Jump to content


Photo

Best trojanscanner


  • Please log in to reply
22 replies to this topic

#1 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 04 August 2004 - 11:10 AM

IŽd like to know your experiences with the trojanscanners youŽve used... Heard a lot good words about TrojanHunter, but The Cleaner looks good to me also. What are your opinions about these (and maybe other) programs?

Thanks in advance!
Nucia Security Forums - Dutch Anti-Malware Support

#2 expertec

expertec

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 690 posts

Posted 04 August 2004 - 11:34 AM

The only one I've used so far is A2 (A-Squared), I think it's pretty good, and it is free.

#3 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 04 August 2004 - 01:07 PM

Hi Expertec,

Thanks for your reply :)

Is it forever free, or has it a time limit?
Nucia Security Forums - Dutch Anti-Malware Support

#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,567 posts

Posted 04 August 2004 - 01:13 PM

I am not familiar with The Cleaner... I have heard the most positive things about TrojanHunter and some good things about a-squared and TD3....
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 expertec

expertec

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 690 posts

Posted 04 August 2004 - 01:57 PM

The free version of A2 is free forever, but there is a paid for version as well, like with AVG. http://www.emsisoft..../software/free/

#6 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 04 August 2004 - 02:27 PM

Thanks for your replies, I will recommend (and use, if needed) Trojanhunter from now :)
Nucia Security Forums - Dutch Anti-Malware Support

#7 illukka

illukka

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 105 posts

Posted 04 August 2004 - 03:21 PM

well the almost general consensus is that the top 3 trojan programs are
in alphabetical order:

boclean
tds-3
trojan hunter
those are the a-group

b-group:
the cleaner, it's close to climb up the ranks

i've tested(have it installed) a2, seemed to be in need of further development
another free is ewido security suite www.ewido.net (if i remember right)
ewido is a very promising tool, but in development too.( i have ewido free version installed ) ewido has the most potential of all, it has a generic, emulation based unpacking engine

not recommended:
lockdown, tauscan

some opinions of mine:

boclean: it's memory scanner only(real time monitor), large trojan database, long history. no trial version available. updates very frequently. has good support, both email and forums
it has demonstrated some vulnerabilties, weak signatures for example(text strings)..it is killable
a good one for protection, less useful for cleaning infections

tds-3 probably the largest trojan database of all scanners, a trial isavailable. it is updated daily mon-fri. it has a scanner plus an on acces scanner for real time protection( real time part disable in the trial version).
probably the best one to clean an infected machine, although it is(for a novice user) difficult to use..for an experienced user it's the most tweakable of all. support is good, email + 2 forums. one forum dedicated for paying customers
tds guys have also been caught on an occasional weak signature, but mostly detections are strong, even heuristics are strong
another problem with tds is that once when it's installed on an infected pc, it's process is usually killed by trojans(needs to be renamed..)
also it's memory scans need to be launched separately

trojan hunter is the easiest to use, it features a resident protection( real time memory scan) plus a filescanner.
its trojan database aint on level with tds, but it is rapidly growing.
th has had problems on some systems, but usually it works just fine, there is an occasional false positive too. it's updates have been very frequent lately. supprot is good through the forums( 3 that i know of) email support is available, but its better when you're a licensed owner(i am)
it's process(thguard) is protected by a dll, so it's not easily killed by malware, but thscanner is killable. so once installed, before the first scan, it sometimes needs to be renamed too..

some people i know, and whose opinion i value high, are very happy with the cleaner. i am not; lack of detections is the reason.. i just doesn't detect enough trojans for me. that situation is getting better too, along with the scanner.

just my 2 c

#8 Jacee

Jacee

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 677 posts

Posted 04 August 2004 - 05:34 PM

I have TrojanHunter on one computer and Tauscan on the other....

illukka, why do you not recommend Tauscan/Tau Monitor?

I've never had a trojan on either machine, so I can't judge here.

MS MVP Windows-Security 2006~2016


#9 H@ns

H@ns

    Forum Deity

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 2,630 posts

Posted 04 August 2004 - 10:41 PM

Whew Illukka, very much thanks for your answer! Saved it :D
Nucia Security Forums - Dutch Anti-Malware Support

#10 Indrid_Cold

Indrid_Cold

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 7,076 posts

Posted 04 August 2004 - 10:52 PM

Wayne Langlois's TDS-3 (soon to be TDS-4) is hands down the best of em.
Free download
TDS forum Here

Hope is not a method.

If I have helped in some way, please consider donating to SpywareInfo's crusade against Malware See Here

Member of ASAP since 2004 Alliance of Security Analysis Professionals
Member of UNITE since 2006 United Network of Instructors and Trained Eliminators

Fight back Malware Complaints


#11 illukka

illukka

    Advanced Member

  • Helper Trainee
  • PipPipPip
  • 105 posts

Posted 05 August 2004 - 02:50 PM

@Jacee:
see these:
http://www.wildersse...ghlight=Tauscan
http://www.wildersse...ghlight=Tauscan
http://www.wildersse...ghlight=Tauscan

The developers aren't really doing anything for it, Agnitum is a small company and seems that developing Outpost firewall takes all of their resources, to put it short. As a result of this Tauscans trojan database is less than adequate, and certain types of trojan are just not detected/cleaned due to shortcomings or faults in it's scan engine

I'd like to say that Outpost firewall is a superb product in every respect and I'd recommend it to anyone

To protect your own machine the ultimate is either BoClean or Trojan Hunter(real time memory scanners, _not_ easily fooled by runtime packed malware) combined with TDS-3's superior filescanner and it's largest trojan DB. In my opinion the lack of constant/real time memory scanning is the biggest shortcoming of TDS.

