Warning Red alert TDS FALSE READING

Discussion in 'Trojan Defence Suite' started by Mr.Blaze, Jun 2, 2002.

Thread Status:
Not open for further replies.
  1. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Gerry, i just now found your posting in the private forum back, now Jan digged it up by replying to that there (thanks) but you are referring there to other posts, i can't find, can you?
    I know it is the habit to put in links to such references and i forget them too sometimes; now you see the value of such references and using the private and this forum as a referring knowledgebase.

    I'm very disappointed that even though we ask each time to please submit the samples to the TDS lab so they can look into it and can refine their databases the samples are deleted before that.
    Now we hear a user snif snif i was infected and how oh my how can and snif more and there is not any certainty at all, there might have been nothing wrong or everything wrong so we don't know what to expect or just to disregard it. It could mean in a future event it could be ignored while it maybe shouldn't at all! I don't know and can't tell and i think from the first start of this thread i've made that point really very clear.
    It's impossible for DCS afterwards too if they don't know what was there or not there and what to look for. They don't eat you for submitting, the trojan might, your system, if it's a real one.
     
  2. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lmao maybe cause first newby reaction is omg thers a trojan in my puter a hacker has been here delet delet ohhhhhhhh goddddddd whhyyy meeee why meeeeeeeeeeeeeeee

    what does the hacker know  

    does he have my porn links

    does he have my dark secrets

    will fbi be breaking dowen my door.

    delet delet delet.

    thats a typical newby reaction lol or at least a blaze one lol so of course i didnt submit it lol  i panic it happens next time i will ill know better =)

    huuuuuuuugggggggggggg joosky im sorry =)
     
  3. FanJ

    FanJ Guest

    Hi Blaze,

    I have emailed you the link to that thread that Gerry started at the private forum (Gerry: thanks again for emailing me that link!).

    Gavin posted in that thread that he changed something so the problem will be solved with today's or tomorrow's Radius update.

    Jooske is of course right about sending in such a thing to DiamondCS, but I can also understand how you reacted when you saw something like that happening for the first time.

    Well, problem solved  :)
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In your CokeMachine script, on the third page, you can activate the Helpfile.exe (of course you can keep that thing running all time, even without script).
    Make sure all pathnames are ok for your system.
    So: first copy the Helpfile.exe to be sure not to lose it. open wordpad,
    load that helpfile.exe in wordpad, which should be in your TDS-3\Scripts\CokeMachine\Helpfile.exe
    Now you'll get shocked by lots of unreadable stuff; don't worry, don't change a thing there, just scroll all to the bottom down and there you'll see some path-names to the forum, TDS, and a few more.
    Make very sure the whole path to TDS-3\ is set correctly as it is on your system, and don't forget nor overwrite any of the "" and don't make extra space empty lines, whatever.
    So this is for the TDS and the Helpfile.
    You will need to edit the music player too and maybe IE and NS.
    If you're really very carefull and see how it is made, you see a little above of that the commands which activate the execution.
    So you might like to add a few and add commands in exactly the same way in the executing part.
    Of course you can use MASH and load the file inthere and make those extra commands from the Advanced Commands Options screens, just try if you like.
    Save and run the thing and i hope it still works.
    Of course you can change for your favorite character via MASH, as that is in the unreadable part :)

    Why all this?
    Well, if that desktophelper is running, you have it voice commanded, the moment you have such a scan alert, for sure you'll scream "HELP!"
    With this cry the TDS-3 Helpfile will open for you and i would suggest among others look at this explanation:
    * Hunting Unknown trojans
    * Trojan Detection & Removal
    Happy HELP-ing! :D
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    THAT DOES SOUND LIKE FUN I LOVE THE GRIM REAPER MS AGENT
     
  6. controler

    controler Guest

    I still wonder why there is so many RAT DK angel
    False Alarms in the past few months.
    That appears to be the same false alarm found by TDS
    for a wide varity of other anti trojan software.
    BO Clean, LockDown, and another one we looked at before. I would have to go back and look at treads to see them. This is strange because it has to do with the same RAT and the recycle bin each time.
    The other thing is it is an old RAT.
    We thought in the past it has something to do with how
    the different programs handle their signatures.
    We were thinking if the signature is includeds in the EXE, it will be picked up as a false alarm.
    It appears in every case, once the file has been moved from the recycle bin and it doesn't even have to be deleted, we then lose the TDS alarm.
    in other words if you move it out of the bin and back
    the alarm goes away. so we think gee why bother sending it in and looking the dummy ;)
    Is it possible to contack the software maker and get the old update files to see if it happens again?
    I could be paranoid here but maybe this is a new form
    of work that can fix itself as far as our scanners think and then cloke itself.
    Ok yes I am just as paranoid as the rest of you LOL
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Which software maker you mean? MS, the DkAngle creator, the other av/at developers, TDS developers?
    If there was not a special piece of code, there was no alarm.
    It happens av/at programs alarm on a zipped file and not on the unzipped version or the opposite (which feels worse of course), and why?
    Not any developer likes to create false alarms, nor don't they like false alarms from other software products on them. I ever installed on a separate partition an AV/AT product which decided the whole database of another product was one infection and removed it without warning, even before any scanning with it, while in the info it said it could work side by side other products with some settings, which was followed all very carefully etc. So off with that nasty product and repair all the others.
    This is why we recommend all time to please forward such possible false alarms, so there can be looked into any deeper and databases / detection refined / excluded.
    In the private forum is some discussion especially about this one.
     
