No updates and no trace possible

Tooske,

Yes i did install with all av and AT stuff off-line.

Can you elaborate on the testfile you mention? Where can I find that and how do I load it via TDS?

Due to all hassle I did not have much time yet to read much helpfile....

What kind of file is it and what's the name?

Frans

 

Hi Frans, was not around, shopping time!
http://www.wilderssecurity.com/showthread.php?t=24123
In the sticky threads on top, little by little i created a little thingy, read the description: running from desktop it should give certain error messages and refuse to run further due to your protection, running via TDS it should run all till the end:
get both files from the first message, put the kope_van_welcomeF.wav in your C:\ (yes, the root! ) to make sure it runs anyhow,
so you can see via TDS some little surprises and lots of little tests to get used to.
Hope you have speech working too in the meantime!
Have fun with them!

 

Jooske,

This happened after your VBS script was run via TDS

A popup screen came up and I had to hit OK.
Then the text in TDS's mainscreen.

That's all.
No sound and no updating.

Updating is never called upon as far as I can tell.
No error msgs, nothing.

As the update file works if called direct. I take it the firewall works correctly. (See above)

This is something within TDS.
Perhaps the TDS folder / Directory is not set so TDS cannot find update.exe ?

I'm thinking this way. What Options do you have? (left)

Frans

 

I think you misunderstood something.

I executed the file setup.exe in the TDS folder. The first time I did that, after I did this numerous times from TDS without any reaction on the TDS screen, my firewall asked if it was OK to allow update.exe access to internet.
After this, the update ran and was registered in the TDS mainscreen, with the date of the file (27 march)

I'm guessing that TDS does this in a similair fashion, but somehow, somewhere something goes wrong (duhh!) ;-)

TDS itself does not need internet access untill now, because I did not see anything going that way.

Adding to this that when the firewall is disconnected noting changes.
Furthermore I installed the trial version of TDS on my other system and it works like a charm, except for the update function, wich is not supported in the trial version.

Greetz

Frans

 

Hi Frans,

Some remarks:

1.
The HijackThis-log of you was posted here:
http://www.wilderssecurity.com/showthread.php?t=25867

2.
I would advise to check your firewall-rule(s) for TDS-3.
BTW: which firewall are you using?

3.
I would advise that you contact your (Dutch) provider XS4ALL, and ask them what exactly the proxy settings need to be.
Maybe you can find that info on their website; I don't know.
Maybe there is also a support-forum from your provider; I don't know.

3.
I still don't understand those registry keys:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>

I need a Registry-expert on this !

4.
If you need to use a proxy-server from your provider, then I would advise to set it up also in the TDS3-Configuration-server-tab:



Quote from the TDS-3 Help-file:
"Use Proxy for Web Access:
If users are behind a proxy server, they can configure this option so that TDS-3 uses the proxy server to connect to the outside world.
TDS-3 Update is one example of being able to go through a proxy server."

The high-lighting is from me.
What I do not know is this:
It says only that "TDS-3 Update is one example of being able to go through a proxy server".
It does not say that it is required by TDS-3 !

We need Wayne/Gavin/Jason to tell us that.

5.
In your HijackThis-log thread dvk01 posted this:
"I have seen several reports of OVERNET.exe being infected with a backdoor trojan. backdoor blarul

whether it wa a false positive or not but the overnet forum users don't all think so
http://forum.overnet.com/viewtopic.php?t=59140&highlight=blarul

it's open to debate but!!!!!!!"

I would like to give a link to the PestPatrol-site about this:
http://pestpatrol.com/pestinfo/o/overnet.asp

It's your decision what to do about it.

I would like to ask Gavin to have a look at this issue and see whether this is something for TDS-3 to detect.

6.
I have to admit that I don't understand your initial listing from TDS3-Resolve.
Maybe I was wrong when I thought that there was something wrong with your HOSTS file.

I hope that Wayne/Gavin/Jason will jump in here.

7.
At the moment it looks to me that the issue about the proxy-server is the most important one for the moment, but of course I could be wrong.

Cheers, Jan.

 

An additional remark:

If this registry-key gives the right proxy-settings for your provider:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080

then try to put those in that TDS3-Configuration-Server-tab, save, close TDS-3, reboot, and see whether things will work OK now.

