Trojan detection

Discussion in 'NOD32 version 2 Forum' started by rdsu, Sep 25, 2004.

Thread Status:
Not open for further replies.
  1. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi,

    I run the TrojanSimulator (read the page for more details) maded by TrojanHunter and run it...

    The NOD32 only detects the trojan if I run the on-demand scanner, but he can't disable the trojan :(

    This could be a good tester to improve the detection of Trojans for NOD32... ;)
     
  2. profhsg

    profhsg Registered Member

    Joined:
    May 18, 2004
    Posts:
    145
    I tried the simulator and got very interesting results. First, my BOClean stopped the installation dead. Second, (after turning BOClean off) NOD32 gave me the same results as Vampiric Crow--didn't block installation but reported it as a trojan when scanned with the on demand scanner (all NOD32 settings on maximum). However NOD32 did delete the file when I chose that option. I was worried about NOD32's result and decided to try scanning it with Kaspersy AV 5.0 Personal (all defintions up to date--all settings on maxiumum). Not only did KAV not prevent installation, it did not recognize the file as a trojan when scanned with its on demand scanner. Eset may not be the only AV maker who can use the file to test its antitrojan scanning capabilities.
     
  3. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    It is reported under the potentially dangerous applications scan.

    A similar type is AV3. It is not harmful, but is used for testing purposes (labeled as Win32/AVTester Application).

    These are made for testing and have not been agreed upon as a standard (as far as I am aware) for antivirus companies to use (i.e. eicar.com). Probably the reason to not have AMON alert.

     
  4. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    How? I only have the option "Leave" :(
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    You are right. Only if I've that option enable, the NOD32 detects this Trojan. Since AMON doesn't have it, he couldn't detect him... :(
     
  6. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I wonder,with Kav,if it recognised as a simulation and ignored for that reason?if it was a "proper" trojan it would probably be in that products data base(especially as they update every hour or so)and it would probably have reacted to,unless you got infected 2-3 mins after an update ie before the update that would contain the def to deal with it!(hope that makes sense!:-I know what I mean!!)
    Steve
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Good point!

    The a2 didn't detect this TrojanSimulator... Nor in on-demand scan...

    The PestPatrol and ewido detects it on install and on-demand...

    I know, this a simulator, but...
     
    Last edited: Sep 26, 2004
  8. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    has any1 tested this with TDS3. i would be interested to see the results as i am using the free trial @ the moment an deciding if i should buy it?
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    adwatch detects it,but that detects any change to registry while you have it enabled,malicious or none malicious the problem is that,using the same criteria to detect this simulator,that more none trojan activity than trojan activity may be detected:-is everything that changes the Windows/current Version/Run key need to flagged as a trojan or everything that runs in memory?there are probably more none malicious installs(most if the truth be known)want to run as soon as windows start,most of which do it via the registry
     
  10. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA

    I tried it with TDS, it was found in the zip file.
     
Thread Status:
Not open for further replies.