Virus found by NAV2003 in TDS3 demo

Discussion in 'Trojan Defence Suite' started by Bruce, Sep 17, 2003.

Thread Status:
Not open for further replies.
  1. Bruce

    Bruce Guest

    While running TDS-3 (demo) for the first time (it's still running now), Norton Antivirus alerted that virus Hacktool.Exebin was found in ..\TDS3\xDynamic\TDS.Unpk\exebindev.exe.

    Has anyone else seen this?
     
  2. Bruce

    Bruce Guest

    RE: Virus found while running TDS-3 demo

    I identified the TDS-3 path, and the virus name, incorrectly.

    Found by Norton Antivirus 2003 while running the demo. I just downloaded and installed it today, and it's still scanning.

    This is the alert I received from NAV:

    Object Name: ..\TDS-3\xDynamic\TDS.Unpk\exebinder.exe

    Virus Name: Hacktool.exebind

    Action Taken: Unable to repair this file


    Here is what the Symantec site says about this "virus"

    "Hacktool.Exebind itself is not a virus, worm, or Trojan. It is a tool that is used by hackers to bind several executable files into one big distributable package. This tool is frequently used by hackers who create Trojan horses. Norton AntiVirus will detect all Trojan horses that are created by this tool.

    If you have a file that is detected as Hacktool.Exebind, it is most probably a Trojan Horse. It is recommended that you submit this file for further analysis, or simply delete it."

    Does this imply that DiamondCS are using this tool to pack the program, or do I have a problem?
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    RE: Virus found while running TDS-3 demo

    Hi Bruce, no this is not what happened.
    The file must be / have been on your system. TDS uses that folder to unpack a file for deeper scanning. Normally it is deleted afterwards, so why this didn't happen this time i'm not sure.
    If you scan this same file with TDS, do you get an alarm on it?
    And of course i like to know if there is any other place on your system where the same file is found?
    And i would really advice you to zip the file and send it to submit@diamondcs.com.au so Gavin will advice you what next to do, and which measures to take if necessary.
    It's always good to know your submission is helpful for the internet community as a whole.

    Of course i do hope it's a false positive, and if not there might be more files to look for, so don't hesitate too long with your submission! thanks and keep us posted!

    Also make suer after the TDS install you get the update from the site, put it in the TDS-3 directory and (re)start TDS.
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Must have EXEBinder in a zip somewhere, TDS unzipped it to scan it, and the AV jumped in. TDS couldnt scan it or delete it, because the AV locked it (to protect you) :) Just delete it
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D that strange i have updated tds 3 and updted norton never said that to me


    but that stuff happends with other programs
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Blaze, not seen you in this area for a while!
    Were your nasties in zipped form and kept inthere?
     
  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dnah i stop playing with the nastys tds and boclean kept catching them all lol

    i was hopeing to find one so i can claime dicovering it and name it after me lol

    no such luck jason and them boys have a daily updated data base and i get update alerts from boclean every day now.

    so gave up im to secure on this pc lol

    of course i just painted a bulls eye on my pc saying that but hopefully if i get hacked i can ask the guy thats doing it how he got threw and how i can fix it so it dont happen algain.

    most hackers got twisted or playful since of huemor there not milichiosley evill just very curiouse people
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Unfortunately some are really destructive too, not all just playing kids.

    Blaze i had some nasty a few weeks ago which was a spybot which was infected by a virus and got infected by another virus again, very nice sample, KAV didn't discover nothing in it, Gavin did. Could not name it to myself of course, wouldn't have liked that either, as it was something existing already and i wouldn't like my name connected to some nastyness.
    I was proud with the sample of course.

    But good to read you're on the bright side of whatever you're doing!
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dim just hanging out reading tds stuffs enjoying the bord

    espechialy the new posters very refreshing
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    we all learn from every question, lots of new info!
    Glad you enjoy it too and to play with your tools!
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D HMMMM YOU THINK IF I GET LIKE A S#$% LOAD OF NEW SUBSCRIBERS FOR TDS A SIGNIFICANT NUMBER WAYNE AND GALVIN WLL HIRE MORE TDS STAFF SO THEY CAN START ON

    MAY I GET A DRUM ROLL PLEAS LOL

    Dimond antiviruse pro
     
  12. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D i know its a dream but how many subscribers would you think it take to motvate such a bold move
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    We're happy enough with the trojans, worms, keyloggers, dialers, bots, drats, snakes, exploits, scrip, polymorphs, the whole lot, what to do with viruses?
    Better specialize in something and be the best in that; the whole world is shaking already each time DCS brings another new tool or application for us!

    New staff? for even more support? or building more products then the betatesters can taste before public release?

    Nice things happening here, true!
     
Thread Status:
Not open for further replies.