An example:. Johnny downloads a file on irc said to be a game crack,but it is really a beast trojan server, compressed and encrypted with an advanced executable packer( name starts with a K in this case but there are many more..), so as a result TDS's execution protection ( an on-acces file scanner ) does not recognise it when he executes that file. TDS scans the file before it's executed, but since it is encrypted it is not detected. A memory scanner allows the file to execute , at that point the exe is unpacked and decrypted(= unveiled ),unpacked code is loaded into memory but before it is fully allowed to execute it gets scanned by the memory scanner, and if the trojan is in the db, it will be detected, stopped and cleaned.

now back to old Johnny-boy:
After some hours his cd-tray starts to open by itself and his mouse starts to move on it's own, so he launches TDS-3. There he has a chance because TDS has a very good memory scanner, the only one that scans for memory mutexes created by trojans among other things, but it has to be launched separately ! iIf that variant of beast is in TDS's db it will now be detected and then cleaned on next reboot.. BUT wait a minute, beast has an AV/FW/AT kill feature ( a standard in almost all modern backdoors), if it is enabled in the server it will terminate TDS scanner process (+ all of poor Johnny's security programs)when it's launched, unless tds3.exe is renamed, or protected with a special program.

The truth is that no scanner is perfect, all can be deceived by packing/hexing/modifying malware.. Then there is custom malware, for $21 you can buy an undetected trojan server, undetected by all known scanners, with the features you want..

#12 Jacee

Jacee

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 677 posts

Posted 05 August 2004 - 06:35 PM

Oh drat! I'm so glad I paid 30 bucks for an un-supported, cute little monitor

MS MVP Windows-Security 2006~2016


#13 nico-nico

nico-nico

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 05 August 2004 - 06:42 PM

Hi ! :lol: The perfect one would be TDS-3 PROTECTED BY PROCESS GUARD, if I can allow myself :whistle: ... isn't it ?

Cheers :weee:

#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 August 2004 - 06:47 PM

Of course you folks have looked at this public topic?
http://forums.spywar...showtopic=17341
I don't entirely understand why we need a thread in Boot Camp.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 PGPhantom

PGPhantom

    Superman of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 3,494 posts

Posted 05 August 2004 - 07:08 PM

Most people here don't typically frequent that forum ...

#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 August 2004 - 08:12 PM

Well I'm moving it there. That's the place to look if you want to see what we have about antitrojans and antivirus software.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 05 August 2004 - 10:53 PM

Just wait till TDS4 emerges ;)

#18 [dp]

[dp]

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 August 2004 - 04:24 PM

The big 3 that are mentioned and recommended the most when talking AT applications are BOClean, TDS-3 and Trojanhunter. The later two you can trial and while BOClean has no trial version they do offer a money back guarantee so you have nothing to lose. Try them out and see how they perform for you and then form your own opinions on which one you feel the most comfortable with and have the most confidence in.

Edited by [dp], 07 August 2004 - 04:28 PM.


#19 Untouchable J

Untouchable J

    Advanced Member

  • Full Member
  • PipPipPip
  • 205 posts

Posted 08 August 2004 - 09:01 AM

I would suggest Trojanhunter. Been using it for a long time and have never given me problems. Recently they have been more frequent updates (about 1 every 2 days). Their Trojan database is also on the level of TDS-3 which are the 2 best trojanscanners out there. Trojanhunter also comes with Trojanguard which monitors your computer if any trojans become active or tries to install.

-J

#20 Guest_Joey1_*

Guest_Joey1_*
  • Guests

Posted 27 August 2004 - 02:04 PM

Waiting for TDS-4.

#21 lonewolf

lonewolf

    Advanced Member

  • Full Member
  • PipPipPip
  • 233 posts

Posted 28 August 2004 - 12:35 AM

Yes Anti-spyware Freak, it does seem to be taking a while for TDS-4 to be released, but remember they are a small company dedicated to the highest standards and no doubt they are doing much testing to ensure there will be no problems or conflicts before the final release. Hopefully it will be very soon.

#22 Untouchable J

Untouchable J

    Advanced Member

  • Full Member
  • PipPipPip
  • 205 posts

Posted 28 August 2004 - 01:51 AM

Trojanhunter 4.0 will be released soon also :D (RC2 is now available)

Edited by Jrshaw62, 28 August 2004 - 01:51 AM.


#23 decay

decay

    Member

  • Full Member
  • Pip
  • 22 posts

Posted 28 August 2004 - 03:37 PM

concerning TDS3. how can i enable the real-time scanner that comes with the registered version?




Member of UNITE
Support SpywareInfo Forum - click the button