siliconman01
Global Moderator
Trojans! Chew 'em Up, Spit 'em Out...
Gender: 
Posts: 5466
|
 |
How to Test THGuard using TrojanSimulator
« on: Mar 29th, 2006, 5:58am » |
|
This procedure explains how to test the TrojanHunter Guard real-time monitor.
Mischel Internet Security provides a test program that allows the user to test TrojanHunter Guard's real-time memory module. This test program loads a non-malicious (benign) element in memory. This element "looks" like a trojan but does NO harm to the user system.
The simulator is designed for testing TrojanHunter Guard; however, other security programs may/will also detect it if these security programs are active at the time the test is executed.
Download TrojanSimulator
1. Download the TrojanSimulator from this link:
http://www.misec.net/trojansimulator/
Please read the information on this web site page when you download TrojanSimulator.zip.
2. Save the TrojanSimulator to a floppy disk or other removeable media if available.
Reason: If stored on the normal C:\ hard drive or other hard drives that are scanned by security programs (including TrojanHunter scanner), the TrojanSimulator file will be detected as a malicious element during the disk scan.
3. Unzip the TrojanSimulator ZIP file to the same storage media. A folder named TrojanSimulator will be created. In this folder there will be three files:
- Readme.txt (Note: Please read this Readme)
- TrojanSimulator.exe
- TSServ.exe
Prepare System for the test
1. Ensure that THGuard is active in memory.
- Ensure that the THGuard setting entitled Automatically remove trojans is enabled.
- Ensure that the THGuard setting entitled Enabled is active.
2. Disable other security programs including the resident anti-virus program.
Run the test
1. From the TrojanSimulator folder, execute TrojanSimulator.exe
2. A window will appear asking the user's permission to install the TrojanSimulator element in memory. Click on Install. This will load TSServ.exe in memory. This window will stay open and the "Install" button will change to "Uninstall".
3. THGuard will promptly detect TSServ.exe as a malicious element in memory. It will remove it from memory and issue an alert window telling the user that it has removed a trojan element from memory. It also instructs the user to run a TrojanHunter scan of the hard drive. Acknowledge this alert window by clicking on Ok. The test was successful if this sequence of events occurred.
4. Exit the TrojanSimulator window by clicking on Exit.
5. Restart TrojanSimulator.
6. Click on Uninstall to remove the registry key for loading TrojanSimulator on system reboot. A message will appear that TrojanSimulator has been successfully uninstalled.
7. Click on Exit to close the TrojanSimulator window.
If the test was unsuccessful, click on Uninstall to remove TSServ.exe from memory and to clean the registry key for loading TrojanSimulator on system reboot. A message will appear that TrojanSimulator has been successfully uninstalled. Then click on Exit to close the TrojanSimulator window. Report the failure on the TrojanHunter User Forum for further assistance.
Assuming the test was successful
1. Using Windows Explorer, open the TrojanSimulator folder that was created when the downloaded file was unzipped.
2. Locate the file named TSServ.exe.tcf and rename it to TSServ.exe. THGuard added the .tcf extension to neutralize this file when it detected and removed TSServ.exe in/from memory.
Assuming the test was unsuccessful
1. Check the settings for TrojanHunter Guard and is running in memory.
2. Ensure that other security programs are properly disabled.
3. Request assistance on the user forum if necessary.
Additional Tests:
1. Perform a Right-Click scan on the TrojanSimulator folder using TrojanHunter Scanner. It should/will detect TSServ.exe as a malicious item. Let TrojanHunter Scanner "clean" TSServ.exe. It should/will change TSServ.exe to TSServ.exe.tcf when it cleans. (Note: Change/rename TSServ.exe.tcf back to TSServ.exe for future testing)
2. Perform a Right-Click scan on the downloaded TrojanSimulator ZIP file. It should/will find TSServ.exe as a malicous element again. Do Not instruct TrojanHunter Scanner to clean Tsserv.exe. If a cleaning is permitted, the user will need to redownload the ZIP file if it is needed again. (Note: For this test to work, scanning of ZIP files must be enabled in the Options of TrojanHunter scanner.)
NOTE:
Reference the link below for how to do a Right-Click scan using TrojanHunter Scanner.
http://forum.misec.net/board/FAQ/1143581662
Applies to all versions of TrojanHunter.
|
Mischel Internet Security Forum
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register