TDS Componant Flagged By A.V.

Discussion in 'Trojan Defence Suite' started by Befuddled, Aug 18, 2004.

Thread Status:
Not open for further replies.
  1. Befuddled

    Befuddled Guest

    Hello,

    I downloaded and installed TDS 3 earlier today.Thought it a very smart collection of nick-knacks.

    To be brief,I just ran a virus scan and the following TDS componant was flagged as W32 Malware by Norman Virus control.W32 malware is a term employed for un-identified viruses and trojans detected via Norman's revolutionary Sandbox Technology.

    Here's the log:

    Virus W32/Malware
    Scan engine: 5.70.14, Nvcbin.def 5.70 (2004/08/17), Nvcmacro.def 5.70 (2004/08/17).
    Login info: user xxxxx, host '$$$$$$$' .
    Infected file C:\Program Files\TDS3\Ext.Plug\troports.exe
    Quarantined file C:\Program Files\TDS3\Ext.Plug\troports.exe
    Deleted file C:\Program Files\TDS3\Ext.Plug\troports.exe

    Now,what I think has probably happened here is that perhaps certain parts of TDS resemble hacktools to an extent (triggering an fp).Or...horror of horrors,a virus has been co-incidentally dropped in the TDS directory.

    So,I suppose I'm asking first and foremost for confirmation that this is indeed a legitimate componant of TDS?
    I will of course be discussing this with Norman,because false positives make everyone look slack,don't they?

    Many thanks for any insights.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Befuddled & welcome,
    Looks like an FP but to be sure here are the properties for Troports.
    Created 1st March 1999
    Size: 28,700 bytes
    size on disk: 32,768 bytes
    Version 1.0.0.0 - Company: Diamond Computer Systems Pty. Ltd.

    HTH Pilli
     
  3. befuddled

    befuddled Guest

    Thank you,I'll take a look in quarantine.

    I guess I've knackered the progrmme now,haven't I?DOH!
     
  4. befuddled

    befuddled Guest

    All alright.Identical to the properties specified.I safely restored it.I'll just check that TDS isn't damaged as a result.

    Thanks for your help,Pilli!

    BTW it's 4.36 am in the U.K. As TDS says "Don't stay up all night."
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Glad about that :)
    I was awoken by tinnitus, shall try to get more sleep when it calms down a bit.

    Cheers. Pilli
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Definitely not a trojan, but I would expect the sandbox says that file is malware mostly because it has the word trojan through it and connects to trojan ports.

    Anyway, can you exclude it ?
     
  7. befuddled

    befuddled Guest

    Hello,Gavin,

    Spoke to Norman HQ.Forwarded the file + relayed what both Pilli and yourself told me.
    Norman says he'll sort it out,no problem.
     
  8. befuddled

    befuddled Guest

    To conclude-Norman released an update yesterday and troports.exe is no longer being flagged.
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks for the update!
    Enjoy all your security software now even more :)
     
  10. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    721
    Location:
    Toronto
    Hi Pilli, just curious, my copy of the file has different values, as
    28.5 KB (29,184 bytes) i.e. it's smaller, and
    created Sunday, February 28, 1999, 23:51:19 PM

    Now I downloaded the latest version, 3.2.2 final before V4

    on 2003-07-12 Sat

    Why do I have something different?

    Jim
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Time zones?
    Maybe re-compiled for the current TDS version? Will be the same in functionallity.
    And it might make a diffenrence in size displayed for the real file size and size on disk i've noticed various times. (XP, ME)
     
  12. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    721
    Location:
    Toronto
    Jooske, I'm running W2K with NTFS so that may be the answer.
    thanks as always, Jim
     
Thread Status:
Not open for further replies.