Nod32 finds Win32/TrojanDropper.Bridge.A trojan in TDS Directory?

Discussion in 'Trojan Defence Suite' started by mingus, Apr 5, 2004.

Thread Status:
Not open for further replies.
  1. mingus

    mingus Registered Member

    Joined:
    May 21, 2003
    Posts:
    20
    report from Nod32. Doing and evaluation in the TDS software and NOD comes up with this while scanning:

    C:\Program Files\TDS3\xDynamic\TDS.Unpk\start.exe   Win32/TrojanDropper.Bridge.A trojan
     
  2. FanJ

    FanJ Guest

    Hi Mingus,

    That is the place where TDS-3 temporarily puts files to unpack.

    Were you doing a full system scan with TDS-3?
    Usually in that case I would recommend to temporarily close down your resident AV.

    Did TDS-3 give you any warning about that file?

    I see in the primary list of TDS-3:
    TrojanDropper.Win32.Bridge

    Do you have the registered version of TDS-3 or the evaluation version of TDS-3?

    Did you update the Trojan-definitions (Radius-file) for TDS-3 to its latest version (today)?

    Could you please send that file start.exe to both ESET and DiamondCS so they can have a look at it?
    Thanks !

    Regards, Jan.
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi and welcome!
    Like Jan pointed out, the file in the Unpk is a copy of the original which is somewhere else on your system if it was not deleted yet. Did you clean out alarmed files with that same name? In that case yoy should be clean after deleting this copy.
    In most cases files prom that Unpk folder are deleted after scanning, or after the next scan, while you can also do it manually yourself if an occasional file was not deleted from that folder.
     
  4. mit

    mit Guest

    evaluation. did download and install the update manually. I believe Nod already has this one in their definitions?

    Could of been that i had already run it once, decided to disable system restore, came back and this was in the cache.

    Will TDS more or less get rid of associated registry entries also? what if someone ran an A/V program and deleted all the trojan files, but left all the registry entries?

    sure is hard to post to this board
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    NOD32 and TDS both have it in their definitions.
    Did TDS not alarm on it again or did you delete it by now?
    did you also check all the scanoptions in the scan control?
    After disable system restore in the clean situation -- reboot -- enable system restore and manually make a new restore point please.

    Registry associations will probably only be there if the file was executed.
    In that case it's very advisable to get the AutostartViewer from the (free) products at DiamondCS site or if you feel more comfortable with the HijackThis with all options up and post your log so experts can help you look for anything suspicious more.
     
  6. joesmoe

    joesmoe Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    1
    ive had the same thing happen.nod32 detected it i could not delete or rename with nod 32.so closed down warning and did full system scan with tds-3 nothing showed.a few minutes later nod32 detects again...
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Locate the file, zip it and send to submit@diamondcs.com.au Thanks. Might be another variety.
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    There are several versions of bridge, the actual file won't be found normally in a search by you, because it will be inside a cab file in the download prgram files folder

    the usual suspect is a download from flingstone.com

    please follow instructions here
    http://www.wilderssecurity.com/showthread.php?t=15913

    and post a hijackthis log, we can tell you which file to submit to tds so they can update their database.
     
Thread Status:
Not open for further replies.