Trojan Hunter 3.0 fully compromised !

Read the following paper (in the middle of page)

http://www.astalavista.com/trojans/library/trojans/misc/

After reading this > be smart and buy another AT.

Johny23

I followed the link in the previous post. The article started me seeking information about ADS’s, Alternate Data Streams. For those that don’t know, ADS’s provide a means to attach additional content to a file on NTFS-formatted hard drives. To see an example of this: select a file, bring up its Properties Box, and select the Summary tab. The data for the fields listed there, such as Title, Keywords, Comments, and so on, are stored in an ADS named
?SummaryInformation. (The ‘?’ is an unprintable character.) Another typical use is to attach a thumbnail to an image file. As indicated, this content can be anything, text or binary. Text content can be harmless, like the file attributes above, or it can be dangerous – a malicious script; binary content can be something benefical, for example an audio stream, or it can be a malicious ActiveX Control or executable.

Did you ever wonder why an NTFS-formatted disk has so many files with a zero-byte size? The content in ADS’s (there can be more than one) is attached to a file virtually invisibly. The DIR command and Explorer only display the size of the file’s main data stream, and they do not display the names of any ADS attached to a file. Data can be added to a file by an ADS-aware application like Notepad, which can also be used to view and edit it if you know the name. Once created, an ADS is unaffected by changes to the file such as editing, copying, moving, and renaming; the only way to to eliminate it is to delete the file or move it to a FAT or FAT32 disk. (There may be specialized tools available to rename or delete an ADS.)

avast! users will happy to know that it is ADS-aware and can detected malware hidden in an ADS, but only under some circumstances. I downloaded an EICAR test file (a 70-byte .com file), renamed it to StreamedEICAR_Test.txt, and moved the test virus into an ADS, replacing the original contents of the file with a description of my test. I scanned the file using the Scan … command from the Context Window in Explorer, and avast! alerted me to EICAR’s presence. avast! did not warn me when I opened the file for editing and saved it, but this was expected since I don’t have avast! configured to scan text files upon opening or creating/modifying. However, it is configured to scan batch files. I made a copy of the file, changing the extension to .bat. To make the new batch file execute without error, I added an @ECHO off command as the first line of the file, placed ECHO at the beginning of each line, and added a PAUSE command as the last line. I then saved and ran it. avast! scanned the file when I opened it for editing, when I saved it, and when I executed it; however, it did not detect the presence of the “virus.” But, when I scanned the file manually, avast! alerted.

Regards,
Hornus

I woould not buy Trojan Hunter 3.01, too! If, i would buy Trojan Hunter 3.7! :slight_smile:

I would not buy Trojan Hunter 3.01, too! If, i would buy Trojan Hunter 3.7! :)

That’s correct > the problems with 3.0 are solved along time ago !

trojanhunter V3.7 or V3.6 is again one of the best around.

Waldo