I have been evaluating TDS prior to purchace for my company.
I am a self employed PC tech, A+, MCP, MCSE.
I am about to purchace a licence to use TDS for the removal of trojans from my customers systems.

That said, I am at this moment working with the eval on a customers system. The system has a serial mouse and no other port for any other mouse, usb ps/2 etc. TDS finds and says it removes several traces from the reg, see below:

Scan Control Dumped @ 07:18:48 13-11-03
RegVal Trace: Worm.Alcaul: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [WinSrv=C:\winnt\system32\hiddenrun.exe WinSrv.exe]

RegVal Trace: DDoS.RAT.mIRC-Based: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Application=C:\winnt\system32\rmtcfg\files\hiddenrun.exe mdll.exe]

RegVal Trace: Worm.Randex: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Microsoft Netview=gesfm32.exe

RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [System Executable DLL Library=EXECDLL32.EXE

RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunServices [System Executable DLL Library=EXECDLL32.EXE

But cannot for whatever reason, I am exploring that on another post.
So I used safe mode to ensure no processes were recreateing them.

NOW FOR THE BEEF!!! There is no mouse in safe mode on this system.
I cannot delete any alarms with tds without a mouse, no keystroke will do it. :'( :-\ :'( :-X :o >:(

And for beef #2, when I have a system with lots of alarms they have to be deleted one ata time, >:( >:( >:( if keystroke alarm deletes worked I could do them in bulk.

See if that could be fixed up guys ... PLEASE!!!!

BTW: if there is a keystroke to do deletes and I after several hours of trying did not find it, please let me know.

Here are the keyboard shortcuts I could find in the HelpFile:

Keyboard Shortcuts

Keyboard shortcuts exist to make navigating TDS even faster. These are:

F1 - TDS Help file
F2 - SS3 Help file
F3 - Trojan Information
F4 - Reload Current Script
F5 - Discussion Forums
F6 - SS3 Editor
Shift+F6 - Edit Current Script in SS3 Editor

Ctrl+A - Autostart Explorer
Ctrl+I - Change Target Host to Last Resolved IP
Ctrl+L - Load Script
Ctrl+N - Netstat
Ctrl+O - Process List

Ctrl+P - Ping
Ctrl+R - Resolve
Ctrl+S - Scan Control
Ctrl+T - Trace
Ctrl+U - Update Radius Database
Ctrl+W - Whois Target Host

Ctrl+A - Activate Process Window (From Process List)
Ctrl+K - Kill Process (From Process List)
Ctrl+M - View Process Modules (From Process List)
Ctrl+P - Scan Process Modules (From Process List)
Ctrl+S - Scan Process Files (From Process List)
Ctrl+W - View Process Windows (From Process List)

Ctrl+C, Ctrl+X, and Ctrl+V are reserved for Copy, Cut and Paste respectively.

Thanx but I dont see anything re: alarm deleteing....

You're right, i tabbed through it and can highlight and press enter but not the menu with the wanted options shows up.
Guess it will not help to install the mouse another time? I boot more often in safe mode and there is a mouse, there should be!
Only way could be since you're in safe mode anyway and thus the files should be free, to open an extra MSDOS window and hunt for the files you see in the alerts display, if getting to the command prompt that way is possible on that system.

I have a bit strange question for Dale:

Dale, would you mind to give the mods permission to change the colour in your first posting from red to black?
I have such bad eyes that it is almost impossible for me to read it.
Thanks !
Of course this is not meant to hurt you, please be assured of that !

Scan Control Dumped @ 07:18:48 13-11-03
RegVal Trace: Worm.Alcaul: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [WinSrv=C:\winnt\system32\hiddenrun.exe WinSrv.exe]

RegVal Trace: DDoS.RAT.mIRC-Based: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Application=C:\winnt\system32\rmtcfg\files\hiddenrun.exe mdll.exe]

RegVal Trace: Worm.Randex: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Microsoft Netview=gesfm32.exe

RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [System Executable DLL Library=EXECDLL32.EXE

RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunServices [System Executable DLL Library=EXECDLL32.EXE


There you go Jan!
In such cases i highlight the text so getting default darkblue with white text, worse cases even copy it to notepad for myself or press the quote button to have it black, several options. Hope it helps!
BTW Jan: the mouse is not beef, what do you think? we're used to bigger pieces for that ;D

-{ Quote: " quoting: Jooske link=board=5;threadid=19492;start=0#msg119413 date=1074021438]
There you go Jan!
In such cases i highlight the text so getting default darkblue with white text, worse cases even copy it to notepad for myself or press the quote button to have it black, several options. Hope it helps!
BTW Jan: the mouse is not beef, what do you think? we're used to bigger pieces for that ;D
" }-

Thanks a lot Jooske !
Grin, I could use a big, fine piece of beef ;)

I thought "beef" was what we eat in a hamburger to mac donald, i guess that finaly it isn't that :)

Deleted Image Off topic. As per Pauls Image instructions - Pilli
Brace yourself for this Filet of beef tenderloin with Portobello-garlic cream potatoes, baby vegetables and pinot noir sauce, 8 ounces. The waiter is still getting the proper wine for you.

I changed the text to blue for ya FanJ

Re: beef jokes, har har :)

thanks you Jooske !

finally it is what i thought 8)
we just see there another meaning ;D

=> to the thread started, i am not kidding you, english is not my native language and i like to learn ;)

Bon apetite! (sp?) Aanfalluh!! (that's not the good dutch expression, mind you!)

We knew TDS is only limited by our own limits in imagination, we even have a very inspiring cooking book in the build in the DCS forum, it is possible with some scripting (in the registered version without limits) to use TDS as a central steering system in your whole house from waking you up with your favorite tale and music, to starting your coffee machine and other breakfast necessities, while collecting and sending your emails all voice commanded, calling your local super market for the groceries and starting your oven with that beef, oh and by the way it is the top in trojan/worm and other nasties detection/protection soooooo we can have fun during all that.

what ? TDS detect trojans ? i thought it was just doing coffee :)

oh and... Bon appétit Jooske ;)

Beef is nice, but staying on topic here :)

No need to go to Safe Mode to delete these, in which case you will have a mouse. I would suggest using ASViewer to find any references to these trojan files and deleting them. If any files are not identified by TDS please send them to submit@diamondcs.com.au before nuking them !

As I said I was takeing care of the actual infections in another post, they have been since eradicated with asviewer and hijack etc.

This thread was to post the 2 anoyances I had with TDS

1) no way other than mouse to delete alarms.

2) no way to delete more than 1 alarm at a time.

Thanks, your mentioning these issues will help us in future builds :)