TDS 3.21 - FALSE trojan identification

Discussion in 'Trojan Defence Suite' started by halcyon, Feb 1, 2004.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    TDS 3.21 (full, regged) reports and prevents

    desertcombat_0.5l_beta_full_install.exe

    from excecuting with Excecution protection installed.

    I've downloaded this file from four different sources and all of those TDS has labelled with:

    Alarm: Positive identification
    Name: <empty>
    File: desertcombat_0.5l_beta_full_install.exe

    AFAIK, this file does not contain a Trojan.

    At least nothing on my system scans positive after I've installed Desert Combat, removed the installer and done a full scan (NOD + TDS + A2 + some online scanners).

    regards,
    Halcyon
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Halcyon, Would you be kind enough to zip & send the file to submit@diamondCS.com.au Or if the file is very large supply DCS with the download link that you used & the file data of your DL'd copy so that it can be analysed.

    Thank you. Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    Looks like a false alarm, or there would be a trojan NAME listed. Very interested to see the file if you send it. After which I would suggest update the database again and scan that file
     
  4. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I forgot to tell you that the file is 541 megaBYTES, so I'm not going to be sending it anytime soon :)

    It's a freely available modification to a well known game called Battlefield 1942 and available for instance in the following locations:

    http://www.ausgamers.com/files/download/html/9178

    http://www.gamershell.com/download_4052.shtml

    best regards,
    Halcyon
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Many installers use the same methods as trojans to install, so TDS might be picking up on one of those "install methods" and flagging it
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hmm.. very interesting. I had a feeling it was going to be a big file :)

    There is a database update in 15 minutes, please scan with the next database. It may have been corrupt, otherwise this could be a bug related to TDS scanning such a large file
     
  7. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    If youy are referring to the above file being corrupted, no that was not the case.

    I downloaded it from four different locations and all of them triggered the same alarm in TDS-3.

    However, all of them install / pass CRC fine after I remove TDS-3 execution protection.
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    After installation put exec protection back and scan the whole folder and other parts of it, maybe better a whole deep canning full system scan, just to be very sure.
    Enjoy your game!
     
  9. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Yes, that's just what I did :)

    No ALARM after installation of the mentioned Desert Combat file for files that have been installed (or any other files, except the installer).

    I updated the database and did a new scan on the installer. It doesn't report an alarm anymore.

    Thanks!
     
Thread Status:
Not open for further replies.