When i want to run TDS3 the following messages appear on my screen:
c:\tds3\xdynamic\tds.cfg\scanctrl.cfg was missing but has been restored by DCS file protection system
c:\tds3\xdynamic\tds.cfg\sockets.cfg was missing but has been restored by DCS file protection system
c:\tds3\xdynamic\tds.cfg\sockopt.cfg was missing but has been restored by DCS file protection system
c:\tds3\xdynamic\tds.cfg\crcfiles.txt was missing but has been restored by DCS file protection system
c:\tds3\tds3.kf was missing but has been restored by DCS file protection system
Each message has an OK button to let it disappear.
After that the TDS screen appears and the same sequence follows!
Pressing OK let the messages disappear and then TDS3 runs without giving any alerts!

In my virusscanner the following message shows up:25-6-2003,13:03 WARNING: AVGuard detected a problem in the file
C:\DOCUMENTS AND SETTINGS\USER01\APPLICATION DATA\MICROSOFT\PROTECT\S-1-5-21-1390067357-1957994488-854245398-1003\PREFERRED
INFO: This executable has an invalid start address!
25-6-2003,13:04 WARNING: The Trojan horse TR/Aphex.030.B!
C:\TDS3\DCSFPS.DLL
File has been deleted!
25-6-2003,13:24 WARNING: The Trojan horse TR/Aphex.030.B!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F973F5D6-89CE-46AF-855E-44DF9B5B32AF}\RP68\A0016677.DLL
File has been moved to quarantine directory!
25-6-2003,13:25 WARNING: The Trojan horse TR/Aphex.030.B!
C:\TDS3\EXT.PLUG\NBSRVEM.EXE
File has been moved to quarantine directory!
25-6-2003,13:25 WARNING: The Trojan horse TR/Aphex.030.B!
C:\TDS3\EXT.PLUG\SMTP.EXE
File has been moved to quarantine directory!
I tried a few times to start TDS3 but everytime the described procedure follows.
What's wrong here?

Hi Hendricus,

Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".
Be sure to get the latest version (1.95) since that also lists running processes.

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter

Hi, Pieter, here's my
Logfile of HijackThis v1.95.0
Scan saved at 15:49:19, on 25-6-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\DllHost.exe
C:\Documents and Settings\User01\Local Settings\Temporary Internet Files\Content.IE5\KNBNM85L\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: AdShield (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

Hi Hendricus,

I don't see anything wrong in your log.
Since I can't tell you what the TDS files are for, I'm moving this thread to their dedicated forum.

Help is on it's way. ;)

Regards,

Pieter

Thnx, Pieter! I know help is on it's way!
Some supplementary info: Housecall and Spybot did find nothing, AdAware showed the following message:AVGuard detected the virus c:\docume~1\user1\locals~1\temp\16491753251 in file the trojan horse TR/Aphex.030B.
All this mess started with an update for Antivir. Could it be possible that.... :P

That netbus emulator is one of the plugins of TDS and in no way the netbus server or other infection.
The other files are systemfiles and even your keyfile (!!!) for TDS and very valid.
You better alert Antivir for their false positives, for which alert they should be really grateful.

Hi Hendricus,

You mean during an AdAware scan this message from AV came up?
It should give you no problems to completely clean out your Temp folder.
It is certainly worth a try. Boot into safe mode, empty the Temp folder and see if all goes well.
Maybe you will have the same routine once more, because TDS has to recover his files.

Regards,

Pieter

@ Jooske
Hi, I will certainly inform Antivir about this!
But[blush]what exactly is that netbus emulator you mentioned?[unblush].
Since the message stated:....was missing but has been restored by DCS file protection system, I wonder how these files and the keyfile will be put back?
@ Pieter
Hi, I will do this a few times to see what happens.

Both of you thnx for now.

From the TDS HelpFile:
-{ Quote: "This plugin will act as the Netbus server on your PC.

Someone using the Netbus client can connect to the PC and execute commands without actually receiving any information.

He/She will become baffled as to why they can't control your computer, and eventually give up.

NOTE: The plugin has to be initially installed. Go to MS-DOS prompt then go to the Plugins directory.
type in:
nbsrvem.exe /install
" }-
Dolf

Hi Hendricus,

I'm sorry, I was unclear. I didn't mean you had to clean out the Temp folder several times. All I ment to say was clean out the temp file and the next time you start TDS you will have to go through that routine of recovering files again. (Hopefully only once)

Regards,

Pieter

You might prefer to go back to the former Antivir database as well if possible.
Clean all caches, IE caches, all that.
System restore? if it continues, disable that, reboot, see if all is clean and enable system restore and make manually a new restore point.
The keyfile you might have to find back in your registration email and put it back in TDS.
If not found back, email DCS and they'll send you a new one.
If still troubling you, you might like to uninstall and reinstall TDS from a fresh d/l (don't forget to grab separately the scripts then!) --if you didn't recently get the last TDS update with very small fixes, not really worth the trouble if TDS is working fine and you can live without the F5 jumping you in the DCS forums.

