Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 6th, 2008, 4:23pm
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Guard (Moderators: Helena, Gavin_Coe, Magnus)
   TH 4.5-n-TrojanSimulator		 « Previous topic | Next topic »
Pages: 1 2 3  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: TH 4.5-n-TrojanSimulator  (Read 1829 times)
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
TH 4.5-n-TrojanSimulator
« on: Mar 24th, 2006, 4:37am »		 Quote Quote  Modify Modify
i tried testing TH 4.5 with "trojansimulator", but THGuard did not flag anything.. i tried it both with THGuard's automatic cleaning on and with automatic cleaning off, and i ran the tests several times.. the tsserv.exe process was running..  
 
a manual scan with TH did flag the files..  
 
http://www.misec.net/trojansimulator/
 
« Last Edit: Mar 24th, 2006, 4:39am by redwolfe_98 » IP Logged
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: TH 4.5-n-TrojanSimulator
« Reply #1 on: Mar 24th, 2006, 5:32am »		 Quote Quote  Modify Modify
Check the ruleset list; could be they removed the process rule for trojansimulator?  And kept the file rule?  That would explain missing it in process guard but detecting it in manual scanner .. HTH .. Wink
IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Posts: 2036
Re: TH 4.5-n-TrojanSimulator
« Reply #2 on: Mar 24th, 2006, 5:40am »		 Quote Quote  Modify Modify
Works for me.. Cheesy
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: TH 4.5-n-TrojanSimulator
« Reply #3 on: Mar 24th, 2006, 5:56am »		 Quote Quote  Modify Modify
Works for me too.  
 
Perhaps another security program is blocking THGuard from seeing tsserv.exe, redwolf_98?
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: TH 4.5-n-TrojanSimulator
« Reply #4 on: Mar 24th, 2006, 5:57am »		 Quote Quote  Modify Modify
i remember in the old versions of TH you could check the rules for each "trojan", but with build 4.5, , like with build 4.2, i do not see any rules for the individual trojans..  
 
i see trojansimulator.100 in the list, but no individual rules for it..
 
randy, see if THGuard flags the trojansimulator on your computer..
IP Logged
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: TH 4.5-n-TrojanSimulator
« Reply #5 on: Mar 24th, 2006, 6:16am »		 Quote Quote  Modify Modify
it is working for me, now, after i disabled my av.. i re-enabled my av, and it is still working..
« Last Edit: Mar 24th, 2006, 6:20am by redwolfe_98 » IP Logged
Gavin_Coe
Trojan Analyst
*****





   
WWW  

Posts: 2036
Re: TH 4.5-n-TrojanSimulator
« Reply #6 on: Mar 24th, 2006, 6:17am »		 Quote Quote  Modify Modify
Hmm ok somethings different ? bug everyone missed ? Grin
 
In any case, I can see the rule is still in the ruleset cumulative. It should be detected..
IP Logged
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: TH 4.5-n-TrojanSimulator
« Reply #7 on: Mar 24th, 2006, 6:22am »		 Quote Quote  Modify Modify
i had tried disabling everything except for my av, apparently..
 
the problem still might be there after i reboot.. i am surprised that my av interfered with THGuard..
IP Logged
DC
Veteran
*****



I love YaBB 1G - SP1!

   


Posts: 567
Re: TH 4.5-n-TrojanSimulator
« Reply #8 on: Mar 24th, 2006, 6:22am »		 Quote Quote  Modify Modify
on Mar 24th, 2006, 4:37am, redwolfe_98 wrote:
i tried testing TH 4.5 with "trojansimulator", but THGuard did not flag anything....

 
redwolfe check the settings in your THGuard to see if it has the process rules loaded.  This was happening to me on the Beta after it was unloaded and the reloaded, it was saying "Loaded Process Rules: 0. I'm having no problem catching TSServ.exe with the new Guard.
HTH
 
EDIT:  OK, I see you've found it's you're AV interferring.
 
