TH logfile review-anyone here please? TIA

Discussion in 'other anti-trojan software' started by slammer_JvA, Mar 7, 2004.

Thread Status:
Not open for further replies.
  1. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    Little mr. Inpatient as I tend to be sometimes (... :oops: ;))...
    here's a quote from an entry I made on the Mischel Internet Security website.

    I am having difficulties to see the forest for the trees... (and one has to start somewhere )

    Can anyone here please be so kind to give me some pointers/advice on this logfile, and what to do with it?

    Registry scan
    No suspicious entries found
    Inifile scan
    No suspicious entries found
    Port scan
    No suspicious open ports found
    Memory scan
    No trojans found in memory
    File scan
    Found trojan file: C:\Program Files\Common Files\updater\sui.exe (Adware.Euniv.100)
    Warning: Unable to unpack UPX-packed file C:\Program Files\Risk\TRAINER.EXE (Add to ignore list)
    Warning: Unable to unpack UPX-packed file C:\System Volume Information\_restore{1209D00C-11FE-4E79-856E-B4B79564FE0A}\RP40\A0003657 .exe (Add to ignore list)
    Warning: Unable to unpack UPX-packed file C:\System Volume Information\_restore{1209D00C-11FE-4E79-856E-B4B79564FE0A}\RP42\A0007601 .exe (Add to ignore list)
    Found trojan file: C:\System Volume Information\_restore{1209D00C-11FE-4E79-856E-B4B79564FE0A}\RP42\A0007607 .exe (Adware.Euniv.100)
    Warning: Unable to unpack UPX-packed file C:\unzipped\file1\EA.Games.Multi.Keygen.exe (Add to ignore list)
    Warning: Unable to unpack UPX-packed file F:\GAMES\file1.zip/EA.Games.Multi.Keygen.exe (Add to ignore list)
    Found trojan file: F:\SECURITY\leaktest1.2.exe (LeakTest.102)
    3 trojan files found


    Like to learn!
    Thanks in advance,
    Grtz,
    Slammer
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    slammer,

    This sounds like a positive identification. Submit the file to the software developer for examination.

    As for UPX files: TrojanHunter is unable to cope with these - for that reason the software pops up this warning on all UPX files.

    Disable System Restore, if possible reboot in the Safe Mode, and perform a new scan (provided the file has been examined and isn't a false positive). Let the software tkae care of the cleaning. You can enable System Restore after this.


    As for the UPX) Games multi.key generator: on first glance it looks like a cracking tool generating illegal key files for games software. It's very common those files do come with sort of a "bonus" - a trojan/backdoor infecting a system. If[/ib] we are talking about such an illegal cracking tool, your system fairly sure has been backdoored. Make sure to get rid of it and change all passwords after doing so - they are out in the open for many to abuse.

    regards.

    paul
     
  3. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    no trojan hunter only reports files it can not unpack, for example files packed with a modified upx, or those that are crypted/protected..for example i have a private upx version and trojan hunter warns on all trojans packed with it.

    it does not warn on all upx files and it can unpack a lot of upx packed files
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Seems like we agree in essence here ;)

    ..at the moment, not that many IMHO. That said: I'm convinced v4 will be an improvement in this regard ;)

    regards.

    paul
     
  5. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:


    :eek: ...busted! :oops: ;) (as said b4: I'm no saint...not proud of it...)

    Then again: I already suspected and expected such a thing you describe here...I'm no real nitwit.
    Will certainly follow your advice on this. Tnx.
    (btw You've got mail :) )
    Regards,
    slammer
     
  6. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    While we're at it: what about this one? Puzzles me: Is this a real (Trojan) threat?! Because if it is... :mad:

    (The only dumb Q is the one never asked, right? ;))
    grtz,
    slammer
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi slammer,

    No comment on the keygen - you know our view on this ;)

    I will check my inbox soon!


    As for your latest question: no real thread - GKweb is the expert on these for sure; he'll drop by to explain no doubt. You can delete the file btw if you feel like it.

    regards.

    paul
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    you might have a look at this thread ;)

    regards.

    paul
     
Thread Status:
Not open for further replies.