Heya, wait a moment, why all the trouble if you have system restore, back to before yesterday should bring you back in the "clean" situation, wouldn't it?

hihihi 4 dutchies here, all writing english... :D

@ Dollefie:
Hi, is that nbsrvem.exespace/install ?

@ Pieter,
Hi, I twice scanned with antivir and it shows no virus alerts anymore.
Removing thec temp folder didn't change anything, I still got these messages popping up.

@ Jooske,
Hi, I thought about a system restore. Wait and see what happens

Jooske, I think your way using system restore will be the best idea whilst Hendricus should also inform the av vendor about a possible false positive.

BTW I'm English and appear to write double dutch! :o

-{ Quote: " quoting: hendricus link=board=5;threadid=10682;start=0#msg69441 date=1056557367]
Hi, is that nbsrvem.exespace/install ? " }-
Yes
Dolf

What kept you so long to jump in, Alan?

Teach me that DD please! :P
Heineken, Amstel, Grolsch, Brand, Bavaria, all single names :(
Not that i drink it.

That nbsvrem.exe needs to be installed
From the TDS Helpfile
"NOTE: The plugin has to be initially installed. Go to MS-DOS prompt then go to the Plugins directory.
type in:
nbsrvem.exe /install"

Well, for the first time since I installed XP Pro it refuses to perform a system restore.
I,m going to do the following: Uninstall and reinstall TDS3, uninstall antivir and not reinstall it ( install AVG or avast!4 instead) and inform Antivir.

On our nice dutch helpdesk helpmij.nl we often state that stupid questions don't exist. Well here i try one: how do i do this: "NOTE: The plugin has to be initially installed. Go to MS-DOS prompt then go to the Plugins directory.
type in:
nbsrvem.exe /install" .

Start > Run (Uitvoeren) > cmd > Enter
CD \Program Files\TDS (or whatever location you have) > Enter
CD Ext.Plug > Enter
nbsrvem.exe /install > Enter
QUIT > Enter
Dolf

This is not going the way i want it. See the attachment:

- Trimmed white-space off image to fix thread width - LWM

Not nice!
Or was it installed already?
Maybe it works well from
windows START > run (uitvoeren) >
search for (bladeren) TDS3 > Ext.plug > nbsvrem.exe > open > behind what you'll now have in the path
type /install so you get
c:\tds3\ext.plug\nbsvrem.exe /install
OK
Hope it works then.

The file is allready installed but contains 0 kb. I removed it and than repeated the procedure. Still doesn't work.I put the empty file back. What next?
Btw Jooske, the file itself is called nbsrvem :)

I uninstalled and reinstalled tds3.
I uninstalled Antivir and installed Grisoft AVG.
Both succesfully.
The problems described earlier have disappeared.
I thank you all for your support. Till next time.

Nice job, hendricus.

Let us know about Antivir´s response.

Regards,

Pieter

Hendricus that is good to hear! ;D

Jooske, English politicians & drunks speak double dutch naturally :P
I have been rather busy clearing out ready for the plumbers on friday, just jumping in when I get a free moment or two

Is it that simple?
The Antivir crew admits that in the vdf version 6200016 a false positive (ein Fehlalarm) was active.The newest vdf version 6201018 succesfully dealt with that problem, so they say.
That's good to know, but I'll stick to Grisoft ;)

Good to see you dripping by then Alan, hope the plumber will concentrate on his job well, so we see you back floating in soon!
Even without Alan's douible dutch instructions (tradesmen speak it naturallyu too, btw) i am good in typo's Hendricus.
The size 0 file came thanks to windows, when it can't run a file it creates one with size 0 kb, which can block the real thing from being started, so worth occasionally to look for them and delete them.

The av/at definitions are an intensive work, so errors are rare but always possible, and about all software has dealt with them very occasionally but it's their responsibility to have a corrected database available asap after discovery. It's sad it was so destructive on your system thjis time and caused so many problems and worries.
I hope in a next occasion you just can go back to a former restore point and all is well again.

In case you do have to uninstall TDS, make sure you first uninstall the exec protection if you had that installed (registered version) and install that again after installing TDS. After that reinstall of TDS you now know how to install the netbus server emulator too. I killed it from the autostart btw, only start it very ocasionally.

Just reinstall TDS over itself now, as some files were deleted by the false positive that was coming up