  8. controler

    controler Guest

    "In the private forum is some discussion especially about this one."

    Jooske? You never did tell me how to get to the private
    forums.
    I don't think I am smart enough to be there but it would be nice to take a look anyway.

    [glow=red,2,300]controler[/glow]
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Controler,
    as a registered / licenced operator from TDS Console > Help > Discussion Forums and registered in the forum there you should have all wanted access.
    But with trial versions you can't step in there.
    You'll find some info about that part in the Helpfile, under Registration Benefits & Information.

    And to tell the truth here we are more or less a little bit smart at times, but in the private TDS registered operators only we are much smarter and maybe even nicer too, and of course there is all time the latest news and soooooo close to the real source......!
     
  10. controler

    controler Guest

    Thanks Jooske

    I think I been comming to Wilders.org for almost two years now and haven't registered.
    I did today. I am a newbi  :)

    I must say. There should always bea cold war between
    software makers just as there once was between the USA and Russia. This keeps everybody safer in the long run.
    Afterall , what better way to plant BOT's than I nice
    Security software? ;)
    Mr Paranoid here .....
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Welcome as a registered member of the Wilders forum, Controler! Great! Congratulations with this new status here! Imagine, with all your postings over the years you would have been a super senior member by now and now you're starting all again as a newby! Now people can PM you as well and all that and you others. What a service!

    I meant of course the same for the private licensed operator only private DCS / TDS forum, for which' access registration of TDS is necessary.
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,473
    Location:
    The Netherlands
    Controler,

    There's always an exception to the rule - your a Senior Member as of now  ;).

    regards.

    paul  
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    It was already great, it's even better now!
    More congratulations!
    Next steps to the private forum.
     
  14. FanJ

    FanJ Guest

    Hi Controler,

    Big welcome as senior member !!!

    Cheers, Jan.
     
  15. controler

    controler Guest

    Thanks everybody!!!!!!!

    I don't know if TDS has these covered yet but I found a firewall-antivirus killer. It is suppose to kill 265
    different softwears. If TDS doesn't have them I can send them tonight.


    fwkill.exe


    This kills 265 anti viruses and firewalls.  
     
  16. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    HOLLY MOLY EVILL TOYS=)

    I see some one hangs out at the other side of the dark nighbor hood wink eye

    wow those are some real bad boys

    hopefuly if tds hasnt coverd  it will now thx for the intell
     
  17. controler

    controler Guest

    MRBLAZE

    I found about five new trojan making apps today.
    Created in June of this year.
    Norton with todays sig files do not catch them.
    I just wish I could afford the full TDS version LOL
    I would test them myself.

    [glow=red,2,300]controler[/glow]
     
  18. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hi controller,
    TDS should already cover this but if you ever have any trojans that you're not sure about, simply send them to support@diamondcs.com.au for analysis
    Also, I'm sure you're already aware of this (but if not), such files should only be sent to anti-virus and anti-trojan researchers; never send a file to people unless you can confirm (ie. by thoroughly verifying their email headers) that they're a legitimate researcher, and you'll be doing your part to help prevent script kiddies from getting up to mischief :)

    Best regards,
    Wayne
     
  19. controler

    controler Guest

    Hi Wayne

    I would never send them to just anybody ;)

    Here is the list I found today. If they are covered , I won't send any and will just delete them.

    Devious ICQ Notify v1.0
    shockmailer
    wormtrojan10b
    fwkill
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Euhm............ Controler, i would like you to edit your post: just name the program if it has a name and ask if TDS has it in it's protective databases, but remove the offer to send it along to whom asks.
    If it has no name, please be so kind as to send it to TDS submit@diamondcs.com.au or support@... to look into it.
    Offering an offensive program... .. I edited here, as i see Wayne commented that part already, not to do so.

    Further there are several programs/nasties going around with different names, certainly the newer ones, so it can happen the code is covered by long for a nasty, under a different name.
    But to be sure, just send in the samples to TDS lab, if you have them and don't see them immediately in the primaries list.

    I'm sure you like TDS so much and will be able to make a good use of it in your testing, so you might have a look at your priorities and find a way to register it soon. With all the extras it offers you then. The price of rebuilding an infected lost system can be much higher; further if a suite of tools we have here was created from other software, let alone the level it offers, you will agree you would have to pay a manyfold, as this is professional software, made available for normal users.
     
  21. controler

    controler Guest

    Oh Oh I think you missunderstood me.

