problems with tauscan

Downloaded tauscan (trial) Started too scan for viruses, then F-secure warns me for a possible security risk/trojan in Local Settings/temp/ with a file/-s called tnp1421.tmp (for example..) Is that some kinda dummy file used by Tauscan or what could it be?

Would appreciate any help

/bAttleZ

 

Hi bAttleZ!

I'm not familiar with Tauscan. But what I know is, that Tauscan isn't as effective against trojans as TDS-3. So I suggest you once try out the trial version of TDS-3. You got two benefits out of this:

First, F-Secure won't give you a warning again and second, you got the best AT-software which exists on the market right now!

Best regards!

Patrice

 

Hi bAttleZ,

Although updates for Tauscan are posted here in the update-section of the forum, it cannot compete with the three top AT's: TDS-3, BOClean, TrojanHunter.
All three have absolutely great support; TDS-3 with TWO forums: one public here at the board and one only for licensed users at their site; BOClean a forum at Mickey's board, and an absolutely fabulous support through email; TrojanHunter a great board at its site!
So, I would advice you to choose one of those three.
You can read a review at http://www.wilders.org/anti_trojans.htm

With respect to your question:
I would advice to do a full system scan with your AT while your AV is temporarily disabled (don't forget to enable it afterwards !).
If I remember me well, Tauscan unzips zipped files to your temporary directory.
I'm not quite sure why your F-Secure says that there is a possible security risk/Trojan, but that leads me once more to the advice to download/install the TDS-3 trialversion, update its Radius definitions, and do a full system scan with it. For questions about TDS-3: please see the TDS-3 forum-section.

 

Hi battleZ,

Have a look at this thread:
http://www.wilderssecurity.com/showthread.php?t=3548;start=0

I think that will answer your question.

Regards,

Pieter

 

K, I think I'll give TDS-3 a try, nice to get response that fast

thx again
/bAttleZ

 

Hmm i say... Unable to uninstall becuz of missing install.log file, installing the program again doesn't solve it, any tip on how to get rid of Tauscan?

 

Hi bAttleZ!

Deinstall it manually if it doesn't work. After that use RegCleaner or Powertools from jv16.org to get rid of the registry entries. You can even search for Tauscan registry entries by searching the registry manually. But don't do it if you have no knowledge about it!

Wise decision by the way, that you now wanna give TDS a try!

Best regards,

Patrice

 

Hi bAttleZ,

Did you install Tauscan to the default directory?
Normally all it takes is Exit the program from systray and uninstall from Add/Remove Software.

http://www.agnitum.com/support/tauscanfaq.html#q7

Regards,

Pieter

 

i had similar experiences when trialing tauscan. i downloaded some trojans to test it and found out i'd have to disable f-secure when doin' on demand scans in trojan/backdoor files.. f-secure denied tauscans access to those files because it had detected viruses inside them... now if he has a real trojan lurking there it's a good thing he has f-secure detecting it! btw same thing happens when i do a right click filescan with trojan hunter

note: i did not write this to boast about f-secures good trojan detection, i have trojan hunter running on my system. but i'll have to say that most of the time f-secure is the first prog to react on a nasty... there has been rare occasions where th has been faster, or f-secure hasn't noticed anything but that's what at's are for: adding a second layer of protection

 

Hi illuka!

I was using F-Secure as well some time ago. It is a really good AV-scanner. But sorry, it's not such a good AT-scanner. If you use TDS-3 for example, it will always be this prog which wins the battle against trojans. F-Secure hasn't such an overhelming detection against trojans.

If F-Secure is faster in detecting trojans than your current AT-scanner (trojan hunter), then this means that your AT-scanner isn't that good...

Regards,

Patrice

 

Sorry Patrice, but that is just wrong.
F-Secure uses the Kaspersky engine and its updates, and it is a known fact, that KAV has a superb trojan detection.

There are many people who think, an additional AT to KAV is unnecessary (I am one of them ) - so the same goes for F-Secure...

 

Hi _anvil!

O.K., you might be right! I wasn't aware that F-Secure uses the Kaspersky engine...

But to your statement, that an additional AT is unnecessary: Let's talk about it again when you have been hacked. You don't know how fast it goes... I have once tried out a keylogger which even TDS-3 wasn't aware of (well until I sent it to the support of DCS).

