TDS-3 Program to keep you clean

[Geese_Hunter]

I downloaded the 30 day free trial of the TDS-3 program, & it found some
programs that others have failed at, which I have moved to the top of
the list.

it can be downloaded from http://tds.diamondcs.com.au/radius.td3

The programs that have missed them are:
AVG, Ad-Aware, CWshredder, Spybot S&D, Hijack this, & easycleaner
(registry cleaner)

Also, if you ever had Kazaa on your pc go to http://www.majorgeeks.com &
in the Spyware tools section they have a remover program, or a prog that
removes the spyware that comes with Kazaa if you are still using it.

Scan Control Dumped @ 08:49:05 24-02-04

File Trace: Default trojan filename: Worm.Blaxe
File: C:\Windll32.dll

Generic Detection: Possible trojan with password-stealing capability
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286206.exe

Suspicious Filename: HTA file in suspicious location
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286045.hta

Positive identification <Adv>: Possible WebDownloader
File: d:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp424\a0292247.exe


Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst
\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\hp instant support di\temp
\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\all users\desktop\cars.bat.pif

Positive identification: Demo.Leaktest 1.1 (Not a trojan)
File: d:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp424\a0292246.exe

Positive identification: Demo.Leaktest 1.1 (Not a trojan)
File: d:\_temp\spyware\firewall leak tests\leaktest1.2.exe

Positive identification <Adv>: Possible WebDownloader
File: d:\_temp\spyware\firewall leak tests\copycat.exe

Suspicious Filename: Dual extensions
File: d:\_temp\misc programs\isp's propel internet accel
setup.5036.3.1.5.277.exe

 

[Spacen Jasset]

I downloaded the 30 day free trial of the TDS-3 program, & it found some
programs that others have failed at, which I have moved to the top of
the list.

it can be downloaded from http://tds.diamondcs.com.au/radius.td3

The programs that have missed them are:
AVG, Ad-Aware, CWshredder, Spybot S&D, Hijack this, & easycleaner
(registry cleaner)

That's great news. But tell me are those files actually malware. Hmm, I
think not. I have tried TDS, but "dual extension" scanning on it's own is no
significant indicator on it's own. i.e. you still have to figure out what it
means. Just as scanning for executables with writable code sections is no
panacea.

Hmm, speaking of pancakes, it's Shrove Tuesday today.

 

[Geese_Hunter]

That's great news. But tell me are those files actually malware. Hmm, I
think not. I have tried TDS, but "dual extension" scanning on it's own is no
significant indicator on it's own. i.e. you still have to figure out what it
means. Just as scanning for executables with writable code sections is no
panacea.

Hmm, speaking of pancakes, it's Shrove Tuesday today.

Obviously you missed the top 3 items which were:
File Trace: Default trojan filename: Worm.Blaxe
File: C:\Windll32.dll

Generic Detection: Possible trojan with password-stealing capability
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286206.exe

Suspicious Filename: HTA file in suspicious location
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286045.hta

 

[dos]

I downloaded the 30 day free trial of the TDS-3 program, & it found some
programs that others have failed at, which I have moved to the top of
the list.

it can be downloaded from http://tds.diamondcs.com.au/radius.td3

The programs that have missed them are:
AVG, Ad-Aware, CWshredder, Spybot S&D, Hijack this, & easycleaner
(registry cleaner)

Also, if you ever had Kazaa on your pc go to http://www.majorgeeks.com &
in the Spyware tools section they have a remover program, or a prog that
removes the spyware that comes with Kazaa if you are still using it.

Scan Control Dumped @ 08:49:05 24-02-04

File Trace: Default trojan filename: Worm.Blaxe
File: C:\Windll32.dll

Generic Detection: Possible trojan with password-stealing capability
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286206.exe

Suspicious Filename: HTA file in suspicious location
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286045.hta

Positive identification <Adv>: Possible WebDownloader
File: d:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp424\a0292247.exe


Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst
\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\hp instant support di\temp
\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\all users\desktop\cars.bat.pif

Positive identification: Demo.Leaktest 1.1 (Not a trojan)
File: d:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp424\a0292246.exe

Positive identification: Demo.Leaktest 1.1 (Not a trojan)
File: d:\_temp\spyware\firewall leak tests\leaktest1.2.exe

Positive identification <Adv>: Possible WebDownloader
File: d:\_temp\spyware\firewall leak tests\copycat.exe

Suspicious Filename: Dual extensions
File: d:\_temp\misc programs\isp's propel internet accel
setup.5036.3.1.5.277.exe

I've tried it a few times, and was completely unimpressed to be honest. Gave
me more false positives than any other security program I've used. It even
thought my common IRC program was a trojan just because of its name, I
tested this because I renamed the file, and it didn't find it, I renamed a
blank text file to name of the IRC program and it detected it again, as a
"Positive Identification". Not good at all.

 

[FromTheRafters]

I downloaded the 30 day free trial of the TDS-3 program, & it found some
programs that others have failed at, which I have moved to the top of
the list.

When one program finds things that others of the same ilk do not,
I suspect a false positive on the part of the one detecting them.

Have you submitted the suspect files to greater scrutiny?

File Trace: Default trojan filename: Worm.Blaxe
File: C:\Windll32.dll

I don't even like the idea of having a supposed DLL file in the
root directory, but is this file really a threat? What happened to
all of the other files that that trojan supposedly drops?

It could be that an AV has already deleted the files that posed
a threat, and left the one that didn't.

Some of this other stuff looks like remnants of a leaktest
you had previously performed, and is not really *known*
malware at all.

Anyway, all of those programs (Ad-Aware, Spybot S&D,
and TDS) have to be used with caution. They all require
you to make informed decisions, while cautioning you to
not just delete files "willy-nilly".

 

[Spacen Jasset]

says...
....

Obviously you missed the top 3 items which were:

Well ok then, but look. It does seem to spit out rarther a lot of dual
extension warnings which can be difficult to figgure out. On the other hand
TDS does seem to have some nice features like port scanning and such. I
think the "console" that pops up looks a bit spangly and secret agenty
though; it would make good in a hacker film. It would say it is better than
some other similar products I have tried though.

 

[Spacen Jasset]

....

Obviously you missed the top 3 items which were:
File Trace: Default trojan filename: Worm.Blaxe
File: C:\Windll32.dll

Generic Detection: Possible trojan with password-stealing capability
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286206.exe

Suspicious Filename: HTA file in suspicious location
File: c:\system volume information\_restore{7fbe7e5d-61cd-4b6f-adea-
f4e699223652}\rp417\a0286045.hta

Have you run those files though a (hmm shall we say -- widly used known)
anti-virus or malware detector to compare results?

 

[Geese_Hunter]

...


Have you run those files though a (hmm shall we say -- widly used known)
anti-virus or malware detector to compare results?

No, I did not send them to greater security, since I didn't know exactly
what was in some of the files I just deleted the top 3.
The AV files didn't find the Blaxe worm probably because it was just a
trace, another program removed almost all, but I'd rather not have a
trace of it on my pc.

As far as the double extension files, I had that option turned on
suspicious filename.

I ran those files through all of my AV programs, & internet AV scanners,
when I had system restore turned on none found them (or couldn't get to
those files for some reason.) When I turned restore off then rebooted &
scanned with td-s it wasn't there, & the AV's didn't find it. I then
turned restore back on & still not there.

It's just another program to help keep the PC's free of possible harmful
or spyware programs.