Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jul 20th, 2008, 1:17am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   TrojanHunter 2.5 Beta 1 Released!		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: TrojanHunter 2.5 Beta 1 Released!  (Read 1123 times)
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4086
TrojanHunter 2.5 Beta 1 Released!
« on: Dec 16th, 2001, 6:46pm »		 Quote Quote  Modify Modify
The first beta version of TrojanHunter 2.5 has been released. Everyone is welcome to help out in the beta test. You can download the setup file here:
 
  http://www.mischel.dhs.org/products/TrojanHunter250Beta1.exe
 
If you find any bugs, please e-mail me at <mischel@swipnet.se> or report it here in the forum.
 
Regards,
 
Magnus
IP Logged
MapleLeaf
Newbie
*





   
Email

Gender: male
 Posts: 3
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #1 on: Dec 16th, 2001, 7:22pm »		 Quote Quote  Modify Modify
Magnus, I have a question - can TrojanHunter 2.0 and TrojanHunter 2.5 Beta1 coexist on a same machine if I install beta in different directory? I want to keep stable version 2.0 but at the same time I want to test beta. Is it possible?
IP Logged
Andreas Haak
Newbie
*




I*bääääääh*

34795980 34795980   drseltsam1984   drseltsam1984
Email

Gender: male
 Posts: 16
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #2 on: Dec 16th, 2001, 7:33pm »		 Quote Quote  Modify Modify
One bug. I have a drive D.
 
I told TrojanHunter to check d:\trojaner only. But it scanned a packed rar file in d:\ too.
 
Something is strange, too. After downloading an update trojan hunter says after starting:
 
Error: Trojan definition file trojans.trf not found. Unable to load trojan definitions
 
Then a third problem ...
 
I put a trojan into an data streams and said trojan hunter to scan inside streams. But he don't catch him.
 
 
Adieu, Andreas
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4086
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #3 on: Dec 16th, 2001, 7:49pm »		 Quote Quote  Modify Modify

on Dec 16th, 2001, 7:22pm, MapleLeaf wrote:

Magnus, I have a question - can TrojanHunter 2.0 and TrojanHunter 2.5 Beta1 coexist on a same machine if I install beta in different directory? I want to keep stable version 2.0 but at the same time I want to test beta. Is it possible?

 
Yes, with the exception that TrojanHunter 2.5 will be the scanner that starts when you right-click on a file and select "Scan with TrojanHunter". If you want to revert to TrojanHunter 2.0 doing this you will have to install it (2.0) in the same directory again (and click "Register" on the Options page).
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4086
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #4 on: Dec 16th, 2001, 7:52pm »		 Quote Quote  Modify Modify

on Dec 16th, 2001, 7:33pm, DrSeltsam wrote:

One bug. I have a drive D.
 
I told TrojanHunter to check d:\trojaner only. But it scanned a packed rar file in d:\ too.
 
Something is strange, too. After downloading an update trojan hunter says after starting:
 
Error: Trojan definition file trojans.trf not found. Unable to load trojan definitions
 
Then a third problem ...
 
I put a trojan into an data streams and said trojan hunter to scan inside streams. But he don't catch him.

 
TrojanHunter will scan all folders up to the one you selected (which means if you select D:\Something then D:\ will also be scanned).
 
What happened when you ran LiveUpdate? Did you see a Window called "RuleFileConverter" with a progress bar?
 
As for the Alternate Data Streams, do you have "Scan Alternate Data Streams" and "Log alternate data streams checked"? What file extension does the file with the trojan stream have? It should be an executable extension; others aren't checked by the Beta at the moment.
IP Logged
Andreas Wagner
 Guest

Email
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #5 on: Dec 16th, 2001, 11:48pm »		 Quote Quote  Modify Modify   Remove Remove
Hi again,
i installed TH 2.5 right over the old 2.0...
 
At the end of the installation i was asked to start the scanner and/or the guard. i started the scanner only.
 
Then (on loading the file rules) i got the error msg "An error occured while starting TrojanHunter: Stream read error - The application will be terminated."
 
However it wasn't terminated but asked for an immedieat ruleset update, i said yes and updated without proxy. All went fine, then there was a rule conversion thingy processing several sets (and cycling its progress bar several times through these different sets).
(LiveUpdate then said "Update successfully installed: The update 0xx-2001-12-10, containing 0 trojan definitions, was successfully installed.")
 
Then i got another error message: "Access violation at address 0044E2B2 in module 'TROJANHUNTER.EXE'. Read of address FFFFFFFF."
 
I clicked that away, then clicked away the first error msg. Then came a somewhat more critical error ("This application will be closed because of an illegal action" - my probably not so good translation of the german msg box. Details: "TROJANHUNTER caused a fault by an invalid page in Module <unknown> at 0000:0151ad4e. Register:
EAX=0151ad4b CS=0167 EIP=0151ad4e EFLGS=00010206
EBX=015148fc SS=016f ESP=0119f81c EBP=008cfc64
ECX=008cfc06 DS=016f ESI=008cf6f0 FS=3d87
EDX=004ee0a0 ES=016f EDI=008cfc0c GS=0000
Bytes bei CS:EIP:
51 01 0c 00 00 00 1f 00 00 00 01 00 00 00 0c 00  
Stapelwerte:"
 
I have to acknowledge that and TH exits. Then i close LiveUpdate as well and restart TH...
 
