Having a layered defence could save you !

Offcourse AVAST4 detects a lot of worms & trojans, but recently (after my own experience and some others in the forum ) it is clear that it does fail to detect some also.

Offcoure a Antivirus solution is originaly ment to deal with virrusses.

But nowadays most Av’s detect trojans also.

I found out (the hard way) that having a layered defence (Anti trojan monitor) running can indeed save your ass, if your main Antivirus doesn’t pick it up.

I personally recommend:

Anti-trojan V5.5 build 421 that detects 10261 Trojans and worms

I have the full version for alomts 2 years now, and it never had to do anything till yesterday > but boy, I was glad I had it running !

It has a “trojan guard/monitor” feature that can run resident also. verry light on resources. That blocks a trojan running.

It unpacks many archives.

They also have a support forum.

Just check there web page out,

http://www.anti-trojan.net/en/Home.aspx
http://www.anti-trojan.net/en/features.aspx
http://www.anti-trojan.net/en/kbhlp.aspx
http://www.anti-trojan.net/en/hlp55710.aspx (Guard)

Just for curiosity. Which Trojan did AT block and where did it come from?

Some other good ATs:
Trojan-Hunter(with forum,too) http://www.misec.net/

or TDS: http://tds.diamondcs.com.au/

http://www.avast.com/forum/index.php?board=2;action=display;threadid=838

Virus came from the monster of all P2p’s > Kazaa (lite) :slight_smile:

TDS 3 : is indeed a verry good produkt > recommended as well. But not so easy to use as the rest. Although it can be used “out-of-the-box”.

Trojan hunter : a newcommer, but with verry good results.

Waldo

Persons who uses Kazaa, neds at least Brain Version 1.01, with this nice piece of “software” you do not really need a AT-Software. :wink:

Thanks for the hint > Can I download it from Kazaa ? lol ;D

I know that P2p is getting dangerous, and to be honest useless also. As most of the files are already infected anyway.

Using Kazaa is like going with a prostitute and don’t using a condom > it’s suicide on long term.

But sometimes (if your verry lucky) you can find good things.

Waldo

BTW: it is very easy to handle files from kazaa, by not download Software from it!:slight_smile:

They are often infected with Malware( Virus, Trojan, Dialer and so on) , so no AV-programm will be able to find all of them. Even not for Kaspersky with its “extended” Database (for adware, Dialer and other things)

Thats correct Raman, best thing to keep safe from the “source of malware” (Kazaa, etc) is not using it.

Everybody that plays with fire, WILL soon or later burn there vingers. Its just a mather of time.

Waldo

Is it a good idea to use an Anti trojan monitor even if you do not use P2p?

Well, the risk of getting infected is reduced offcourse. But not compleet gone.

A lot of worms & trojans are spreading on e-mail users also.

E-mail providers like outlook are vurnable to alot of exploits.

And most “online mail” >hotmail etc…are already scanned automaticly with antivirus software. But this doesn’t mean ALL the trojans are detected also.

So, the desiccion is yours. And a lot depend on your behavior.

Avast4 (and most recent scanners) detect alot of trojans, but sometimes they do slip trough the maze. And when this happens you will be glad if you have a “second defence”.

The changes are small, this happens (if your a careful user) but never say never !!

It happened to me, and with a few other forum members also.

Waldo

I was just researching Anti-Trojan 5.5 & I found this thread over at www.wilderssecurity.com.

Apparently it’s no better than any other AV for catching trojans. Here’s a quote from wizard, one of the mods.

Okay I made a quick investigation of AT-Watch with FileMon from Sysinternals. AT-Watch does not scan process memory. It just scans the files saved on disc and not in memory.

Therefore I consider AT to be useless like most antivirus software against backdoor trojans because it has no unpacking engine and no memory scan. So how does it protect against packed/crypted trojans which are more than common these days?

AT is IMHO just an old fashioned anti trojan program where runtime packer were not used at all and the files remain “static”

Yes, i’m a regular visitor of the Wilders forum also, and yes, i have read this topic.

But this post from “wizard” goes about the unpacking capablities of the resident guard.

It’s true that it only scans unpacked files and has no memory scan.

I never stated anywhere it does.

But it does block trojans & worms from running if there unpacked. (installed or executed).

On the other hand, the on-demand scanner does unpack and looks into archives.

Saying it’s no good, is wrong. It saved me ! does this still makes the program useless? Don’t think so.

Offcourse it would be better if the “guard” (on access) could scan unpacked files also, and maybe memory. But I don’t think there are Anti-trojans programs around that can do this. (maybe TDS-3)

A trojan CAN’T run unpacked. So AT (guard) reacts “IN TIME” when you try to install the malware (as it’s already or being unpacked then).

Waldo

I’m just reporting what I’ve found. I’m not a computer newbie by no means but I don’t understand alot about trojans & viri. That’s why I listen to other people & try to form my own opinion.

After reading your response I’ve decided to try AT. It is indeed very light on resources which is a very good thing as I’m always looking for software that’s light on resurces. That’s one of the main reasons why I switched my firewall from Sygate to Kerio.

Waldo, does Trojan Simulator can help in your tests?
If so, here is the link: http://www.misec.net/trojansimulator/
And a small Trojan list at http://www.dark-e.com/archive/trojans/index.shtml

Bye.

“AT-watch” (guard function of Anti-trojan v5.5) immediatly reacts when running the trojan simulator.

And it gives the option to block it, ignore it, and gives the choise of starting a on- demand scan to delete the found “test-trojan”.

Btw : about the simulator, i think i posted a thread about this a month or 2 ago in this forum :wink: thanks anyway for the help Technical !

http://www.avast.com/forum/index.php?board=1;action=display;threadid=512

Waldo

The ones who try TrojanCheck 5.0.4.1 (http://www.wilders.org/HTMLobj-925/install_trojancheck5041.exe) remember: there is a update bug in this version. The new (and by the author the last) TrojanCheck 6.0 is not so easy to download (broken links at the homepage). Beware of false positives too… :-\

ROFL. Brain Version 1.01 ;D
Nice one Raman.
For me Kazaa is a no go place. sooner or later you are bound to get infected, if using it.IMO.
Regards
Omik

Or the RIAA will get you. WinMX is the way to go. Your safe from the RIAA for now since they don’t seem to be going after WinMX users, yet. Of course you could get infected using any P2P program if you’re not careful.

These are the archives (packers) that Anti-trojan V5.5 build 421 is capable to unpack. (on demand)

And this way detect compressed trojans.

ACE, ARC, ARK, ARJ, CAB, DWC, PAK, ?Q?, GZ, LBR, LHA, LZH, RAR, SFX, TAR, TAZ, TGZ, Z, ZIP, ZOO

btw : Amerk_5 , RIAA is not active in Belgium.As far as our law in concerned, downloading software is still not illegal. You just may not upload software to P2p, or share anything.

Waldo

Another packed extensions to be protected, if it helps, ZGB, ZIP64 and Jar. :wink: