TDS Componant Flagged By A.V.

Discussion in 'Trojan Defence Suite' started by Befuddled, Aug 18, 2004.

Thread Status:
Not open for further replies.
  1. Befuddled

    Befuddled Guest

    Hello,

    I downloaded and installed TDS 3 earlier today.Thought it a very smart collection of nick-knacks.

    To be brief,I just ran a virus scan and the following TDS componant was flagged as W32 Malware by Norman Virus control.W32 malware is a term employed for un-identified viruses and trojans detected via Norman's revolutionary Sandbox Technology.

    Here's the log:

    Virus W32/Malware
    Scan engine: 5.70.14, Nvcbin.def 5.70 (2004/08/17), Nvcmacro.def 5.70 (2004/08/17).
    Login info: user xxxxx, host '$$$$$$$' .
    Infected file C:\Program Files\TDS3\Ext.Plug\troports.exe
    Quarantined file C:\Program Files\TDS3\Ext.Plug\troports.exe
    Deleted file C:\Program Files\TDS3\Ext.Plug\troports.exe

    Now,what I think has probably happened here is that perhaps certain parts of TDS resemble hacktools to an extent (triggering an fp).Or...horror of horrors,a virus has been co-incidentally dropped in the TDS directory.

    So,I suppose I'm asking first and foremost for confirmation that this is indeed a legitimate componant of TDS?
    I will of course be discussing this with Norman,because false positives make everyone look slack,don't they?

    Many thanks for any insights.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Befuddled & welcome,
    Looks like an FP but to be sure here are the properties for Troports.
    Created 1st March 1999
    Size: 28,700 bytes
    size on disk: 32,768 bytes
    Version 1.0.0.0 - Company: Diamond Computer Systems Pty. Ltd.

    HTH Pilli
     
  3. befuddled

    befuddled Guest

    Thank you,I'll take a look in quarantine.

    I guess I've knackered the progrmme now,haven't I?DOH!
     
  4. befuddled

    befuddled Guest

    All alright.Identical to the properties specified.I safely restored it.I'll just check that TDS isn't damaged as a result.

    Thanks for your help,Pilli!

    BTW it's 4.36 am in the U.K. As TDS says "Don't stay up all night."
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Glad about that :)
    I was awoken by tinnitus, shall try to get more sleep when it calms down a bit.

    Cheers. Pilli
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Definitely not a trojan, but I would expect the sandbox says that file is malware mostly because it has the word trojan through it and connects to trojan ports.

    Anyway, can you exclude it ?
     
  7. befuddled

    befuddled Guest

    Hello,Gavin,

    Spoke to Norman HQ.Forwarded the file + relayed what both Pilli and yourself told me.
    Norman says he'll sort it out,no problem.
     
  8. befuddled

    befuddled Guest

    To conclude-Norman released an update yesterday and troports.exe is no longer being flagged.
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thanks for the update!
    Enjoy all your security software now even more :)
     
  10. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    766
    Location:
    Toronto
    Hi Pilli, just curious, my copy of the file has different values, as
    28.5 KB (29,184 bytes) i.e. it's smaller, and
    created Sunday, February 28, 1999, 23:51:19 PM

    Now I downloaded the latest version, 3.2.2 final before V4

    on 2003-07-12 Sat

    Why do I have something different?

    Jim
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Time zones?
    Maybe re-compiled for the current TDS version? Will be the same in functionallity.
    And it might make a diffenrence in size displayed for the real file size and size on disk i've noticed various times. (XP, ME)
     
  12. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    766
    Location:
    Toronto
    Jooske, I'm running W2K with NTFS so that may be the answer.
    thanks as always, Jim
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.