But the "stream error" just comes again and TH immediately quits.
 
I'll tell you when i know more...
 
CU,
Andreas
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4086
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #6 on: Dec 16th, 2001, 11:55pm »		 Quote Quote  Modify Modify

on Dec 16th, 2001, 11:48pm, Andreas Wagner wrote:

Hi again,
i installed TH 2.5 right over the old 2.0...
Andreas

 
Hm... delete the file "icons.tbf". If that doesn't solve the problem, install 2.5 in a new directory and see if that helps.
IP Logged
Gorham
Newbie
*





   
Email

Posts: 4
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #7 on: Dec 17th, 2001, 12:09am »		 Quote Quote  Modify Modify
Hi. I come by way of the grc.com newsgroup; thanks for posting your announcement there.
 
I've never used an anti-trojan app before but I'd like to and start with this beta. I've read the posts here and realize I might (duh!) need to know a thing or two about the beast before installing and setting it up.
 
I run a PIII machine with Win98 and 10 partitions over two physical hard drives. I won't let anything Norton or McAfee on my machine and use EZ-trust Antivirus and Zone Alarm Free.
 
Suggestions would be most welcome.
 
Thanks.
 
G.
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4086
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #8 on: Dec 17th, 2001, 12:18am »		 Quote Quote  Modify Modify

on Dec 17th, 2001, 12:09am, Gorham wrote:

Hi. I come by way of the grc.com newsgroup; thanks for posting your announcement there.
 
I've never used an anti-trojan app before but I'd like to and start with this beta. I've read the posts here and realize I might (duh!) need to know a thing or two about the beast before installing and setting it up.
 
I run a PIII machine with Win98 and 10 partitions over two physical hard drives. I won't let anything Norton or McAfee on my machine and use EZ-trust Antivirus and Zone Alarm Free.

 
Hi!
 
Running the Beta is as simple as downloading the setup package and following the instructions to install it. Once you have TrojanHunter installed, start it and you should see a list of drives with checkboxes. If you click the "Full Scan" button, the selected folders will be scanned for trojans. Other than that, just play around, and if you are unsure about anything, just ask here. =)
IP Logged
Andreas
Newbie
*





   
WWW   Email

Gender: male
 Posts: 28
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #9 on: Dec 17th, 2001, 12:58am »		 Quote Quote  Modify Modify

on Dec 16th, 2001, 11:55pm, Magnus wrote:

...If that doesn't solve the problem, install 2.5 in a new directory and see if that helps.

 
yes, this has helped. Playing around with it now a little.
Thanks so far,
Andreas
 
PS. deleting icons.tbf didn't help, copying my regkey-file after successful install didn't hurt.
...
I think i found out what: i had some customxyrules.trf on my system - when i took those files all out, i could start TH. When i then re-inserted those that had 0 bytes, it was still working. Even the 1-byte customregrules.trf and cusominirules.trf (see below) didn't prevent it from running. But the two 1-byte files customfilerules.trf and customportrules.trf each would let TH crash - maybe those custom rules files will have to be "converted" as well...?
 
 
Here's the do-no-harm-1-byte customregrules.trf:
000000  b3 5c 11 b3 cd 40 51 d3 08 c6 a5 0a 70 c3 61 05 78 44 9f  ³\.³Í@QÓ.Æ¥.pÃa.xD.
000013  c3 df cc df df 98 4d b6 98 55 75 9f 2b 48 f6 ff 09 c3 f4  ÃßÌßß.M¶.Uu.+Höÿ.Ãô
000026  21 c9 b2 09 17 52 0a 22 af 81 31 f7 2e c1 86 e2 fa 21 73  !ɲ..R."¯.1÷.Á.âú!s
000039  21 94 a8 fc 58         !.¨üX    
 
Here's the do-no-harm-1-byte custominirules.trf:
000000  b3 5c 11 b3 cd 40 51 d3 08 c6 a5 0a 70 c3 61 05 78 44 9f  ³\.³Í@QÓ.Æ¥.pÃa.xD.
000013  c3 df cc df df 98 4d b6 98 55 75 9f 2b 48 f6 ff 09 c3 f4  ÃßÌßß.M¶.Uu.+Höÿ.Ãô
000026  21 c9 b2 09 17 52 0a 22 af 81 31 f7 2e c1 86 e2 fa 21 73  !ɲ..R."¯.1÷.Á.âú!s
000039  21 94 a8 fc 58         !.¨üX    
 
Here's the *harmful*-1-byte customfilerules.trf:
000000  b3 5c 11 b3 cd 40 51 d3 08 c6 a5 0a 70 c3 61 05 78 44 9f  ³\.³Í@QÓ.Æ¥.pÃa.xD.
000013  c3 df cc df df 98 4d b6 98 55 75 9f 2b 48 f6 ff 09 c3 f4  ÃßÌßß.M¶.Uu.+Höÿ.Ãô
000026  21 c9 b2 09 17 52 0a 22 af 81 31 f7 2e c1 86 e2 fa 21 73  !ɲ..R."¯.1÷.Á.âú!s
000039  21 94 a8 fc 58         !.¨üX    
 
