Unknown Trojan

Discussion in 'Trojan Defence Suite' started by HoundDog, Jun 15, 2003.

Thread Status:
Not open for further replies.
  1. HoundDog

    HoundDog Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    7
    Hi all. New to this forum. Have had TDS-3 for awhile.
    I installed a small desktop utility referred by Lockergnome and the LangaList. It's called StatBar and shows cpu usage, free ram, etc. TDS says that it's an unknown trojan. I deleted it, uninstalled it, removed the folder and ran a registry cleaner. Downloaded a fresh copy and reinstalled. Again TDS-3 says it's an unknown trojan. Does anyone know anything about StatBar? Could TDS be wrong? BTW, I removed StatBar. :doubt:
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi HoundDog, I cannot find any bad info' on Statbar - Doing a search here http://www.spywareinfoforum.com/ shows nothing.
    If you still have a copy of your statbar zip would you please send it to submit@diamoncs.com.au DCS wiil be able to affirm a false positive or not :D

    HTH Pilli
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks Pete! ;)

    regards.

    paul
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    YW! (Just Googled the LangaList and did a search there for StatBar).

    Pete
     
  6. HoundDog

    HoundDog Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    7
    Thanks Pilli. Mailed copy of statbar zip to submit... Wait and see.
    HoundDog
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Hounddog,
    not sure where you downloaded the program, i got it now from the place Pete posted from their first mirror the zipped edition and scanned that, unzipped it and scanned again, not any alarm with that.
    Did you d/l it from another maybe less trusted location?
     
  8. HoundDog

    HoundDog Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    7
    Got it from a link at statbar home page. Did you install it and let it run? That's when TDS picked it up (memory process).

    PS. Yes, from same address ( the first zip option ) Tried the EXE. version also. (same result)
     
  9. HoundDog

    HoundDog Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    7
    Pilli,
    How do I find out what DCS finds?
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    DCS will either reply in this thread and or to your private email address :D
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D blaze raise hand me me i know i know

    i use to get fake postives untill i updated to the newest tds and got the latest updates

    i had same prob except i think it said i had muster worm lol
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Same file Blaze, from the same place?
    With a TDS scan?
    False positives with TDS? what did Gavin tell you about the files you submitted to him from those alarms?
    If this would have been the same file and same suspicious code and the original was submitted for advice, the refining in detection would have been added to the references since and no further alerts would have been given as "suspicious" but a name or "not a trojan" or such a message would have been given to it.
    So either it is a different file you're talking about or it was never submitted, but it is impossible you would get a name for a nasty on the same file another gets an alarm "suspicious" without mentioning a name.
     
  13. HoundDog

    HoundDog Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    7
    Cool. Thanx Pilli
     
  14. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Statbar is not a trojan, the author has been informed how to fix the problem if they wish :) I thought there was a new version available which wouldn't be detected.. dont worry about it for now :)
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D now thats service not only did you hear it from the man but he also take the time to help out the maker of the file to fix it

    :D

    nah Jooske i had similar problems with old tds and out dated database

    and yup i turn in all my stuffs to the big boys for review

    one thing i love about those guys is the privacy service they provide

    they really do respect your privacy and confidentiality no question's asked when submitting a file

    just a yes or no either by bord or by private e-mail

    i think thats perty nice :D
     
  16. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Think nothing of it my friend, your privacy and security is our job
     
  17. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Ddid i mention he is super fast to reply wow
     
  18. Mr.Blazer

    Mr.Blazer Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    3
    Location:
    Germany
    TDS is simply the best - period!

    gruss,

    Mr.Blazer
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    TDS3, Without a doubt + Port Explorer, Wormguard, Autostart viewer & Advanced process manipulation - The latter two being totally free :D
     
Thread Status:
Not open for further replies.