xDynamic Content

Discussion in 'Trojan Defence Suite' started by barnesy, Jan 7, 2004.

Thread Status:
Not open for further replies.
  1. barnesy

    barnesy Registered Member

    Joined:
    Sep 25, 2003
    Posts:
    15
    In the ...\TDS\xDynamic folder of the TDS install, I have 2 sub-directories whose content appears to be OK, but the TDS.Unpk sub-directory has an executable present - aconti.exe - that is a program installed by another user of the PC.

    Does this directory have a use such as a quarantine area, or was this program just installed in the wrong place?

    Steve
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    That's a temporary directory where files are unpacked before scanning. Files are typically deleted from here as they're scanned,but if there are any left behind then don't worry as they'll be deleted on the next scan -- or, feel free to delete them yourself. :)

    Best regards,
    Wayne
     
  3. barnesy

    barnesy Registered Member

    Joined:
    Sep 25, 2003
    Posts:
    15
    It's been there for quite a few scans now.

    I'll manually delete.

    Thanks
     
  4. FanJ

    FanJ Guest

    Steve,

    May I ask you what those 2 sub-directories are?

    I have 4 sub-dir's in xDynamic:

    TDS.cfg
    TDS.data
    TDS.fps
    TDS.Unpk

    A few months ago we had a discussion at the private-forum about this sub-dir: TDS.data
    It appeared that at some systems the Final-version of TDS-3 didn't make that sub-dir.
    But you need that TDS.data sub-dir for your CRC32-feature in TDS-3 to work.
    That sub-dir TDS.data contains this file: crc32.bnk
     
  5. barnesy

    barnesy Registered Member

    Joined:
    Sep 25, 2003
    Posts:
    15
    I have 3 sub-dirs in total under xDynamic:

    TDS.cfg
    TDS.fps
    TDS.Unpk

    but no TDS.data. TDS-3 indicates that the CRC32 check has run. I get the messages:

    Started - verifying 23 files ...
    Test finished

    each with a [CRC32] line stub. I've just re-run it as I am typing this, with the same output.

    So with no TDS.data sub-dir, is it actually working or not? o_O
     
  6. FanJ

    FanJ Guest

    Hi Steve,

    What does these [CRC32] lines say?
    Could it be that all those 23 lines say :
    File doesn't exist:

    Make manually by yourself that subdir TDS.data
    And then run the CRC32 test again.
    As far as I know that file crc32.bnk will now be created by TDS-3.
    What does your TDS-3 console now say about the CRC32-test?


    As far as I know, what happens is this:
    the CRC32-test needs that subdir.
    If that subdir doesn't exist, then the CRC32-test simply tells that all those files doesn't exist.
    Once that subdir is there and that file crc32.bnk, then the CRC32-test works as it should.
     
  7. FanJ

    FanJ Guest

    I just checked it:
    I deleted that file crc32.bnk from that subdir TDS.data
    Then I run the CRC32-test in TDS-3:
    That file crc32.bnk was then indeed created again by TDS-3.


    So: in case you don't have that subdir TDS.data in xDynamic, then make yourself that subdir TDS.data and it's OK :)
     
  8. barnesy

    barnesy Registered Member

    Joined:
    Sep 25, 2003
    Posts:
    15
    FanJ

    The display actually output just the 2 lines:

    [CRC32] Started - verifying 23 files ...
    [CRC32] Test finished.

    There was no output for any individual file (sorry about the confusion), and the check time is always less than 2 secs - I ran the CRC32 check a few times.

    Created the TDS.Data directory as you suggested and re-ran the CRC check. A file crc32.bnk was created in the directory. Output and times however were the same as above.

    Is 1 or 2 secs a reasonable time for a check of 23 system files? How can I tell whether this check is actually working or not?
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You could add for instance in the CRCfiles.txt scanfile a few files like the radius.td3 and maybe some other files.
    The radius file should show up as changed, a test file you could make some changes intentionally and see if the CRC scan alerts on it.

    Or move an added file to another place without changing this CRCfiles.txt or change it's name or extension name which should trigger a message telling file is not there as TDS will not run after it to it's new location :)
    (could be a nice one like in search engines: i don't see this file in this location, but did you maybe mean file in this other location? did you maybe mean this file with this extension? or extension name changed! all nice ideas :) )

    I would recommend such a little test before adding all the sensitive files you might like to keep an eye on, like explained in FanJ's sticky threads in this forum!

    FanJ is the TDS CRC32 scan specialist here, and it appears you LOVE such tests so go ahead Jan! (and others)
    (hm maybe a good one to add to your signature Jan :cool: )
     
  10. FanJ

    FanJ Guest

    Hi Steve,

    I stand corrected and I apologize for the confusion !
    I take the following words back (withdraw) posted in reply # 5:
    "If that subdir doesn't exist, then the CRC32-test simply tells that all those files doesn't exist.".
    Those words of mine were not correct!
    I have over 100 files listed in my crcfiles.txt and indeed:
    if I remove the subdir TDS.data, then the CRC32-test does not give that warning "file doesn't exist" for all those over 100 files.
    Once again: sorry !

    Yep, that is the important thing here:
    if you don't have that subdir TDS.data, then make it yourself, and all is fine ;)

    Correct !

    In case a file that is listed in your crcfiles.txt, is changed then the CRC32-test will alert you ;)

    Yep ;)

    See also the reply from Jooske.

    If your TDS-radius file isn't in your crcfiles.txt, put it in.
    Just put this in:
    %TDSDIR%\Radius.TD3
    The next time you install new definitions for TDS-3, the CRC32-test will warn you that that file is changed ;)

    You could for example also put in the reference-file of AdAware (in case you use AdAware).
    On my Windows 98 SE box that is:
    C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref

    As Jooske wrote: see also the CRC-thread:
    http://www.wilderssecurity.com/showthread.php?t=13740

    Cheers, Jan.
     
  11. barnesy

    barnesy Registered Member

    Joined:
    Sep 25, 2003
    Posts:
    15
    Installed the Radius.TD3 entry into crcfiles.txt as suggested and it did show up as an alert following the subsequent update. Also had a change to win.ini and it showed up as an alert as well. So the checking seems to be working fine - I'll go and work out a comprehensive list of files now.

    FanJ

    I do use Ad-aware and your suggestion to include the reflist into crcfiles.txt prompted me to check its status. Everything was out-of-date. So, one new version later, an up-to-date reflist and about 350 'nasties' later, I have a much cleaner machine! Also had a read of the CRC32 guidelines thread.

    Thanks for the help.

    Steve
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Steve, When all else fails. RTFM ;) And have a well deserved Karma cookie to munch on :D
    Or should that be, "When all else fails and you have read the manual then come to Wilders" :)
     
  13. FanJ

    FanJ Guest

    Hi Steve,

    I'm very happy that you got it fixed and that it made you look again at AdAware :D
    WOW, thanks for your feedback !
     
  14. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    All so lucky to have Jan here :) cookie for you Jan thanks for all the help here !
     
  15. FanJ

    FanJ Guest

Thread Status:
Not open for further replies.