Hello,All Has anyone had this problem when i updated TDS & i did a reboot i keep geting this Mutex Memory Scan Trojan Mutex(es) Found: When before the new update i would see Mutex Memory Scan no Trojan Mutex(es) Found: Now when i go & do a Full system scan i get no Alarms at all so do have a problem here or is it the update oh this is happning on Both Win98 & WinXP Thank You
Mutex infection could for instance be a Nimda infection, to name one of the many; that one you can test at the DCS web site http://www.diamondcs.com.au/source/ at the bottom of that page. It would not alarm easily if nothing is there. Trying now the mutex test, just updated till 11903 refs... It just says "Trojan mutex(es) found: " and stops there, so that means we are clean. Looking in older logs, indeed there it said: Mutex Memory Scan] Started... [Mutex Memory Scan] Finished (no trojan mutexes found)." which is less confusing. With this, you don't seem infected at all, for in that case the name would have been displayed. So don't worry, most of all as all further does function right and nothing came up with the Full System Scan.
You're welcome AAPlus and you too! Keep in touch. Does it further run ok on both your systems? XP is for many still a whole new experience i read in the fora (not using that myself).
Hello,Jooske Yes i now have Finished (No trojan mutexes found) but i have a new problem when i updated TDS again now when i do a Full system Scan i get this Alarm: Positive identification <Adv>: Possible keylogger File: x:\03\dcsmutex.dll now i tryed to Delete this file but TDS keeps puting it back do i hve a problem oh this is on Both Win98 & WinXP Thanks
Yeah, whole internet is talking about it. Gavin posted they added lots of new keylogging detections to the references, so i think they put it on the highest detection. As you've seen it says Possible keylogger <adv> so the file has some code parts in it, which could have been used by a real keylogger too. Be asured there is no problem with the file, as that is the thing testing the mutexes and i guess registry keys, looking at it's name, so it could be the two things, meaning this detection and the text change come very close together. I have the file long time on the system and now we all after these new additions have the same alert, so imagine the hundreds of worried people emailing about it. Posted in the private as well, nothing to worry about till there would be said Positive identification keylogger blabla version ... I compare this with a generic or heuristic scanning which often gives alarms which need to be looked deeper at but in many cases are ok. With our remarks they'll be able to refine the database. Not any need to delete it and you better don't as it has to do with the mutexes testing. It's a vital TDS element, so you can't delete it. In other cases, if you would be worried, better copy such a thing to a safe place or zip it. First scan the thing with your other av/at scannings as well. Others have discovered it already as a false positive so for sure this will be corrected first occasion possible.
You're welcome, enjoy the rest of this beautiful weekend! Edited: In the meantime reply from Wayne: my answer is right for the keylogger kind of code. In the new update the correction has been made, as you will notice with your next scan after you grabbed it.
To expand on that a little more, here's a copy-and-paste (with his permission of course) from Wayne: "Yes this is a false positive -- we create dcsmutex.dll and TDS3, so there is no chance of that file or files like it ever being anything other than a false alarm. One of the mutexes that dcsmutex.dll was looking for had strings often found only in keyloggers which is why the alarm was triggered. Normally dcsmutex.dll is compressed so such strings don't exist in the file, but it somehow escaped compression on Friday! We apologise for any confusion, but the file has now been recompressed and an additional routine has been added here to ensure that such a thing cannot happen in future - if you update your database now, things should be back to normal, with no false alarm on dcsmutex.dll We apologise for our absence over Saturday/Sunday, we spent the weekend upgrading our server and and hard drives here before Easter - we like to upgrade our hardware before crashes occur Best regards, Wayne __________________ Wayne Langlois / DiamondCS wayne@diamondcs.com.au" Hope that clears it up for everyone (especially since it's straight from the source). The update did indeed remove the false positive. Pete