Setup and Config

Discussion in 'Trojan Defence Suite' started by Blackspear, Dec 13, 2002.

Thread Status:
Not open for further replies.
  1. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Would have expected more a roo in your case seeing the environment.
    Somewhere in one of my SS3 scripts in the joke machine:
    What do you get when you cross an elephant with a kangeroo? Big footprints all over Australia.

    Hope you don't have the Kingsize PIG virus (trojan) on your system then :D
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    lmao, see pigs do fly :D
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    That was an elephant, pig looks more like this

    (i've no pink flying roo btw, maybe you have?)
     

    Attached Files:

  4. FanJ

    FanJ Guest

    LOL,
    make it a flying piggy-bank to drop your cents in for a nice security-combo ;)
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Must have that one with a slot somewhere too indeed, but this one has the DCS blue background at least (summertime over Oz).
     
  6. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi blackspear:

    I have been following this thread and when I saw you post
    I may be able to help a little. A few months back, I used to get the same message about Trojan mutex(es) found.
    It scared the hell outta me, so I exited TDS, rebooted my PC, restarted TDS and it still was there.

    I then UPDATED, exited TDS and restarted, and it went away.

    I put it to a flaw in the previous update [don't ask me why, it just was].

    I then did a FULL SYSTEM SCAN, and nothing came back [except for GRC's Leaktest which nearly everyone has] and it has never happened to me since.

    Maybe just a hiccup in the system. Have you tried to exit, reboot, restart yet or still get the same?
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    It was there time ago for everybody, Gavin or Wayne changed something in the daily updates and since it was the "normal" message
    [Memory Scan] Memory scan started, please wait a moment ...
    [Memory Scan] Memory scan complete.
    [Mutex Memory Scan] Started...
    [Mutex Memory Scan] Finished (no trojan mutexes found).
    [Trace Scan] Started...
    [Trace Scan] Finished.
    and after the CRC checks etc.
    It might be in the eval version this part is not changed, in the registered version it is since that time.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Taz, I had the same experience as you, it 1st came up clean, and even with a 2nd go it came up clean.

    Then I cofigured the program as per Fanj's advice in this forum, then up it popped showing problems in the above files. I then checked out what each file was, and because of files such as Nod32 that it had found and my knowledge that Nod32 continually changes with its updating, I didn't believe there was any sort of infection, I just saw it as showing false positives. So at this point I thought these files must have to be excluded, so I did exclude them.

    I then asked if these files should be excluded on this forum, to which I was told NO. I removed these from the exclusion list. Saw the program required an update, though know now this is a permanent message that doesn't go away, updated the program, and rescanned.

    At this point the system came back as being clean, and has scanned up as clean ever since. The program just spat the dummy for a while. Now it seems to be a happy camper :D

    I still would like to know why it turns my powerful system into such a PIG, and why it will NOT return to a happy speedy system until I turn the program completely off o_O

    I'm running XP-Pro, and haven't had a problem with XP-Pro from day one, it runs PERFECTO :D I love it :D

    Cheers.
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Really hope from this point DCS or other XP users jump in to look with you at some settings. Did you run any kind of program like TaskInfo2000, WinTasks or other way to look which program is consuming your speed and if it's RAM or other way?
    I was wondering, if you have the exec protection enabled already. This can cause (for most systems hardly noticable) difference in executing programs, as all executables are first checked on highspeed before allowing them to run; my system is slow already so i hardly notice any difference, but speedy systems could notice (maybe) some difference in tenths or hundreds of seconds.

    Further Jan wrote that basic configuration with his own Win98SE system in mind, i have all checked (except the NTFS parts of course) in config, startup and scanning options; in XP things might need differences.
    Hope it never happens again, but in case something suspicious like that would take place, hope you make the scandump to be able to look deeper into it. As the exact alerts descriptions are important of course.
    A file tds-3.2.1.exe would cause a double extension, as well as test.vbs.exe and if you know the files that would be no serious problem in most cases, but if it would say positive identification of trojan xxxx found in them then there is all reason for alert :) Hope it never happens!
    For me it looked like a bad install or thing like that, as said before...........
     
  10. FanJ

    FanJ Guest

    You're right Jooske !
    I have tried to tell in that "Basic Config Thread" where things might be different set-up for XP/2000/NT systems.
    (And indeed, of course, everyone can make his/her own config the way he/she likes!!!).
    It was more or less meant for people to get started with it.
    Of course, if people think something should be changed over there, I'm completely open for suggestions!
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Think it needs an XP user to comment on that, but on the other hand i wonder which change in settings caused the differences in scanning for Straight Shooter for instance.
    As long as the radius database is updated daily, check or uncheck options at wish, the system made msagent ready to be able to run our scripts and voice.
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Blackspear about your system speed:
    how much difference does it seem to make: is the whole system slower or a few tenths of seconds when starting a program, and still after that or no more, just trying to locate where the problem could be.
    Did you have exec protection installed already or not?
    (only possible after including the registration key).

