TrojanHunter 5.3 Beta 1 Released - Mischel Internet Security Forum

Jobs | About | Blog | Contact

Download TrojanHunter Now
Free 30-day trial!

Latest TrojanHunter Version:
TrojanHunter 5.3

Order Now
License file delivered within minutes.

Welcome, Guest. Please Login or Register.

Jul 29^th, 2010, 4:04pm

   Mischel Internet Security Forum
   TrojanHunter
   Beta Testing (Moderators: Helena, Gavin_Coe, Magnus)
   TrojanHunter 5.3 Beta 1 Released

« Previous topic | Next topic »

Pages: 1 2 3

Notify of replies

Send Topic

Author

Topic: TrojanHunter 5.3 Beta 1 Released (Read 999 times)

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

TrojanHunter 5.3 Beta 1 Released
« on: Feb 25^th, 2010, 5:52pm »

Quote

Modify

The first beta version of TrojanHunter 5.3 is now available. Please give it a try and report any problems here.

  http://www.misec.net/beta/TrojanHunterSetup530B1.exe

The main new feature is better bug reporting. You can trigger a "crash" by holding down the Ctrl and Shift keys while going to Help -> About. This will generate an exception and will allow you to test the new bug reporting feature. Please send in a bug report and report back whether sending was successful or if there was any problem.

What's new:

________________________________________________
TrojanHunter 5.3 Build xxx (Released 2010-xx-xx)
  (Beta 1: 2010-02-25)

* Improved bug reporting
* Fixed a problem where the presence of NTFS alternate data streams attached to directories was
  not being reported
* Improved deletion of alternate data streams (now correctly removes directories and is also
  able to delete specific alternate data streams as opposed to all alternate data streams associated
  with a file)
* THCL: Now states "No trojans found" or "%d trojans found" in scan report
* THCL: Copyright year updated

« Last Edit: Feb 25^th, 2010, 5:53pm by Magnus »

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 6729

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #1 on: Feb 26^th, 2010, 2:10am »

Quote

Modify

Installed on both Windows 7 x64 and Windows 7 x86 Professional.

- First totally removed the previous version of TrojanHunter
- Installation of the Beta on both systems went smoothly.

1. Ran full scan and successfully deleted ADS on TEMP folders located at C:\ProgramData and C:\Users\All Users.
(Previous versions could not remove this ADS).

- These 2 TEMP folders appear to be clones of each other because removing the ADS on one also removes the ADS on the other...at least it does on Windows 7.

2. Thus far have not found any bugs in other components of the beta on either x64 or x86 Windows 7 system.

« Last Edit: Feb 26^th, 2010, 3:27am by siliconman01 »

IP Logged

______
TrojanHunter V5.3.994...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound w/ XM satellite, Avira Premium Security Suite V10; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD Raptors, NIS 2011 Beta. Common: router, cable modem, PerfectDisk 11 Pro, Casper Backup V6.0, DisplayFusion, SpywareBlaster V4.3, HostsMan V3.2.73, CCleaner, TrojanHunter V5.3.994, etc.

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #2 on: Feb 26^th, 2010, 8:27am »

Quote

Modify

Thanks for the report Tom

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

PAN_IRISH
Veteran

Gender:

Posts: 646

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #3 on: Feb 27^th, 2010, 12:38am »

Quote

Modify

Did you get the bug report that i just generated?

IP Logged

Keep SECURITY the #1 issue!
Use Trojan Hunter 5.3_994.
Don't leave home without it!

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 6729

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #4 on: Feb 27^th, 2010, 1:03am »

Quote

Modify

Here is a bug that I just discovered that occurs on Win 7 x86 and x64. It is 100% repeatable.

1. Start a right-click scan on a folder.
2. While the scan is running, click on the X in the upper right corner of the scan window to close TH.

- The scan will stop.
- The new Error Reporting window will flash open for 1-2 seconds and then close.

- TH GUI will close

This does not occur if running a scan by first opening TH GUI and starting a full or quick scan. TH GUI will just close as normal.