    I am not offering these programs to send to anybody except TDS.
    Was I suppose to only contact Wayne by e-mail about these files and Not post the names here?

    Umm yes I see somebody can see they are new and do a search.
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Central in this part of the forum is, it is DCS, TDS, in the other part WG. So of course you can name the nasties and describe their payload as a warning, and ask if TDS does protect you, if you don't see them in the primaries list immediately.
    Or of course if you find an alert you can ask extra support and removal instructions.
    I'm sure DCS is more then happy you have your finds and are willing to send them your samples. So you will help enhancing the security of the internet community as a whole tremendously and all us users are very grateful for that. So please keep finding and sending them in. Thanks a lot
     
  23. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    LOL THATS STRANGE I UNDERSTOOD WHAT HE MEANT THE FIRST TIME HE POSTED IT LOL

    im perty sure since most vendors and utlity makers hang out here  it was perfectly understandable i guess when you work for such companys you get parynoyed rightfully so since youve seen some horriable things lol=)

    i notice when you hang out at wilders you start doing less bad stuff this place will do that to you kinda grows on you=)

    hes just offering his expert service in his fild maybe he cant afford tds it is extremly expensive and i know thers alot of evill things that tds and alot of vendors dont know about.

    you got to think thers mainly 2 guys working in tds  and over a 10,000 virus and trojan makers you may update every day but for every 5 you knock off there are lots being made.

    you guys relly should offer a tds lite verstion that only offers the following

    port scan like normal
    exe protection
    trojan scan and removel
    and updates

    the way tds is now its for experts alot of us newbys arnt intrested  in the other 45 cool things it does lol

    50 bucks for stuff you will never use is kindah hefty

    many of us newbys just use tds as a trojan finder and killer because its the best in the world

    i sugest the following

    TDS LIGHT
    port scan,exe protection,trojan locateing and removel,updates  27 bucks

    the tds you have now id say it would be expert or industry tds for big companys or fedral buildings truely the best in its filed add a trojan guard like how boclean works and charge 60 bucks

    also how about some real deals i have 2 computer in this house i think it crazy to charge 50 bucks a licince for the same home.

    if you go with what i said at top 60 bucks for industry tds or expert you should be able to purches a second adtional license like this buy one get the second half off 30 bucks only for the industry tds or expert l0l and only 2 max computer in your house

    and only for your home companys and fedral buildingd pay 60 for the first one and 50 for every adtional one

    what about christmass stuffers on holidays promotions
    TDS LIGHT 5 bucks off and you can buy it as a gift for some one 8 bucks off on tds industry or expert gift

    those are some real promotions
     
  24. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Nonono, a manyfold of 60 for sure, don't you think?
    Let's wait for the version 4 and whatever is in the build.
    So MrBlaze, you would like a "do it yourself-suite" with a minimum of five functions for USD$27, imagine all the other 45 tools you now have for $22 extra!
    I would not like to be without the scripting and lot of other tools!

    For your other suggestions: you REALLY should look around a little or very much better on the DCS websites, that's all i say about that part here, especially don't overlook the various menu-items in the navigation bars at the site.

    I was just intending to suggest to ask a yearly membership for using the software, in stead of lowering prices.

    How's your file testing these days? More interesting alerts?
    Will keep you busy for some time, indeed, just like reading all the helpfile and learning the functions, not to mention all what's happening at Wilders (you can read whole days here to keep on top of the info) not to mention what is all around on the web and maybe even in real life outside the box!

    For your finds of nasties: i't said often: please don't hesitate to send any of your finds/samples to the TDS lab, submit@diamondcs.com.au even though there is little chance they don't have it already, but never know. Thanks in advance in name of the whole TDS community and internet as a whole! Must not think of my msagents collection worm eaten!
     
  25. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    LOL TDS IS THE BEST  TROJAN FINDER AND REMOVER  FOR MANY PEOPLE  MAINLY NEWBYS  ITS PERFECT FOR JUST THAT

    {JOOSKY}the other 45 tools you now have for $22 extra!
    I would not like to be without the scripting and lot of other tools!

    THEN PAY FOR THE BIG ONE LOL

    The main thing is choice like i said alot of us im sure im not alone here might surprise you how many people only use tds for trojan finding and removeing buut im sure thers alot more then you think.

    yes the other stuff is great but inless your in to hightech  or runing a server or a huge company the other stuff isnt so important to newby home user

    it was just a sugestion to give consumer more choices

    americans love deals promotions and the ablity to choose

    i personaly am loveing my
    other 45 tools you now have for $22 extra!
    I would not like to be without the scripting and lot of other tools!

    just like you but thers tons of stuff i dont use

    tds is the finest utlity out there it be nice if consumers had a choice between what they want or the big one with all the whistles and bells

    basicly makeing it affordiable to the typical newby consumer who just bought a pc

    maybe upgrade from tds lite to tds expert for the  $22 extra! at a later date when they want more out of tds
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.