Note that I wrote "if".

If that is true, then:
- put a checkmark in the box "Use Proxy Server".
- put wwwproxy.xs4all.nl in the Server-box.
- put 8080 in the Port-box.

 

Jan:
can you do me a favor, as you have very high security settings on your system too, to get the testdemo and wav file from the top sticky thread and see if it does everything for you too:
just put the test thing on your desktop and the sound file in c:\ and load it from inside TDS.
For Frans it does run including the joke lines in the end, but not even any message about updating TDS, not even a detection the radius is already up to date and the action aborted like this:
[Radius Update] Database already up-to-date - transfer aborted.
But there is hope: Frans does see the messageboxes to click on, so the Windows Scripting Host at least is working OK.
This "upsdated" line should appear between the joke lines at least after the update window appeared a few moments.
The wav file in c:\ should use the normal original windows basic sound system, in the end the jokelines are only written, while in the very end the TDS voice says some thanks, which is the speech engine (TTS)


Noticed something more:
when you click in the TDS console somewhere in the field and press contr+A for me it selects (highlights)all the text there and a few instances after it brings up the Autostart explorer, when i click in the top of the console somewhere in an empty place and press contr+A i get only the autostart explorer opening. For some reason it is logical, but never had it happening before.
Not sure if this works the same for all?
Contr+U brings up the update console.

Frans:
Did you try both the contr+U and clicking the menu option itself for the update?
for the update: if radius is uptodate you won't get a new update, just that like i wrote above, so don't let that confuse you.
I would suggest to try everything on your second computer too and find out if there are any differences in settings or possible infections. Update the radius also in your other system, check in both systems all possible options and close other av/at scanners (NOD32 you run? norman?) including your TH resident protection in this case as a test, and try first your script / update action again, see if that makes any differences, after close all windows and applications you don't need as you're going to step from the system anyway and have a full system scan done.
There could be some infection playing games, maybe there is nothing.......

I remember i saw in your HJT the United Divices. I used those too long time ago, no real problems with TDS or other programs, but my windows itself was running very much better when i closed it and finally decided to uninstall it. Same with Seti. I have an older slow system, so for me that counted. Not sure if that makes any difference for you. Did you temporary close UD during the TDS install? Worth trying everything of course.

 

Hi Jooske,

I wanted to post this in your sticky thread but couldn't do that cause it is closed.
Maybe move this posting to there: your decision

I did a quick test (a bit too late in the night here now ).
I didn't test dual extension.
I tested it from within TDS-3.
- Got the message-box "this is a vbs script running".
- Got the message box "TDS Trojan check".
- Saw this in the TDS console:

04:40:00 [Radius Update] Database already up-to-date - transfer aborted.
04:41:25 [TDSTrojanTest] Please standby for testing.....
04:41:30 [TDSTrojanTest] It seems that you are infected
04:41:34 [TDSTrojanTest] .....checking....
04:41:39 [TDSTrojanTest] TDS trojan detected!
04:41:41 [TDSTrojanTest] Yes, you're definitely infected with the TDS addict trojan.
04:41:41 [TDSTrojanTest] Sympthoms: always running TDS, visiting TDS forums, playing scripts,
04:41:42 [TDSTrojanTest] waiting for the latest updates.
04:41:43 [TDSTrojanTest] Is there a cure? No.
04:41:44 [TDSTrojanTest] You'll always be addicted to the TDS trojan.
04:41:45 [TDSTrojanTest] the good news: it's a happy experience of only recycled electrons.
04:41:46 [TDSTrojanTest] And it's the first using SS3!
04:41:48 [TDSTrojanTest] Congratulations to be tested succesfully positive among the first!

- My firewall log shows that TDS-3 tried to update

 

Thanks a lot Jan,
I did not close it myself, as i would like people to add their testfiles, will discuss that with the DCS - testfile - responsibles!

I miss the sound parts in your story:
the first message box after pressing OK the welcomeF.wav should sound which is the normal windows basic sound used for that
and at the end after the addiction display the TDS voice thanking you for this infection.
In that first welcomeF wave part the little radius update window shows up like normal, as the update exe is called. and it did work properly as you got that line displayed with the radius already up-to-date and thus further action aborted.
So it works all properly as it should, and i hope you liked trying it.