« Last Edit: Feb 27^th, 2010, 1:41am by siliconman01 »

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 6729

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #5 on: Feb 27^th, 2010, 1:40am »

Quote

Modify

This is on Windows 7 x86 and x64

There is a bug in right-click scanning that appears to be related to the file having an Alternate Data Stream attached to it. Both of the bugs 100% repeatable on any .exe file downloaded with an ADS

Bug 1:

If there is an ADS attached to a file that has an .exe extension, the request to perform a right click scan via TrojanHunter results in the executable starting to run instead of activating TH GUI to perform the right click scan.

1. Download TrojanHunterSetup.exe from www.misec.net. Save it in the C:\Download folder. The download comes with a Zone Identifier ADS

2. Using Windows Explorer, open the Download folder and right click on TrojanHunterSetup.exe.

3. Select "Scan with TrojanHunter"

- The Installer of TrojanHunterSetup.exe starts to run. TH GUI does not open. Stop the installer and close Windows Explorer.

4. Open TH GUI

5. Via Scan>Scan File, select C:\Downloads\TrojanHunterSetup.exe and let it scan TrojanHunterSetup.exe

6. Remove the detected ADS from TrojanHunterSetup.exe

7. Close TH GUI.

8. Using Windows Explorer, open the Download folder and right click on TrojanHunterSetup.exe.

9. Select "Scan with TrojanHunter"

10. TH GUI will open and TrojanHunterSetup.exe will be scanned.

Bug 2 in Right Click Scanning

Right click scannning is no longer detecting Alternate Data Streams on .exe files

1. Download TrojanHunterSetup.exe from www.misec.net. Save it in the C:\Download folder. The download comes with a Zone Identifier ADS

2. Using Windows Explorer, right click on C:\Downloads folder

3. Select "Scan with TrojanHunter"

4. Right click scanning will scan (or appears to scan) the Downloads folder and DOES NOT report the ADS on TrojanHunterSetup.exe. I "think" it is not scanning the files within the folder at all as long as one of the files has an ADS on it.

Edit: The above bugs occur on any downloaded file that has an executable extension (.exe, .msi, .gadget, .etc.). Once the ADS is removed, the bugs disappear.

« Last Edit: Feb 27^th, 2010, 2:12am by siliconman01 »

IP Logged

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #6 on: Feb 27^th, 2010, 2:22am »

Quote

Modify

on Feb 27^th, 2010, 12:38am, PAN_IRISH wrote:

Did you get the bug report that i just generated?

Got it, thanks! Did the bug report send automatically or did your email client's "New Message" window pop up and you had to click send manually?

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #7 on: Feb 27^th, 2010, 2:23am »

Quote

Modify

on Feb 27^th, 2010, 1:03am, siliconman01 wrote:

Reproduced here and working on a fix now.

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

PAN_IRISH
Veteran

Gender:

Posts: 646

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #8 on: Feb 27^th, 2010, 2:26am »

Quote

Modify

It didn't involve my email client as I have none on this machine,
But I did open my Gmail to get ready for it.
But the TH sent the bug report by some other means directly.
I just typed my report data in the block and sent it manually.

I hope that helps.
Bud

IP Logged

Keep SECURITY the #1 issue!
Use Trojan Hunter 5.3_994.
Don't leave home without it!

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #9 on: Feb 27^th, 2010, 2:29am »

Quote

Modify

Excellent, thanks for letting me know

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

PAN_IRISH
Veteran

Gender:

Posts: 646

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #10 on: Feb 27^th, 2010, 2:34am »

Quote

Modify

Magnus,
I'll do my best to describe an issue I ran into.
I ran scans on all partitions ,
then ran them on partitions one by one.
And each time I ran a scan I reloaded the detection rules.
So far so good.
Then I went back to run just Drive C:\ and the scanner froze up and I had to do a hard re-boot.
It hasn't happened again.

The issue would not go away even with Alt + F4
That's why I had to use the hard re-boot.

IP Logged

Keep SECURITY the #1 issue!
Use Trojan Hunter 5.3_994.
Don't leave home without it!