And finally, here's the *harmful*-1-byte customportrules.trf:
000000  b3 5c 11 b3 cd 40 51 d3 08 c6 a5 0a 70 c3 61 05 78 44 9f  ³\.³Í@QÓ.Æ¥.pÃa.xD.
000013  c3 df cc df df 98 4d b6 98 55 75 9f 2b 48 f6 ff 09 c3 f4  ÃßÌßß.M¶.Uu.+Höÿ.Ãô
000026  21 c9 b2 09 17 52 0a 22 af 81 31 f7 2e c1 86 e2 fa 21 73  !ɲ..R."¯.1÷.Á.âú!s
000039  21 94 a8 fc 58         !.¨üX    
 
 
Are they all similar? Maybe you understand what all of this means...
CU,
Andreas
IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4086
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #10 on: Dec 17th, 2001, 1:01am »		 Quote Quote  Modify Modify

on Dec 17th, 2001, 12:58am, Andreas1 wrote:

 
 
yes, this has helped. Playing around with it now a little.
Thanks so far,
Andreas
 
PS. deleting icons.tbf didn't help, copying my regkey-file after successful install didn't hurt.
...
I think i found out what: i had some customxyrules.trf on my system - when i took those files all out, i could start TH. When i then re-inserted those that had 0 bytes, it was still working. Even the 1-byte customregrules.trf and cusominirules.trf (see below) didn't prevent it from running. But the two 1-byte files customfilerules.trf and customportrules.trf each would let TH crash - maybe those custom rules files will have to be "converted" as well...?

 
Yup, that's the reason it's refusing to start. I didn't expect that people would install it in a directory with existing rule files =)
IP Logged
Andreas
Newbie
*





   
WWW   Email

Gender: male
 Posts: 28
my first test results
« Reply #11 on: Dec 17th, 2001, 1:20am »		 Quote Quote  Modify Modify
i am in the middle of playing around but there are couple of things i'd like to say right now:
 
0. TH has made huge improvements re functionality and ease of use! You had some very good ideas, Magnus. Thank you for this version Cheesy
 
1. It'd be easier to understand if the entries in the custom scan list / plugins / the sections in the scan result had the same name. Now e.g. there are plugins that don't appear in the available entries for the custom scan list, the Memory scan comes not from the memory checker, but from the process checker, the ShellChecker Executing in the results comes from the Shell executable checker, etc. And all those lists are sorted differently (if they are sorted at all).
 
2. The Layered Service Provider (LSP) Enumerator crashes on my Win98SE system: "Access violation at address BFF7D3B1 in module 'KERNEL32.DLL'. Read of address FFFFFFFF."
 
3. The Process viewer (in Tools menu) seems not to do anything. and how do i get a file or something into the Memstring tool?
 
4. Maybe i have some problems with proxying again - but i'm not sure yet. Also, i can live with that, if i'm the only person with these troubles...
 
 
So far for now...
HTH,
Andreas
IP Logged
MickeyTheMan
 Guest

Email
Re: my first test results
« Reply #12 on: Dec 17th, 2001, 12:27pm »		 Quote Quote  Modify Modify   Remove Remove

[quote author=Andreas1 2. The Layered Service Provider (LSP) Enumerator crashes on my Win98SE system: "Access violation at address BFF7D3B1 in module 'KERNEL32.DLL'. Read of address FFFFFFFF." [/quote]
 
Same here.  After closing and reopening, i get message trojan definition file not found. Did update and got message o trojan definition file.
IP Logged
MickeyTheMan
 Guest

Email
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #13 on: Dec 17th, 2001, 12:59pm »		 Quote Quote  Modify Modify   Remove Remove
Magnus, this is wieird !
If i load Trojan Hunter from the icon on Desk, trojan definition can't load. Yet, if i right click on it, click on properties, find target, it brings me to trojan hunter.exe within folder, and then if i click on that, then program loads with trojan definition !
IP Logged
Hickorynut01
Newbie
*



I am stupid. Just ask my wife.

  hickorynut01  
WWW   Email

Gender: male
 Posts: 4
Re: TrojanHunter 2.5 Beta 1 Released!
« Reply #14 on: Dec 17th, 2001, 1:36pm »		 Quote Quote  Modify Modify
I get:"
Error: Trojan definition file trojans.trf not found. Unable to load trojan definitions" in the bottom window.
I tried Mickeytheman's tip of right clicking on icon etc,
still got error.  Tried running it from "Run".  Same thing.
The file trojans.trf is in the TH folder (installed on WinMe
machine using TH's default folder settings).
 
I did go to the Wilder's mirror, DL the 0xx-2001-12-10
file, unzipped it and compared the files.  Those are
much larger than those in the TH folder.
 
thanks.
 
IP Logged
The old man from the swamp.
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register