Ahhhhhhhhh i see why the WelcomeF.wav did not sound!
In my script the name is C:\WelcomeF.wav and i see the file here in the board is renamed Kopie_van_WelcomeF.wav ! (i really don't remember why i did that!)
easiest to rename that file back to WelcomeF.wav !
Big sorry! I'm really very sorry for that, it can not call a file with another name of course. I'm sure if you rename that back and try again you will really like that! I never noticed as i have both versions on my system so it always worked.
If you prefer of course you can make that change in name also in the script itself (on top, where it calls c:\WelcomeF.wav ) whatever you prefer!

Yes, when TDS is trying to update it needs an outside world connection.

Now i wonder, for Frans the update.exe itself from outside TDS works, there should be a firewall permission too, no matter how you do it.
But from inside the update.exe doesn't work, not via the menu, not via the contr+u, not via this demo script, no firewall permission either.
This makes me think of missing files or bad install!
Frans,
Jan always recommends to close everything in the TaskManager what is not really needed, so keep explorer and systray, but all the rest can go, true Jan?

Now there are a few options:
something was blocking a proper install or something is blocking a proper functioning.
So either close things one by one and try the radius update from within TDS, till it does, till there is nothing more to close.
Then you know the install was not ok.
The other way like Gavin recommended install TDS over itself in the same folder. Still no luck?

There has been a windows problem with longer file names on XP system, which has been solved in TDS, but maybe due to still a problem on your system.
If the above did not work, uninstall the exec protection and uninstall TDS completely (first copy the keyfile away to a safe place!!) You might like to copy the radius and scripts folder and speech spchapi.exe to safety too.
Then uninstall again.
As i noticed you have C:\Program files\TDS-3
(or was it in D:\ ? must check again your log ) anyway........
You might like to have it in c:\fantasyname\tds-3 as long as the fantasyname is not broken, as you might not like it immediately in c:\ for security reasons and for the fine architecture on your system.
I don't think it is this, but it's the last i can think of if other programs have not been blocking a proper install.
But Jan's way of really making sure everything in the taskmanager is closed exept the systray and explorer could be something.

I don't have TDS in the autostart, btw, i start it manually after all the other reboot is ready to give it all room to start up all and everything properly and doing all it's startup scans.

Everything for not wasting your sunday you need most probably for other nice things!

BTW: does your firewall make problems when your United Devices wants to send and receive new datapackets? I used to have problems with it frequently, for which they kept sending excuses but... anyway, removing that was much better for my system!

 

Hi, here's sick me (soar throat)

Forgive my English

Uninstalled TDS agian today and booted up in SAFE mode. The installed again and, you gueassed it. No luck.

Now this is the way you want it don't you? I'mean safe mode is the same as "kill all extra software" right?

When I update myself via the program update.exe the firewall asked permission the first time. After that I told the firewall to remember this and don't ask again.
If I remove that RULE in the firewall software, and run update.exe again, the question from the firewall komes back.

So this is NOT the problem.

None of the plugins even start!! Found that out today when I tried the software on the other (W2K) machine
Control-a and control-u does NOTHING. No reaction from TDS AT ALL
Only when the cursor is in the main window control-a selects all text.

All software on this machine is also installed on the other. (Spywareguard Trojan Hunter UD.exe etc.)
The install went the same, every option got permission to goto internet and remembered bij the firewall.

As I told above, I have an option in my firewall settings to "remember" that a certain program can have access, so I don't have to allow it each time it is run.
UD never gave me any problems and the fight agains Cancer is a big topic for me so I want to keep it running.
The "homework" packets go to and from the UD server like a charm. As go the life updates for Norman AV, trojan Hunter Spyware guard etc.

What else can I do?

I did get sound from the pc speaker BTW when running the demo. With the renamed WAV file I also got success!! (YESS!).

Can I check my registry on where the TDS homefolder is specified?

Frans

 

Looks like TDS self-defence is showing some of itself.......
Guess you're not looking into a reformat and start again.
Or... XP ... do you still have a valid restore point from before you ever installed TDS the first time?
If possible go back to that moment, install TDS, insert the keyfile, reboot, and see what happens then?