« Last Edit: Mar 24th, 2006, 6:25am by DC » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: TH 4.5-n-TrojanSimulator
« Reply #9 on: Mar 24th, 2006, 6:28am »		 Quote Quote  Modify Modify
Keep in mind that THGuard.exe polls memory every 10 seconds so the window is pretty wide for other security programs to get there first.  
 
Hopefully V5.0 will eliminate this window and trap critters immediately as they are loading into memory... my hope/dream anyhow... Wink
« Last Edit: Mar 24th, 2006, 6:30am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: TH 4.5-n-TrojanSimulator
« Reply #10 on: Mar 24th, 2006, 7:00am »		 Quote Quote  Modify Modify
dc, that seems to be it.. i closed THGuard, and then, after i re-opened it, it would not catch "tsserv.exe" when i would run "trojansimulator"..  
 
THGuard is showing that 4326 process rules are loaded..
 
i bet that if i close my av's realtime scanning, then it would work, but i have not tested that, yet..
 
as far as i know, i did not have this problem with TH build 4.2..
« Last Edit: Mar 24th, 2006, 7:07am by redwolfe_98 » IP Logged
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: TH 4.5-n-TrojanSimulator
« Reply #11 on: Mar 24th, 2006, 2:32pm »		 Quote Quote  Modify Modify
i am still having problems with THGuard's not flagging the trojansimulator..  
 
i tried disabling my av again, except, that time, it didn't work.. THGuard would not flag the "simulator"..
 
i rebooted (just now) and tested THGuard again, and it wouldn't flag the simulator..  
 
if i spend a few hours fooling around, "testing" THGuard, i can probably manage to eventually get THGuard to flag the simulator, through disabling other programs on my computer, or uninstalling programs, but, right now, i don't want to spend a few hours fooling around with doing that..  
 
yes, i did manage to get it to work, before, temporarily, after disabing everything else on my computer, but i tried doing that again, and the second time around, THGuard would not flag the "simulator"..
 
i really did not want to play "guinea pig".. i anticipated problems with the new TH 4.5, and would have continued using TH build 4.2, letting others play "guinea pig", if the updates for build 4.2 had not been ended..  
 
i wish that misec had anticipated that there might be problems with the new TH 4.5 before "killing" TH build 4.2 by ending updates for it.. they should have planned to continued providing updates for build 4.2, for a while..
 
like i said, i will probably do some more experimenting, eventually, to see if i can manage to get THGuard to work, to flag the simulator, but i don't want to fool with it right now..
 
p.s. boclean and ewido have no problems, flagging the simulator, and neither did TH build 4.2, as far as i know..
 
if someone at misec wants to provide me with a download for TH build 4.2, i will install it just to see if it will flag the simulator.. it always has in the past, anytime that i tested it..  
 
« Last Edit: Mar 24th, 2006, 4:43pm by redwolfe_98 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: TH 4.5-n-TrojanSimulator
« Reply #12 on: Mar 24th, 2006, 2:59pm »		 Quote Quote  Modify Modify
Did you check to see if THGuard changed TSServ.exe to TSServ.exe.tcf  from the first time it detected it.  If it did, you need to remove the .tcf extension for the next test.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
redwolfe_98
Veteran
*****





   
Email

Gender: male
 Posts: 560
Re: TH 4.5-n-TrojanSimulator
« Reply #13 on: Mar 24th, 2006, 3:03pm »		 Quote Quote  Modify Modify
yes, i always run the simulator from a cold start.. Smiley
 
« Last Edit: Mar 24th, 2006, 3:05pm by redwolfe_98 » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5661
Re: TH 4.5-n-TrojanSimulator
« Reply #14 on: Mar 24th, 2006, 3:13pm »		 Quote Quote  Modify Modify
Well, I've tried it twice more on my XP-SP2 system and THGuard.exe has waxed it each time.
 
I even left my NAV 2006 active and THGuard trapped it.  This is with TH V4.5 installed.  
 
Try this...uncheck all the settings on THGuard and click on Ok to save them.  Then check mark your desired settings in THGuard and click on OK to save.  Maybe a toggle will liven things up on THGuard.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1 2 3  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register