Single-file scan problems and Execution Protection

Hello ppl,

As a new user of TDS-3 I'm kinda unfarmiliar with the config and features so please excuse my ignorance. I'm having some trouble using the single-file scanning option (the right-click context menu). It does initiate a scan on the selected file but it never finishes. At least it doesn't say so.

21:01:48 [File Scan] Scanning file C:\somefile.exe

And that's it! No "I'm done, it's ok" message or anything.
Assuming that 'no news is good news' I can live with that but there's another situation where it becomes somewhat more of a problem.

For some strange reason when I execute an '.msi' (Microsoft Installer Package) it loads TDS and starts scanning the file. Even if I remove 'Execution Protection' (and reboot just to be sure). That's ok too, better safe than sorry! But the bad thing is that nothing happens after that. It doesn't execute or anything. And again, no feedback in the TDS screen-log. Just the following line:

21:01:48 [File Scan] Scanning file C:\somefile.msi

Does anyone have this problem aswell?
I'm running Windows 2000 Server UK SP3 and TDS-3 (3.2.0.0)
Also, I have bought a copy of the software so I'm pretty sure it's not some trial-thing.

Below you'll find the output of TDS when I double-click the msi-file (and not have TDS running):

21:01:34 [Init] Trojan Defence Suite v3.2.0 - Registered to xxxxxxx xxxxxxx
21:01:34 [Init] Started 23-05-03 21:01:34 W. Europe Standard Time (UTC: -1), Internet Time @834,42
21:01:34 [Init] Loading TDS-3 Systems ...
21:01:34 [Init] • Exec Protection : Not Installed
21:01:34 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
21:01:37 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
21:01:37 [Init] • Systems Initialised [24950 references - 8135 primaries/6657 traces/10158 variants/other]
21:01:37 [Init] Radius Systems loaded. <Databases updated 23-05-2003>
21:01:37 [Init] TDS-3 Ready. <xxxxxx@xxx.xxx.xxx.xxx, 127.0.0.1 - xxxxxxxx>
21:01:37 [Tip Of The Day] For a summary of what a button or feature of TDS-3 does, hover the mouse cursor over it to get tooltip information.
21:01:37 [TDS] Good evening xxxxxx.
21:01:39 [Memory Scan] Memory scan started, please wait a moment ...
21:01:41 [Memory Scan] Memory scan complete.
21:01:41 [Mutex Memory Scan] Started...
21:01:42 [Mutex Memory Scan] Finished (no trojan mutexes found).
21:01:42 [Trace Scan] Started...
21:01:48 [Trace Scan] Finished.
21:01:48 [File Scan] Scanning file C:\somefile.msi

Anyway, any help is greatly appreciated.

TIA

kaneda

 

Hi kaneda,

TDS-3 doesn't show something like "I'm done, it's ok" or anything similar like that when you scan a single file. But if it finds a trojan or something like that, it would show you that (see screenshot).

Concerning your other problem (msi), I think that the settings (properties) of the file is set wrong. Right-click the file, open properties and change the program which is responsible to open it.

Hope that helps you out so far!

Best regards,

Patrice

 

Hey kaneda,

Regarding the msi deal, I used to have the same issue but it went away "of its own will" after a while. I do think that Patrice's remark on this is correct, though. (It probably got fixed on my laptop via the application of some MS update or patch.)

If you have win2k you might want to check that the regkey

HKEY_CLASSES_ROOT\Msi.Package\shell\Open\Command

has an entry named "Default" with a REG_SZ value of

"C:\WINNT\System32\msiexec.exe" /i "%1" %*

If you installed 2k in a different directory or volume you will need to change the value accordingly. The key may be exactly the same for NT or XP but I would'nt trust that without confirmation from someone who has it.

BTW - when I WAS impacted by this issue I was able to work around it by launching the msi via the "Right-Click contect menu INSTALL" option as opposed to doubleclick.

Hope this helps,

Dan

 

I think MSI files are fine for me..

In My Computer > Folder Options, can you find the MSI files and set the default association again ? If its already Install as default try changing it then changing it back

At a last resort you can stop TDS-3 taking over the association which has to do with right click scanning. The following patch will remove it.. maybe a last resort

http://tds.diamondcs.com.au/tdsregpatch.exe

 

Hi ppl,

Thanks very much for your quick replies.
When I checked the right-click contextmenu I found that the default option was 'Scan file with TDS-3'. I changed the default action to 'Open' and it seems to work fine now.

Thanks all

kaneda

 

Hi Kaneda, welcome with the TDs people.
Hope you're soon able to use the exec protection (registered users only) as this is an extra and strong protection against execution of malicious code on your sytem!

 

Saw that screenshot und dachte's 'was komisch dass ich eine deutsche version von windows observiert habe Biste echt ein "spook" oder glaubste nur das?

 

Hello code
in this international forum you can expect people from all sides of the world, hence windows versions in every language, but we seldom see them in screenshots. Treasure them!
Even though i can't read them, i would like to see them in russian or chinese!

 

I am not sure I would be "Russian" to see them in Chinese since the command prompt --I would imagine-- would have to be a bit more of a strain on the eyes, barring of course, a much larger fontsize

Still I was secretly enthralled to see the choice of OS languages being something other than vanilla. Although I am told that llamas get quite agitated at the sound of german vowels and such wafting ever so lipidly (as the language would seem to have it -- zum Glück) through the air. But I would tend to agree.

Yet, I always thought it was funny which items Microsoft decided to "translate" and which items they did not. I always thought it was funny how "My Computer" became "Arbeitsplatz (work place)" but "Desktop" remained "Desktop". While in Spanish "My Comuter" became "Mi PC" and "deskop" became "Escritorio" and in French, "Bureau", Norweigen, "Skrivebord" and in Czech, "Plocha". Strange mushrooms grow in Redmond...

 

How do you like the translations in Port Explorer?
Native users from various countries worked on them, using the MS products as a guide and own --in several cases much better-- experience leading to understandable terms.

 

I can really tell, the translated names for items aren't too cheesy at all. It is probably one of the best-integrated multilingual apps I've run into of late. It's also very fun to switch languages en temps du temps. Keeps things "zanimljiv".
As far as the matter of users in different countries contributing, I would venture to think that PE has a substantial loyal following, partly because it enables the average user to monitor and control ports without resorting to the command line and all of that fun stuff, and partly because DCS has been quick with updates and patches which lets us know we still have a pulse. Has Gavin ever thought of a PE for the linux cult members?

 

Hi C,
Yep, we have spent many happy hours playing with the betas before the updates, sometimes three in one day!
I am glad you find the translations OK Must admit I have enough problems with my native English
BTW Jason is the main PE developer, Gavin is the Trojan specialist & Wayne is the boss All are excellent programmers

Cheers Pilli

 

Kudos to the lot of you. I wish Jason, Gavin and Wayne all the best for their hard work and availability to the masses. It makes DCS a little bit of a cult phenom, a quasi-Krispy Kreme of the software rhelm (those of you in the USA know that for which I quite understandably rattle on ). DCS has been supurb and speedy in answering e-mail support and sales questions. I had no idea they spent so much time in here too! When do they sleep You deserve every $AU.

 

They just work very hard and are very productive in all time available.
Just heard new studies found out one hour of good sleep would be enough; don't tell them that please.

 

It worked for Einstein and Churchill. I suppose if the hours of one's sleep is the measure of one's intelligence, than I have a pretty dumb cat.