Trumped by McAfee???

Discussion in 'Trojan Defence Suite' started by spiff5000, Jul 21, 2004.

Thread Status:
Not open for further replies.
  1. spiff5000

    spiff5000 Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    49
    Just installed McAfee v8 this evening. After updating it immediately found downloader-iq trojan.

    Last week, I installed TDS-3 (trial version) and scanned my computer and kept running as an active process, but it didn't find this trojan. Can anyone explain this?

    -Spiff5000
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Spiff5000,
    Did you download the latest radius file updates?
    Were all the scan options selected when you did a full scan, remember that TDS is updated daily during the week.
    In the trial version the resident part of TDS3 is disabled, this is called Execution Protection and is only active when installed &TDS3 is running.

    HTH Pilli
     
  3. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Also, if you ever do find something that you believe is a trojan and TDS doesnt detect it, simply submit it to submit@diamondcs.com.au and we'll get back to you ASAP to let you know what it is (or isn't).

    Best regards,
    Wayne
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Probably a new adware downloader, which is what 90% of trojans seem to be these days (amazing isn't it). New things appear all the time, detection of them all depends on who it gets sent to (which AV's, which AT's)

    We can't possibly detect everything, which is why TDS is best used with an antivirus. However, if you send anything your antivirus quarantines then we can detect those things on machines with no antivirus or an inferior antivirus solution :) so submitting is always appreciated

    On that note, quarantine is also the best idea because of the possibility of false alarms
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Now it is important to know if you executed the nasty and got really infected (this is why TDS gives you full pathnames all time to ease determination), look in your windows for the files mentioned in this description:
    http://vil.nai.com/vil/content/v_122228.htm
    c:\Program Files\ISTsvc\istsvc.exe
    c:\Program Files\PurityScan\PuritySCAN.exe
    c:\WINDOWS\Application Data\besu.exe
    c:\WINDOWS\SYSTEM\expext.dll

    If you find any of them, please let us know and we help you with a further deep cleansing.
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Ahh ok Adware. We cant guarantee detection of adware, but surprisingly we do detect a LOT already and many other scanners miss samples we detect. This is why antivirus and antitrojan are the perfect companions :)
     
Thread Status:
Not open for further replies.