Single-file scan problems and Execution Protection

Discussion in 'Trojan Defence Suite' started by kaneda, May 23, 2003.

Thread Status:
Not open for further replies.
  1. kaneda

    kaneda Registered Member

    Joined:
    May 23, 2003
    Posts:
    2
    Hello ppl,

    As a new user of TDS-3 I'm kinda unfarmiliar with the config and features so please excuse my ignorance. I'm having some trouble using the single-file scanning option (the right-click context menu). It does initiate a scan on the selected file but it never finishes. At least it doesn't say so.

    21:01:48 [File Scan] Scanning file C:\somefile.exe

    And that's it! No "I'm done, it's ok" message or anything.
    Assuming that 'no news is good news' I can live with that but there's another situation where it becomes somewhat more of a problem.

    For some strange reason when I execute an '.msi' (Microsoft Installer Package) it loads TDS and starts scanning the file. Even if I remove 'Execution Protection' (and reboot just to be sure). That's ok too, better safe than sorry! But the bad thing is that nothing happens after that. It doesn't execute or anything. And again, no feedback in the TDS screen-log. Just the following line:

    21:01:48 [File Scan] Scanning file C:\somefile.msi

    Does anyone have this problem aswell?
    I'm running Windows 2000 Server UK SP3 and TDS-3 (3.2.0.0)
    Also, I have bought a copy of the software so I'm pretty sure it's not some trial-thing.

    Below you'll find the output of TDS when I double-click the msi-file (and not have TDS running):

    21:01:34 [Init] Trojan Defence Suite v3.2.0 - Registered to xxxxxxx xxxxxxx
    21:01:34 [Init] Started 23-05-03 21:01:34 W. Europe Standard Time (UTC: -1), Internet Time @834,42
    21:01:34 [Init] Loading TDS-3 Systems ...
    21:01:34 [Init] • Exec Protection : Not Installed
    21:01:34 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    21:01:37 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    21:01:37 [Init] • Systems Initialised [24950 references - 8135 primaries/6657 traces/10158 variants/other]
    21:01:37 [Init] Radius Systems loaded. <Databases updated 23-05-2003>
    21:01:37 [Init] TDS-3 Ready. <xxxxxx@xxx.xxx.xxx.xxx, 127.0.0.1 - xxxxxxxx>
    21:01:37 [Tip Of The Day] For a summary of what a button or feature of TDS-3 does, hover the mouse cursor over it to get tooltip information.
    21:01:37 [TDS] Good evening xxxxxx.
    21:01:39 [Memory Scan] Memory scan started, please wait a moment ...
    21:01:41 [Memory Scan] Memory scan complete.
    21:01:41 [Mutex Memory Scan] Started...
    21:01:42 [Mutex Memory Scan] Finished (no trojan mutexes found).
    21:01:42 [Trace Scan] Started...
    21:01:48 [Trace Scan] Finished.
    21:01:48 [File Scan] Scanning file C:\somefile.msi

    Anyway, any help is greatly appreciated.

    TIA

    kaneda
     
  2. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi kaneda,

    TDS-3 doesn't show something like "I'm done, it's ok" or anything similar like that when you scan a single file. But if it finds a trojan or something like that, it would show you that (see screenshot).

    Concerning your other problem (msi), I think that the settings (properties) of the file is set wrong. Right-click the file, open properties and change the program which is responsible to open it.

    Hope that helps you out so far! ;)

    Best regards,

    Patrice
     

    Attached Files:

  3. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hey kaneda,

    Regarding the msi deal, I used to have the same issue but it went away "of its own will" after a while. I do think that Patrice's remark on this is correct, though. (It probably got fixed on my laptop via the application of some MS update or patch.)

    If you have win2k you might want to check that the regkey

    HKEY_CLASSES_ROOT\Msi.Package\shell\Open\Command

    has an entry named "Default" with a REG_SZ value of

    "C:\WINNT\System32\msiexec.exe" /i "%1" %*

    If you installed 2k in a different directory or volume you will need to change the value accordingly. The key may be exactly the same for NT or XP but I would'nt trust that without confirmation from someone who has it.

    BTW - when I WAS impacted by this issue I was able to work around it by launching the msi via the "Right-Click contect menu INSTALL" option as opposed to doubleclick.

    Hope this helps,

    Dan
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I think MSI files are fine for me..

