TDS terminates w/o further indication

Discussion in 'Trojan Defence Suite' started by Uwe, May 25, 2004.

Thread Status:
Not open for further replies.
  1. Uwe

    Uwe Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    Location:
    Germany
    Hi,

    Recently we got a strange problem with TDS on one of our Servers.

    OS: Windows 2000 Server MUI English SP4
    latest patches.
    AV: Mc Affee Enterprise 7.1 (latest signatures)
    TDS latest radius.

    Problem:

    When starting TDS from Desktop shortcut it starts up until the inital
    greetings (.. good morning ...etc) but then it terminates without further
    indication.
    Same when started via Start Menue.

    Shortcut points to TDS install directory C:\program files\tds3\tds-3.exe

    Renaming tds-3.exe to tdscan.exe gave not change when started via shortcut.

    Reinstalling TDS with prior cleanrun.reg gave no change.

    But when starting TDS-3.exe via DOS-Box it runs fine.

    Scans:

    Full Scan with TDS3 (all options enabled) no findings
    Full Scan with McAffee no findings
    Ad-Aware and Spybot SD show no findings

    Asviewer and Hijack-this show no change from second Server with identical
    setup (HW and SW)

    Any advice ?

    rgds,

    Uwe
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there Uwe and welcome,
    thinking deep now ............. were there recently any changes on that system, new software, crashes? All the required system files still there, not overwritten with older file versions?
    Did you check the configuration about all the startup scans etc?
    Does it just close completely or minimize, disappearing from the task manager too or just stops any further action and you can do nothing or do other things with it when pressing the buttons?
    Does it run well on other systems? Could you check differences in file versions with another win2000 box?
    Does it make a difference if you change the name in something without TDS or DCS, say Scan.exe for instance?
     
  3. Uwe

    Uwe Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    Location:
    Germany
    Hi,

    Thx for quick reply.

    In answer to your questions:

    Q:"were there recently any changes on that system, new software, crashes"

    A:No, only recent Windows patches and AV signature updates.

    Q:"All the required system files still there, not overwritten with older file versions?"

    A: File status: Required - Installed

    comctl32.ocx (Windows 9x/NT/2K) req. v6.0.80.22 inst: 6.0.80.22

    tabctl32.ocx (Windows 9x/NT/2K) req. v6.0.88.4 inst: 6.0.90.43

    richtx32.ocx (Windows 9x/NT/2K) v6.0.88.4 inst: 6.0.88.4

    comdlg32.ocx (Windows 9x/NT/2K) v6.0.84.18 inst: 6.0.84.18

    riched32.dll (Windows NT/2K) v5.0.2134.1 inst: 5.0.2134.1

    asycfilt.dll (Windows 9x/NT/2K) v2.40.4277 inst: 2.40.4522.0

    msvcrt.dll (Windows 9x/NT/2K) v6.1.9359.0 inst: 6.1.9844.0

    msvbvm60.dll (Windows 9x/NT/2K) v6.0.84.95 inst: 6.0.96.90

    mscomctl.ocx (Windows 9x/NT/2K) v6.0.84.98 inst: 6.0.84.98


    Q: Did you check the configuration about all the startup scans etc?

    A: yes , identical between a running and a failing machine

    Q: Does it just close completely or minimize, disappearing from the task manager too or just stops any further action and you can do nothing or do other things with it when pressing the buttons?

    A: it closes completly and disappears from the task manager.
    No further actions possible

    Q: Does it run well on other systems? Could you check differences in file versions with another win2000 box?

    A: yes runs well on other systems , File versions are identical on running box.

    Q: Does it make a difference if you change the name in something without TDS or DCS, say Scan.exe for instance?

    No, same problem


    rgds,

    Uwe
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    And does it only happen with TDS or also with other programs, security software as well as other programs?
    Not been infected either?
     
  5. Uwe

    Uwe Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    Location:
    Germany
    Hi,

    Problem only occurs with TDS, not with other Security SW as:

    GFI Languard
    STAT Enterprise
    Mc Affee Enterprise

    rgds,

    Uwe
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    One would almost say copy the whole working system over the one with the closing TDS, as i don't see no valid reason.
    It must be some setting somewhere.
    You ran AutoStartViewer already, also after your re-install of TDS?
    http://www.diamondcs.com.au/index.php?page=asviewer
    Going to think of some setting in the registry -
    You say you can start it from DOS, which was not all clear for me, do you mean if you open a DOS box in windows TDS keeps running then properly with all it's scans or? nothing of that?
     
  7. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Try turning off execution protection if you have it enabled in TDS-3, that might fix the problem.
     
  8. Uwe

    Uwe Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    Location:
    Germany
    Hi,

    reg. to your Questions:

    Q: One would almost say copy the whole working system over the one with the closing TDS, as i don't see no valid reason.
    It must be some setting somewhere.

    A: Not that easy because this server is the Domain Controller

    Q: You ran AutoStartViewer already, also after your re-install of TDS?
    http://www.diamondcs.com.au/index.php?page=asviewer

    A: Yes before and after install

    Q: Going to think of some setting in the registry -

    A: Will check this

    Q: You say you can start it from DOS, which was not all clear for me, do you mean if you open a DOS box in windows TDS keeps running then properly with all it's scans or? nothing of that?

    A: Yes running CMD from Start Button Run and than running c:\program files\tds3\tds-3.exe works fine.
    All scans possible, all functions fine.


    Q: Exec protection enabled ?

    A: Exec protection is not installed


    rgds,

    Uwe
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Uwe, what items are in this registry key :-

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

    If they have no description go looking in your HKEY_CLASSES_ROOT\CLSID\ for the {xxxx-xxx-xxx} values you see in there.
     
  10. Uwe

    Uwe Registered Member

    Joined:
    May 25, 2004
    Posts:
    6
    Location:
    Germany
    Hi Jason,

    Failing machine:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

    contains:
    A RegSZ key name AEB671-7E..... with blank data

    HKEY_CLASSES_ROOT\CLSID\ has the same key with subkey
    InProcServer32 which has a default entry with data shell32.dll and
    as ThreadingModel Apartment.

    Running machine:

    identical

    rgds,



    Uwe
     
  11. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Is their any command line or other options set on the TDS-3 shortcut link?
     
Thread Status:
Not open for further replies.