So many popups with Trojan Remover program

I have a program called Trojan Remover which you can snag a copy here:

http://www.simplysup.com/

Whenever I use the update feature of this program I always get popups. Even though I reply to remember it I will still get popups when I do an update again.

It never stops. I must have done 50 updates as a test and I still get popups. It never ends.

The best way to see what’s happening is to install TR and do a few updates. If you get the popups as I do then you will see what I am experiencing. If you don’t then what am I doing differently then you?

I don’t bother to remember anything since it doesn’t do any good for a subsequent update. I just allow it on the 2 popups I usually get.

As a point of reference, when I was using Kerio PF I would set a rule the first time I did an update from TR and that was the last I heard from KPF. This is in stark contrast to what I am seeing with CPF and TR.

Thanks.

Hi,

What sort of popups are you seeing? Because I got one popup and after selecting remember, i did not get anymore. If you can attach a screenshot of the two same popups, we can understand whats happening better.

Egemen

Here’s two pairs of popups. The exe in the message is sometimes found in the TR folder. Other times the exe is nowhere to be found. I wonder if the exes are being dynamically created for some reason.

[attachment deleted by admin]

Hmmm. It seems those parent applications are somehow randomly created so that CPF reports suspicious activity. But it is doing this for a good reason. A trojan would do exactly the same. I am not sure why a program should use different parents each time it runs its updater.

But you can disable this behavior by skipping parent check for “trupd.exe”.

1- Goto “Application Monitor”
2- Double click on a tupd.exe rule,
3- Select skip parent check radio option and press ok.

Now CPF wont show you a popup for each parent change.

Hope this helps,

Egemen

Skip parent check does indeed stop the popups.

If you only got the first two popups and never anymore after you ‘remembered’ the first too how come I still got the popups? Was the option to skip the parent check set for you but not for me?

Just read up on TR and sure enough it will generate a random exe name for itself. This is done to thwart off bad things that might look for the actual TR executable.

There is an option to turn off the random filename generator. I tried this and I no longer get popups with the random EXEs but I still get a popup about TR modifying memory or something like that. This is due to one of the Behavior Analysis options.

I suppose TR is going through great lengths so that the bad guys can’t detect it easily. I guess a trojan removing program has to think like a trojan.

You need to go to the application monitor, select the trojan updater program and double click on it. Then select the “Skip parent check” option and press ok.
This can not be done by using popups. So you must modify the rule from application monitor.

Egemen

Egemen:

I was changing my reply right above your last one when you were answering it. Check it out if you missed it.

Ok i see. So it creates random filenames. I dont think CPF will be happy to see random filenames. Because it will not remember any popup inthis case and ask you again and again. Disabling random filename generation of trojan remover would help though.

Egemen

hi i got trojan remover.but i dont get popups .the reason is i have zonealarm firewall installed.and when i do the first scan with trojan remover zonealarm tells me that a program trys to install its self called drummy.exe.i always deny this application.and it works fine with no pop ups at all.so this could be the reason. its a good program.hope this helps.ricky (:WAV)