    In My Computer > Folder Options, can you find the MSI files and set the default association again ? If its already Install as default try changing it then changing it back

    At a last resort you can stop TDS-3 taking over the association which has to do with right click scanning. The following patch will remove it.. maybe a last resort :)

    http://tds.diamondcs.com.au/tdsregpatch.exe
     
  5. kaneda

    kaneda Registered Member

    Joined:
    May 23, 2003
    Posts:
    2
    Hi ppl,

    Thanks very much for your quick replies.
    When I checked the right-click contextmenu I found that the default option was 'Scan file with TDS-3'. I changed the default action to 'Open' and it seems to work fine now.

    Thanks all

    kaneda
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Kaneda, welcome with the TDs people.
    Hope you're soon able to use the exec protection (registered users only) as this is an extra and strong protection against execution of malicious code on your sytem!
     
  7. EsA6

    EsA6 Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    Location:
    Paris, Brussels, Tokyo, Sao Palo, Kiev...
    Saw that screenshot und dachte's 'was komisch dass ich eine deutsche version von windows observiert habe ;) Biste echt ein "spook" oder glaubste nur das?
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello code
    in this international forum you can expect people from all sides of the world, hence windows versions in every language, but we seldom see them in screenshots. Treasure them!
    Even though i can't read them, i would like to see them in russian or chinese!
     
  9. EsA6

    EsA6 Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    Location:
    Paris, Brussels, Tokyo, Sao Palo, Kiev...
    I am not sure I would be "Russian" to see them in Chinese since the command prompt --I would imagine-- would have to be a bit more of a strain on the eyes, barring of course, a much larger fontsize :eek:

    Still I was secretly enthralled to see the choice of OS languages being something other than vanilla. Although I am told that llamas get quite agitated at the sound of german vowels and such wafting ever so lipidly (as the language would seem to have it -- zum Glück) through the air. But I would tend to agree.

    Yet, I always thought it was funny which items Microsoft decided to "translate" and which items they did not. I always thought it was funny how "My Computer" became "Arbeitsplatz (work place)" but "Desktop" remained "Desktop". :cool: While in Spanish "My Comuter" became "Mi PC" and "deskop" became "Escritorio" and in French, "Bureau", Norweigen, "Skrivebord" and in Czech, "Plocha". Strange mushrooms grow in Redmond...
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    How do you like the translations in Port Explorer?
    Native users from various countries worked on them, using the MS products as a guide and own --in several cases much better-- experience leading to understandable terms.
     
  11. EsA6

    EsA6 Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    Location:
    Paris, Brussels, Tokyo, Sao Palo, Kiev...
    I can really tell, the translated names for items aren't too cheesy at all. It is probably one of the best-integrated multilingual apps I've run into of late. It's also very fun to switch languages en temps du temps. Keeps things "zanimljiv".
    As far as the matter of users in different countries contributing, I would venture to think that PE has a substantial loyal following, partly because it enables the average user to monitor and control ports without resorting to the command line and all of that fun stuff, and partly because DCS has been quick with updates and patches which lets us know we still have a pulse. Has Gavin ever thought of a PE for the linux cult members?
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi C,
    Yep, we have spent many happy hours playing with the betas before the updates, sometimes three in one day!
    I am glad you find the translations OK Must admit I have enough problems with my native English :oops:
    BTW Jason is the main PE developer, Gavin is the Trojan specialist & Wayne is the boss :D All are excellent programmers ;)

    Cheers Pilli
     
  13. EsA6

    EsA6 Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    Location:
    Paris, Brussels, Tokyo, Sao Palo, Kiev...
    Kudos to the lot of you. I wish Jason, Gavin and Wayne all the best for their hard work and availability to the masses. It makes DCS a little bit of a cult phenom, a quasi-Krispy Kreme of the software rhelm (those of you in the USA know that for which I quite understandably rattle on :D). DCS has been supurb and speedy in answering e-mail support and sales questions. I had no idea they spent so much time in here too! When do they sleepo_O You deserve every $AU.
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    They just work very hard and are very productive in all time available.
    Just heard new studies found out one hour of good sleep would be enough; don't tell them that please.
     
  15. EsA6

    EsA6 Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    9
    Location:
    Paris, Brussels, Tokyo, Sao Palo, Kiev...
    It worked for Einstein and Churchill. I suppose if the hours of one's sleep is the measure of one's intelligence, than I have a pretty dumb cat.
     
Thread Status:
Not open for further replies.