which is the best anti trojan ?

i am using nod anti virus and i want to know which is the best anti trojan software and also lighter in resources

 

BOClean

 

Hi Monica, welcome to the forum.
Is there a special reason why the resources are a matter for you?
Choices depend so much on personal likes and dislikes on your own system.
There are quite some discussion threads about exact this question in this forum, which you might like to read through, download and try on your own system.
People will love to assist you with your questions and experiences.
Wonderful that you want a special layered protection!

 

Hello monica_84

We prefer to use the oldest and most thorough anti-trojan software when necessary. This is TDS3 found at this address.

Try it and see! Out of the box it has wonderful functionality and does not need anything else but if one wishes there are a myriad of user settings available with extra tools to go with it.

Hope this helps!

 

Try Trojan Hunter...

http://www.trojanhunter.com/

VERY Light on resources, and it's a FULLY featured Anti Trojan that's both easy to use, and understand, and it has both memory scanning AND an on demand scanner...

 

I agree.

If you want an AT that works with a minimum of user intervention and don't want to "bother" with a file scanner, BOClean is a good choice. It is extremely light on resources.

TDS-3 and TrojanHunter are good choices if you want to do scheduled or on-demand file scans for trojans in addition to a resident monitor similar to your AV. They both also have other useful tools included, and are also worth checking out.

My opinion is that an extra file scanner is redundant--but that's my opinion, and others will disagree for what to them are very valid reasons, so it certainly depends on how many/what features you are looking for.

Best of luck, and have fun in your search!

 

when i saw the topic... i knew the fight would be mainly btw BOclean, TDS and Trojan Hunter... i love the three of them... but to choose one... i would go for TDS for its memory scanning and also useful tools with it... to go with...
but anyways... one can choose any 1 of these 3... best possible anti trojans out in the web....

 

I already fixed it by downloading a replacement dll file for thsec from his forum... Magnus should update TH after he tests it pretty soon.. I'd say that was fast response, wouldn't you?

 

I'm a fully registered TH user and i did not know about this .dll file. Seems to be a breakdown in communication somewhere along the line. I would think that registered users should know about any patches/improvements. Poor that the liveupdate doesn't have a way of telling you, and even worse that you have to rely on visiting the TH forum to find out!

Lets hope the liveupdate is improved to let users know about version upgrades, patches and improvements.

muf

 

Paul - Magnus actually did have a fix out for the problem within an hour - reference this thread: http://forum.misec.net/board/TrojanHunter/1073407081 - which isn't too shabby, IMO, as long as the fix works well for everyone. Pete

 

Yes, I'm sure the fix won't be generally released until it's proven out in testing - that's as it should be.

Listen, can we all kind of try to remember here that this is a win-win situation?

Wayne (DCS) puts out APT for free - Magnus uses the program to discover a problem with TH - Magnus goes to work to fix the problem.

Who won?

Everybody!

Wayne gets the satisfaction of knowing that his program helped
someone else improve/make safer their program.

Magnus got to find an error and fix it (and thus) - all users of TH benefit - and the Internet becomes a safer place for everyone.

At least, that's the way it seems to me. Pete

 

I’m really surprised that people are getting so upset about the supposed “problem” with TH Guards shutdown protection. The protection that currently exists is still better than any other AT’s built in protection as far as I’m aware. (Please feel free to correct me).

Yes APT can shut down TH Guard. APT could shut down Process Guard using some of its techniques initially. But, I’m sure Magnus will continue to improve the protection for Guard just as Wayne has for PG. TH will still detect Trojans and still has a memory scanning module that is well protected. Plus it would seem, with just a few modifications people will be even better protected from attempts at forcibly closing Guard. Flaw?

The THsec.dll file in question is currently under going beta tests and I’m sure Magnus will widely announce its availability once he feels it’s 100% ready.

 

I would like to read from the original questioner why light in resources is important.
Is that the main importance or are other issues as user friendliness, set and forget, extra security also important issues?

You'll find in the forum here each time the same three mentioned, BOClean, Trojan Hunter, TDS (in no specific order) as the top three to chose from and each depending on some personal circumstances and wishes.
Try what you like, and at the moment you're close at deciding there comes TDS-4 Active Guard (currently in the build) to change your whole view and you can start again

You can read many threads in this forum area and you will see each time the same kind of discussions, be it that now this time the one dll fix in the build is being mentioned.

You will also see a couple of golden remarks and threads about developers discussing and helping each other, building more security or detection in their products. It's really nice to see the people working together and using each other's tools to enhance their own products too.
I do know my choices which work nicest for me on my system, but it is all personal!

 

TrojanHunter is currently the only trojan scanner that has built-in protection against TerminateProcess and similar attacks (others rely on a second watchdog process or random file names) so it is beyond my comprehension why someone would argue that this feature of TrojanHunter is a reason for not chosing it.

As for user-mode vs. kernel-mode: Any hook installed in software can also be undone by software. The procedure to remove a kernel-mode hook is the same as that for removing a user-mode hook. If the account being protected was a limited account in the first place then the protection wouldn't be necessary anyway. The thing about protection against these attacks is that it makes it much more difficult for malware to terminate the security program. It's not possible to get 100% protection, and it doesn't matter if it's done in user mode or not - but it's possible to make it very difficult for an attacker.

 

IMHO it's almost ridiculous to discuss whether TH is sufficiently protected against TerminateProcess:

1.
It's not really important whether TH is protected against such an attack. Yes...anti-process termination is a nice feature. But that's it. If a trojan actually manages to terminate TH the user will get warned (at least in the long run) since the resident monitor will not work anymore. Be happy if this ever happens. Things could be worse. Imagine an undetected trojan which stays silent ...

2.
It's also funny that people talk about minor, potential vulnerabilities (like possible termination attacks) but do not take into account that the signatures of many AT scanners can/have been revealed (either because they are not encrypted at all or because the scanner's signature database was cracked).

 

All it takes is a small driver and any advantage you think you have of doing something in kernel mode is blown away. There are already pre-made drivers that allow for access to the entire kernel memory so an attacker wouldn't even have to write his own. Like ano1 said, I think this whole discussion is blown way out of proportion... instead of discussing the fact that TrojanHunter is protected against TerminateProcess maybe we should start discussing why other scanners aren't? Or perhaps let's just let this issue die so the original poster can get his questions answered...

 

No, there's no way to prevent access to the entire kernel memory space if you're running under an Admin account, which 99% of all home users do. If you're running under a limited account you wouldn't need any special protection software anyway as you could just run your security software under a privileged account thus making any attacks impossible.