And last but not least, do you know why I deinstalled F-Secure and I don't install KAV? They are using too much ressources (RAM) and too many processes are started and running all the time (especially F-Secure).

Regards,

Patrice

 

@Patrice

My point is, that current ATs don't offer much additional security, if you already have a good AV like KAV (F-Secure, AVK,...) or McAfee.
Imho it is most important to prevent any malware file from being executed, because after its execution, the malware could do anything. That's why, good filescanning is more important than memory scanning.
Well, at the moment, the above mentioned AVs are better filescanners against trojans than any AT.
I am not saying, that ATs are useless - but they are not really necessary.

Then, I don't understand your concerns about ressources: do you really think, two resident programs (AV and AT) will take less RAM than one (admittedly big) AV, like KAV or F-Secure?
And what is your problem with many running processes, as long as most of them are small? F-Secure 5.41 has 11 running processes, but doesn't take more than about 15-20 MB RAM in total.

 

Hi _anvil!

Wow, you gave me a lot of stuff to write about...

Disagree, AT-scanners bring a lot of additional security to your system! What do you do if the trojan/keylogger/... is new, which means current AV- and AT-scanners don't protect you against it yet? AV-scanners will remain silent while AT-scanners will realize that there's something in the memory (autostart). If the AT-scanner will remain silent as well (like in the case I have written above), then you will get suspicious because suddenly 25 files are started on Windows startup than 24 as normal. With an AT-scanner like TDS-3 you are aware of the processes which are started at autostart, with an AV-scanner you aren't!

I understand by reading your answer that you don't care much about processes started in the background and running all the time... Like that it's quite easy to install a trojan on your system without your knowledge! And YES, TDS-3 and NAV 2003 (I'm using this quite ressource intensive AV-scanner) use less memory than F-Secure or KAV alone!!! These processes aren't small at all, they use a lot of ressources! 15-20 MB of RAM is a lot. KAV or F-Secure is slowing down your machine, you can't tell me that you don't realize that!

NAV has started three different processes, if you wanna know the size and the memory footprint of it, let me know. There are other threads about this issue as well, we were talking about it already. NAV already slows down my machine, that's why a lot of users are changing to another AV-scanner which doesn't do this.

Now, I have a question I have to ask. Did you ever use TDS-3 already? Did you ever play with trojans, keyloggers, hacking tools,...? Just wondering...

Best regards!

Patrice

 

Each to his or her own, I prefer the benefit of a layered security. I posted this before on wilders before but darned if I can find it now

FIRST lines of defence:

Ensure you have the latest security updates for your chosen OS & programmes
Secure password strategy
Router with NAT or other firewall configuration. (networked environment) especially in a broadband environment.
Software firewall preferably with both application & rule based capabilities, to allow outbound control where NAT routers usually only control inbound

Second Lines of Defence:

Anti-virus - resident
Anti-Trojan - resident (execution protection)
Dedicated Worm / script guards with registration protection
Spy blocking Pop-up & Ad stopper, Unsafe Java, Active X , unfriendly cookies + parental control i.e Browser protection & set up
Email, Anti Virus + Spam removal identification / removal facilities.
Secure encryption facilities
Proxy browsing etc.
Practice Safe HEX!

Third Line Defence:

Spyware and registry cleaners
Temporary internet file & unwanted cookie cleaners.
On demand Anti Virus & Anti Trojan scanners
Secure data back-up facilities.
Monitoring utilities & logging

There will be other requirements based upon your perceived personal needs.

Unfortunately there are no "foolproof" answers.
We are just talking Windows Operating Systems here, there is a whole new set of problems when using other Operating Systems such as Linux

 

Well this may be true for the most av scanners. For the most but not for all
Look here: Memory Scan par excelance - GAV 4 has a own memory manager (as Driver) and is be able to scan even apps started within rootkits.
And it does even tell you which process is what - it does know around 1000 common task's. Such as Trojan Hunter Guard (the temporary task names), NAV Processes, PCC Processes, Word, Excel and so on. It does have a "negative" Database for good apps as well.

Look - here you see GAV during a intensive memory scan:

http://www.gladiator-antivirus.com/gav4.jpg

And it does take care of Autostarts as well

 

Hi xor!