    You know, TDS runs even on PI with 64Mb RAM and Win95 so all better conditions should make it better, but on the faster systems fractions of seconds for the exec prot for instance will be more noticable.
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Jooske,

    Just trying to think along here. Would all the services, that XP starts by default, not contribute to the slowdown or is it these don't get checked?

    Regards,

    Pieter
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I am talking full on PIG, snorting and squeeling, it's like throwing a net and tranquelisers into a team of wild horses, they just fall asleep :( It takes 10 to 15secs to open IE if TDS-3 is minimized to system tray, a full on mongrel, so until I sort out why, am not impressed what it does to by baby :D

    Shut it down from the system tray, and hey presto, full on BULL at a gate, grunt and power return :D

    Cheers.
     
  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Exec protection on or off?
    TDS > Exec Protection > Install or Remove
    If the registration key is included, possible to install and see if this makes the difference.
    As that hook is only active if TDS is running.

    Was thinking about the XP services too Pieter, so i really hope XP users with TDS jump in here.
    Thought you are on XP too with TDS running?
     
  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have not purchased, would you purchase a product with the problems I am having, no doubt we'll eventually discover what's going on, but until then, money remains securely in my wallet :D

    Don't get me wrong, I do like the product, but am being cautious due to what it does to my system :D

    Exec Protection is NOT installed, as I have trial version...

    Cheers.
     
  17. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hopefully tonight Jooske. :D I'm at work now.
    Will do some testing of course.

    Regards,

    Pieter

    [EDIT] Just noticed Blackspear is running the trial. The only delay I noticed with that was the elaborate check at startup[/EDIT]
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I have TDS3 installed with XP Pro,
    When exec prot is installed there is a very small increase in the loading times.
    For instance System idle process shows 98% with all my utilities running. Nod 32, TDS3, PE, Proxomitron, Sygatepro5 firewall, messenger, wallwatcher + winword.

    Whilst Winword was loading I noticed that my CPU usage momentarilly rose to 15% thereafter settling down to 2%

    HTH Pilli - Note System is XP2200, 512MB of DDR 2100 RAM
     
  19. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Blackspear: I run Win2000PRO OS, so similiar platform to XP like yours and Pilli's.

    I too get similiar results as Pilli in my performance.

    My system runs very smoothly with TDS even though TDS shows up using a fair amount of resources.

    As TDS checks/verifies EVERY .exe I start, there is NO SLOWDOWN at all, virtually instant reaction like less than 2ms.

    900MhzCPU 256Mb RAM. This is a lot less than your specs?

    but I do have lots of my "Services" trimmed back as far as possible, either Disable or set to Manual.

    See pic of running processes [27]. Now, even as I was using HyperSnap to take a similar shot, I had my 'Performance' Tab open and my CPU only went to 5% before settling back to 2% like Pilli's

    You must have some sort of conflict maybe? Hope you can solve it.
     

    Attached Files:

  20. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Here's mine with WinMX running (downloading) & mediaplayer playing an MP3 :D
     

    Attached Files:

  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Here´s mine under normal working conditions. Note that Incredimail is running (talking about resource hogs :D)
    Windows XP SP1 P4@1.4 GHz, 384 MB RIMM

    Regards,

    Pieter
     

    Attached Files:

  22. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Pieter: Man, IncrediMail sure is a monster *oink*

    Did you have 3 IE's open, that sure is taking some as well.

    I hope Blackspear can resolve the issue. Hate to see him miss out on a *GREAT* proggy just because of some glitch in his system set-up.
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    I fully agree with this.
    I hope there are some more tips for settings or specific things to look at, as TDS loaded without the exec protection should not do anything at all but just being around until you start some action yourself for it to do.
    Would activating the sockets for instance cause any activity other then at the moment you have a portscan on one of those specified ports it's listening on? Would it eat resources in any way?
    Could it be quite different things like cleaning out caches or giving more space to the virtual memory or is all that completely automated in XP and not able to change?
     
  24. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    I see the 7 Opera Windows I had open are missing because the list was too long :D And the Idle at 97% is missing too. I use the IE Windows for some sites that act and look "funny" under Opera.
    I took the services of the list for TDS, but hardly noticed the difference. I'll keep on experimenting.

    Regards,

    Pieter
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    And you even had not this wav playing!
    http://www.geocities.com/trivia_house/kangaroo.wav
    Very appropriate in this surrounding euh?
    (many nice sound files there on their sounds.html page)

    But seriously, hope the magic DCS team will have some more workable ideas to get the XP on full speed again!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.