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #11 on: Feb 27^th, 2010, 2:47am »

Quote

Modify

on Feb 27^th, 2010, 1:03am, siliconman01 wrote:

Have found and fixed this one. Moving on to the others...

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #12 on: Feb 27^th, 2010, 3:45am »

Quote

Modify

on Feb 27^th, 2010, 1:40am, siliconman01 wrote:

This is on Windows 7 x86 and x64

Bug 2 in Right Click Scanning

Right click scannning is no longer detecting Alternate Data Streams on .exe files

1. Download TrojanHunterSetup.exe from www.misec.net. Save it in the C:\Download folder. The download comes with a Zone Identifier ADS

2. Using Windows Explorer, right click on C:\Downloads folder

3. Select "Scan with TrojanHunter"

4. Right click scanning will scan (or appears to scan) the Downloads folder and DOES NOT report the ADS on TrojanHunterSetup.exe. I "think" it is not scanning the files within the folder at all as long as one of the files has an ADS on it.

I can't seem to reproduce this one. A couple of questions:

1. When you reproduce this by right-click scanning C:\Download, can you check whether or not "Log NTFS Alternate Data Streams" is enabled on the options page in the scanner?

2. Regarding bug number 1: If you right-click scan TrojanHunterSetup.exe, and then click "Run", does that start TrojanHunter Scanner or TrojanHunter Setup? (On my system it starts TrojanHunter Scanner)

3. If step number 2 starts TrojanHunter Scanner, does it then log the alternate data stream on TrojanHunterSetup.exe?

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 6729

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #13 on: Feb 27^th, 2010, 4:07am »

Quote

Modify

For clarity, my C:\Download folder only has Desktop.ini in it under normal conditions. I do not retain downloaded files in it because I move them off to another disk partition.

The answer below are with the downloaded TrojanHunterSetup.exe still having its ADS attached.

Quote:

1. When you reproduce this by right-click scanning C:\Download, can you check whether or not "Log NTFS Alternate Data Streams" is enabled on the options page in the scanner?

"Log NTFS Alternate Data Streams" is checked/enabled. It looks to me like it is not even scanning the files in the Download folder. It states 1 file scanned.

Quote:

2. Regarding bug number 1: If you right-click scan TrojanHunterSetup.exe, and then click "Run", does that start TrojanHunter Scanner or TrojanHunter Setup? (On my system it starts TrojanHunter Scanner)

If I click on Run of the TrojanHunterSetup installer window, yes, TH scanner starts instead of running the TH installer. Also, the ADS on the TrojanHunterSetup.exe is now detected and displayed for deletion. And it shows 3 files scanned.

Quote:

3. If step number 2 starts TrojanHunter Scanner, does it then log the alternate data stream on TrojanHunterSetup.exe?

Yes, the ADS is detected.

« Last Edit: Feb 27^th, 2010, 4:08am by siliconman01 »

IP Logged

Magnus
Administrator

Ad astra per aspera.

Posts: 4346

Re: TrojanHunter 5.3 Beta 1 Released
« Reply #14 on: Feb 27^th, 2010, 4:12am »

Quote

Modify

Interesting. I have confirmed that the "Do you want to run this file" dialog appears because of the way the new right-click menu is installed. It has nothing to do with TrojanHunter - I created a test case where a right-click entry opens a file with Notepad and then opened TrojanHunterSetup.exe. The same "Do you want to run this file" dialog appeared. This seems to happen for any context-menu item installed into HKCR\AllFileSystemObjects (which is what the new version of TrojanHunter uses). Important to note is that the file is NOT actually executed. It just seems to be a quirk in Windows.

Regarding the right-click scanning of folders: If you copy say 5 files into C:\Download, does TrojanHunter still say "1 file scanned" after you right-click scan C:\Download? If yes, does it make any difference if the files you copy have a .exe extension?

IP Logged

Follow me on Twitter: http://twitter.com/mmischel

Pages: 1 2 3

Notify of replies

Send Topic


« Previous topic \| Next topic »

Search

Members

Login

Register