Well, yep as I see you are completely right! Thanks for the information, I wasn't aware of this AV-scanner at all. Never heard about it until now...

Regards,

Patrice

 

Ahh... now I got it:

Gladiator AntiVirus does detect and unpack also runtime packed trojans/worms/backdoors like UPX or PECompact compressed malware. This is a important point and most of the commercial scanners dont have this feature, so GAV is ideal as 2nd On-Demand Scanner to protect the PC from packed/patched malware which other scanners dont find.

Note: GAV IS STILL IN BETA PHASE OF DEVELOPMENT!

Greetings,

Patrice

 

That GAV is looking very impressive Michael, still a beta?
Think FanJ could be really interested in the function you just described here as such reliability tests are his special "hobby".

 

@Patrice

Well, I don't take an 'Autostart Viewer' as a distinction between AVs and ATs. There are many stand-alone 'Autostart Viewers', as well as other kinds of programs, which have such a tool 'embedded' - e.g. SSM which I am using right now.
And there is even at least one AV - GAV - that shows autostart entries, too.

You misunderstood - I care about the running processes and I know very well, which process is 'ok', and which is not - even with eleven F-Secure processes in RAM (which all run under 'system account', while trojans would run under 'user account', btw...)
And honestly: even if a low number of processes would make it a little bit easier to identify 'bad' processes, it wouldn't influence my AV's choice...there are other things, that count.

You are right, but this is the price for a really good AV, with some capabilities, that Norton _and_ TDS3 don't have (e.g.unpacking engine.)

You obviously know my machine very well...
The truth is: F-Secure slows my system only a bit - which is ok and understandable.
KAV has a serious problem with its monitor, so that it slows my system down dramatically, although it doesn't offer as much 'protection' as F-Secure.
So, I use F-Secure without any problem.

Yes to both questions, and I also know the strengths _and_ weaknesses of TDS3.

 

Hello again _anvil!

Well, F-Secure certainly is a good AV-software! I have absolutely nothing against it (I was using it myself for several years).

But I agree to what Pilli said, consider an AT-scanner as another security layer. Let's see it like this: your computer has several doors (AV, AT, firewall,...); a AT is just another closed door. The more you have the better.

It sounds good that you're using some sort of AutostartViewer. That helps a lot to make your system more secure (if you control it regularly)!

With your last statement you make me really curious? What are the weaknesses of TDS-3? Could you be more specific about that issue? Perhaps you have something, which they could implement in TDS-4.

It was nice talking to you!

Best regards!

Patrice

 

Since when would TDS have no unpackers included?

 

Take this not as offence, i just tell you now 3 things (from a view of a developer):

(1) - binary signatures for backdoors - TDS uses a lot of Textbased Signs
Explaining: Everybody uses sometimes text signs (for Clients and some harmless things) but using Text Signs for Optix Backdoors is fatal

(2) - case sensitive "heuristics" - you know the message "possible trojan with ICQ...." ? - Just take a hexeditor and change "WWPager" into lower/upper words - undetected and the backdoor stays full functionality

(3) - no true import table scanning - i just say here "MPR.DLL" + "WNetEnumCachedPasswords" - results in "password stealing trojan" which is correct, but if you use this 2 text flags via "COPY /b file1+text1 output" and you scan output then it is flagged - and it does not even use this functions "to steal" passwords - this would not happen if a true import table scanning and not only a text based search is used.

If this is to much explained feel free to delete it - as i said before this is NO OFFENCE - it's just 3 point's out of some more...

 

Is this all there is or is there more in your opinion?
And about the uinpackers?
We had a discussion about adding more unpackers besides the ones already there in the private forum quite a while ago.


It is of course better to have technical discussions between the developers and give a proper chance for repairs where needed.
In a few threads was written this wish and Paul is working on such a place protected for you developers; i really am exited about this, as i am sure lot can be solved and good fruitful discussions between the wizzpeople can take place and no need for holding back about details and tests, while the internet community as a whole will see the security fruits. So please GAV, MAF, NAV, RAV, KAV, DCS, ESET, JC, TH, A2, PGP, etc etc etc developer people be so good to contact Paul Wilders about this protected wizz place.