TDS-3 detects UnHackMe as keylogger?

Discussion in 'Trojan Defence Suite' started by Chris12923, Apr 26, 2005.

Thread Status:
Not open for further replies.
  1. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, Chris!

    I posted a thread on the TDS Private forum on the 23rd at 12:04 p.m and submitted the file to DCS at the same time.

    As of yet, I haven't received any response.

    It's quite possible that it's an Austrailian holiday or something (or they're just busy with something else). I'm sure they'll get around to it. Pete
     
  3. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Chris12923 & Spy1

    I think richrf is saying it is no longer flagged in post reply #33 in the link Chris12923 gave.

    Take Care,
    TheQuest :cool:
     
  4. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Quite true, TQ - I didn't get the "keylogger" alert either with the new beta.

    However, I was curious about the fact that the NTF stream(s) changed from one beta to the next.

    On the 23rd (previous beta), this was the NTFS stream found:

    11:41:02 [NTFS ADS] Stream found - c:\program files\unhackme\aspr_keys.ini:Zone.Identifier

    On the 25th (current beta), these are the NTF streams found:

    10:14:15 [NTFS ADS] Stream found - c:\program files\unhackme\unhackme.exe:SummaryInformation
    10:14:15 [NTFS ADS] Stream found - c:\program files\unhackme\unhackme.exe:(4c8cc155-6c1e-11d1-8e41-00c04fb9386d)

    So whatever the problem was, was fixed with the new UnHackMe beta - because DCS hasn't changed anything relating to it - detection-wise - between the two beta's.

    Just one of those things I like to ponder on. Good night, all. Pete
     
  5. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Pete,

    Did you have a chance to view the NTFS ADS and see what was in there that may have triggered an alarm?

    Rich
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Rich - I have TDS-3 set to show all NTFS ADS that it finds, so it's not a case of "what was in there that may have triggered the alarm" - it's just the way I have it set up to scan. No, I didn't examine the first stream or the subsequent ones.

    Anyway, got an email response from DCS's support on the prior beta's Unhackme.exe that I submitted:

    "Hi,

    Not a keylogger, you can safely ignore this detection


    Best regards,
    DiamondCS Support"

    so - there ya' go. Pete
     
  7. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Thanks Pete. I also see you posted at Greatis forum which I will close in a while. Mods can feel free to close this one too since question is answered. Thanks again guys.

    Thanks,

    Chris
     
Thread Status:
Not open for further replies.