already when you press in TDS > Update TDS databases NOW!
    What exactly happens when you do this?

    Is the problem the firewall is blocking or not blocking the problem?
    Firewalls can have the habit of lerning so if you allowed the action/connection it might know for a future occasion program update.exe is allowed to connect to internet so the firewall will not alarm nor beep if you are doing so a next occasion, unless you made you settings to alarm each time.

    Did you reboot the syustem after enabling the firewall again? If you have ZoneAlarm for instance, for some annoying reasons it keeps the changes till reboot.
    Try it for instance with a page needing cookies etc and you allow them in the settings, even closing all browsers and reopening one you will see in many cases your changes did not really take place, site still asking for cookies accepting, till you rebooted and get there again. Really annoying and a risk factor, for i wonder if i tighten my settings for such a site if those higher security does take place instantly or not. But that discussion is for the firewall threads.
    Anyway, if you use ZA(pro) it can be several of the allowance settings stayed up for the program so you won't get warnings.

    Silent here you said? hm think people have been looking all around the clock for you; for instance i started writing around 5 in the morning my time and it's around 6 in the morning now, i see Jan was here after midnight and before midnight, so 24/7 supoport here!
    And you're lucky, many software developers of lots of kinds of software are looking around here too, hence a good reason to ask questions in the right forum areas to attract their attention for support, just in case! :cool:
     
  23. Fraha

    Fraha Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    189
    Location:
    The Hague - Netherlands
    OK, thanks Jooske (I did put a ;-) after that line with "it's getting quiet around here"
    Believe me, I know that you take this seriously And I don't have any critizism whatsoever about you guys (M/F)

    As I'm off to work right now, I can't go into detail about youre large mail. Most of it I did without any luck.

    But there is light!

    Fresh this morning I had a brainwave. I ran the Update.exe manually and it worked!!! The firewall asked permission and I gave it all the permission there is to give.
    The problem is still there if I try to update from within the program!

    If I do a control-U or use the command from TDS >> updatreTDS database now, there is no reaction from the program what so ever.
    After the manual update there where lines in the main screen of TDS telling me this:

    08:32:48 [Radius] Radius Systems loaded. <Databases updated 27-03-2004>
    08:32:48 [Radius Update] Update complete.

    You think about this and I'll be back around 1700 hrs CET to takkle this a bit more... :D

    Thanks again and greetings from The Netherlands


    Frans
     
  24. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    In that case it is 99% sure to be something to do with the firewall settings
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Frans, just to make sure: you did close all the AV and AT --also the resident parts!!-- during install, did you? I saw in your HJT log you have a bunch of them, so those really shopuld be put to rest before installing any other software, after reboot and you can fire them up again.
    I forgot your firewall, might be special settings.

    So that you could use the update.exe at all gives some light indeed.
    You can do yourself another favor with grabbing my test-demo file on top and load it via TDS, as that has an update.exe as will in between the other joy, so you can locate if there might be something with the TDS install or something else could be the matter like proxies, such things.......
     
Thread Status:
Not open for further replies.