Dilraig
August 14th, 2003, 02:10 AM
Question about detection & recovery. But I'll run through the details first.
I manually run TDS3 on an XP box (NTFS format).
Startup scanning is configured:
boosted TDS3 token privelages
Process File Scan
Memory Mutex Scan
Registry & File Trace scan
1. Started & finished with a clean result.
2. Ran Adaware - reported h@tkeysh@@k.dll
3. Re-ran TDS3 - selected hard drive scan thru "Scan Control" - All scanning options flagged except "Scan for Clients/EditServers"
Result: Positive id Keylog.HotkeysHook (dll)
Identified what I expect are the source files which it was embedded in... a 3rd instance was found in the web browser cache (Opera used to download files).
The way I have TDS3 configured on start up, did not detect this keylogger.
Is it unusual for a memory, process & registry scan not find a footprint of this type of trojan?
Besides the source files (fyi trainer progs for the game "Battlefield 1942" from http://www.trainerscity.com) and the actual dll... should I be looking for any other malware files from this trojan?... I did a little research & found some cleanup instructions (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_HOTKEYHOOK)which mentions other files, which I have searched for & cannot find (post using TDS3 to delete identified files).
Feedback appreciated.
:)
I manually run TDS3 on an XP box (NTFS format).
Startup scanning is configured:
boosted TDS3 token privelages
Process File Scan
Memory Mutex Scan
Registry & File Trace scan
1. Started & finished with a clean result.
2. Ran Adaware - reported h@tkeysh@@k.dll
3. Re-ran TDS3 - selected hard drive scan thru "Scan Control" - All scanning options flagged except "Scan for Clients/EditServers"
Result: Positive id Keylog.HotkeysHook (dll)
Identified what I expect are the source files which it was embedded in... a 3rd instance was found in the web browser cache (Opera used to download files).
The way I have TDS3 configured on start up, did not detect this keylogger.
Is it unusual for a memory, process & registry scan not find a footprint of this type of trojan?
Besides the source files (fyi trainer progs for the game "Battlefield 1942" from http://www.trainerscity.com) and the actual dll... should I be looking for any other malware files from this trojan?... I did a little research & found some cleanup instructions (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_HOTKEYHOOK)which mentions other files, which I have searched for & cannot find (post using TDS3 to delete identified files).
Feedback appreciated.
:)