Hope your throat is ok soon again, not nice on your sunday!
The wav is nice eh? All created with a TTS engine, no human voice in there. If you got TDS speaking in the meantime, you might like to use TDS as a pronounciation engine too, i do when not sure about a word; type
speak "hello word to procounce" and after the enter you get what you typed between the " "

Are you connected via a network with your wife's computer? How about installing CryptoSuite on both systems and have your own home message system?
If you can't speak it with your sore throat you can still write it! Might be the evaluation version is not able to host the chat server, but you can both connect as a client to other servers on internet to have an idea.

 

No, sorry that is not an option. Never used that step back stuff before.
On top of that, I have no idea when i forst started the trial version. It did not work then so i forgot about it untill it was to late to try to make it work.
Then I assumed that those functions did not work because of the trial.

But how come there is no error msg at all? No reaction at all seems not good to me!

Frans

 

IT WORKS!!!

!!!!!!! IT WORKS !!!!!!!

You will not believe when you see this solution.
I deleted the complete installation for the 10th time and booted.
Installed theTDS in c:\TDS3 with all security ON, firewall, AV en all the rest.
No problem at all, just the change to the new folder did the trick.

What can I say? Thank you for all the imput and time spend on this subject. I hope this helps in future and for others ass well.

Now I can go and buy some more goodies from Diamond CD PG will be first as soon as I get the discount stuff working...

Did I win a prize?

Frans

 

So! Congratulations! Does now everything work fine, including the update via TDS and all of that, the contr+A, netstat, seeing the autostartviewer, plugins, etc etc?
This is great! Make sure you have all the scripts and speech parts (from the TDS downloadpage) too, for all your pleasure have all the goodies from those pages and see what will be the next steps.
Oh, and register for the DiamondCS forum on the site too, and especially for the TDS private registered operators only forum.
Now if you have the speech parts and msagent parts installed too you will will great happiness load the InnerPeace script from the scripts files a very good one for such a happ sunday.
For the happy ocasion a karma cookie to start your apetite! Enjoy TDS! (and the other wonderful programs, YESS!)

 

Re:IT WORKS!!!

Congrats Frans (gefeliciteerd) !!!

Karma cookie for you

Groetjes, Jan.

 

Well done Fraha! have another Karma cookie from me.

Now you will have to try the other goodies like Port Explorer, Process Guard & CryptoSuite - All fun to use and leading edge security for your system

 

Thank you all for all those yummy cookies!

And for the good advice about the other TDS stuff. I'm evaluating PG now and I ask myself if I need CS. What can one do with that? I use pgp now for secret messages and signing. Does CS do more than that?

Further I would like to have the Manual for TDS in a more readable format.
Can somebody make that a WORD file or, better still, a PDF file (Adobe) ?

I'm off to evaluating CS now, bye

Frans

 

Fraha, When you try CryptoSuite please join us on our chat channel
Server: 81.105.28.14 Port: 5096 Pass Word: pc2
Then click connect -Your firewall will probably ask for permission but it will work

Process Guard is probably the single most powerful weapon developed against malware at this time and without the need for daily updates.

Enjoy - Pilli

 

Hi Philli,

PG is working here in trial now. Looks good.

Crypto chat cannot connect with the info you gave me. No reason given.
Any idea?

(Should we start another tread?)
oops, wrong port used. It works. Thank you!
Frans

 

For CryptoSuite, yes best look /write in the CryptoSuite forum (look exactly at the IP, port, password, Pilli gave you! and give a username for yourself and press connect -- tell your firewall you need permission to get out and it should work like a charm; let your wife conect from her pc to the chat server too so you can see how that works too!)

It's much more then a chat and ah lots more will come!
Fire up TDS and Port Explorer:
in Port Explorer look with which port you're going out to the chatserver, and set TDS port listen on that port or your incoming port for that activity.
You should get only unreadable stuff as it is encrypted.
Now in Port Explorer look for the application and process, enable socket spy and look for the datapackets to and from your system!
Most probably you will have to grant Port Explorer internet connection too if you want to do some stuff like using those utilities (part will be disabled in the evaluation version)
So you can discover how to work with the several programs together!
I'm sure you will sort it out to get into the chat too!