forum.vdsworld.com

vdsworld · **Admin Team** Joined: 02 Oct 2003 Posts: 8

A trojan horse appears to be found in the VDSVdd.DLL

If you have any copies of this file, DELETE AND DESTROY THEM AS
SOON AS YOU CAN.

marty · Professional Member Joined: 10 May 2001 Posts: 789

Any more surprises like that?

Man those guys should do something else with their fingers.

Evil or Very Mad

FreezingFire · **Admin Team** Joined: 23 Jun 2002 Posts: 3508

Did you download it? Sad

marty · Professional Member Joined: 10 May 2001 Posts: 789

I did, but never used it.. Wink

Serge · Posted: Fri Oct 03, 2003 9:16 am Post subject:

thanks for the warning

serge

jules · Posted: Fri Oct 03, 2003 9:37 am Post subject:

TCPView http://www.sysinternals.com/ntw2k/source/tcpview.shtml is a good free tool that will show you what is communicating over the Internet, and to where.

CodeScript · Posted: Fri Oct 03, 2003 10:12 am Post subject:

Jules thanks for that info It will be very useful Smile

BTW I advice against anyone experimenting/risking with this dll to see where it connects.

Doctor · VDS Pirate Joined: 22 Sep 2003 Posts: 5

vdsalchemist · Posted: Fri Oct 03, 2003 7:47 pm Post subject:

Hi All,
I don't think this file is a Trojan Horse. If you look at the file with a hex editor you will see that the author or the compiler that the author used has written a string at the end of the file for registration purposes. I scanned this file with Norton Anti-Virus that has the latest dat files and it did not report anything wrong with the file.
Also note that this DLL has what I think is some kind of ActiveX security system as a binary resource. I am not saying that this file is safe but I am saying that so far I have not found anything that really looks bad in the file at the binary level.

Doctor · VDS Pirate Joined: 22 Sep 2003 Posts: 5

Yes mindpower, the string at the last of file is Not_Registered.

The dll was packed with tElock Compressor/Protector
http://www.softnews.ro/public/cat/5/2/5-2-6.shtml

Garrett · Posted: Fri Oct 03, 2003 9:50 pm Post subject:

I see that also the VDSZIP.DLL has been disabled on the main site, I
assume because it also was from the same author.

I've used both of these dlls and neither have attempted to make any sort
of connection through or to the net. I have not lost any data, had any
crashes, any infections, festering warts, lockups, lockouts, lockins, files
added, files deleted, files mauled, files raped or fondled or anything else.

I have also had no AV warnings at all on either of these dlls.

Either these dlls have found a way around AV's and Firewalls, or you are
mistaken about them being a trojan.

Has anyone recieved a warning from their firewall or from an AV program
regarding either of these dlls??

-Garrett

PGWARE · **Web Host** Joined: 29 Dec 2001 Posts: 1566

I asked for those two dll's to be pulled temporarily until we find out if they are indeed valid or contain suspect code.

Garrett · Posted: Fri Oct 03, 2003 10:24 pm Post subject:

Better pull the vdslists.dll also, as it also contains the same exact
references to wininet and urlmon as the vdsvdd.dll.

I also noticed that several other dlls seem to have what looks like
something attached to the end of them also. I would have to assume that
these are most likely the registrations routines.

I've only checked a few dlls, but more might contain the references to
wininet.dll and urlmon.

-Garrett

PGWARE · **Web Host** Joined: 29 Dec 2001 Posts: 1566

Garrett the difference between vdslists and the other dll's is we all know Tommy and Tommy wouldn't do anything like this. On the other hand while you are listed as the author of the vdszip, it was another person who actually wrote and compiled this dll for you.

We've asked you several times who this person is that wrote the dll for you (and who we suspect is Hallowin - a previous pirate and problematic person here) and you never did give us this persons name.

No one is questioning your character here and no one is suggesting that you are intentionally putting trojans in your files but the person you are dealing with and is building dll's for you (since you won't give us the name, we can only suspect who it is) is someone who cannot be trusted. There's no telling what is put in that code before he compiles and gives it to you.

After being told who this person is you continue to work with him in the hopes of 'helping him change his ways'. I don't think this person will ever change their ways until they grow up, in the process you 'MAY' let me stress 'MAY' be putting out files that are infesting other peoples computers. I really don't think its worth ruining your reputation and
'MAY' be runing peoples property to try to help someone who 'MAY' be deceiving you.

You can easily solve this by having any dll developer here take a look over the code to see if anything malicous is in it and then allow them to compile the dll for you. Of course if you need some agreement or contract that the developer cant use your code for any other reason this I think would be more then appropriate for any developer here willing to help you.

CodeScript · Posted: Sat Oct 04, 2003 1:04 am Post subject: