A quick lesson on catching a trojan user?

Discussion in 'Trojan Defence Suite' started by coolartist, Oct 9, 2002.

Thread Status:
Not open for further replies.
  1. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    You know what would be awesome? Ok...a quick easy to follow tutoral...on steps to take after positively identifying a trojan on your machine...with/without the great pictures like the one FanJ did on configuring.

    WHAT IT WOULD TEACH:
    (1)You have possitively identified a trojan process but it is only listening and not connected.What steps should be taken immediately and then how can you set a trap to catch the jerk who is spying on you....and when you have him connected...?What are your options and a quick explanation of how to use the tools appropriate for those options.

    It would be great to have already run thru the steps and be familiar with the actual hands on steps to take in the event in of an actual occurrance so we can act quickly.

    Alot of us got this program as a security measure...but alot of us already have a trojan on board when we crank it up and get hit in the face and not know what to do.

    The help section is great and very informative.But....there is nothing like an actual step by step set of instructions that puts it all together for you and lets you act it out....and THEN YOU ARE READY...rather than piecing it all together for the first time in an actual attack!
    When I turned on TDS-3 I had a *remote anything* immediately busted...up and running...after a full scan I have a *suspicious file with a double extension*also and a *RegVal trace*(I believe it is leftover from the trojan I killed but I have absolutely no idea what to do with) and a *change has been detected in the auto start registry*

    *After* the removal of the trojan found running...a program mysteriously opened up on my desktop for no reason.Never done that before... and I'm getting disconnected from the internet for no reason....

    Please don't misunderstand...I absolutely love this software..it's hammer time for the nasties...it's the only one that actually does what it says it will do!!!!! I just sure wish the help file was a little more hands on...and newby friendly.I'm spending hours and hours and hours trying to piece it all together when I could be making money...if I had a tutoral to follow I could learn it in 15 minutes....and get back to work.

    The help section tells me what a regval trace is but doesn't tell me what to do with it.

    The help section tells me what a suspicious file is but doesn't tell me what to do with it and how to smoke it over and dertermine if it's an actual threat.

    The help file doesn't tell me what to do about a change detected in my registry....I look in there and I say"AHHHH...WHERE? YIKES !!!!" and if I knew what the change is...where do I go from there? Wouldn't it be great if the next version *showed you the change that has taken place?*

    If somebody would like to put together a quick tutoral to post here on the above mentioned subject (how to catch and measures to take in an actual event)...I would love to participate any way I can(if asked) and do anything I can do to help to help other first time users.

    I've got SnagIt 6 and if someone would give the information step by step... I would be happy to record the window frames and help put it together if needed.I think it would be fun and I will take the time!!!
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Think you will find all in the Helpfile; have a look especially at those very understandable parts here, most with nice screenshots:
    - Disinfection - Removing trojans
    - Hunting Unknown trojans
    - Ok, somebody just connected to one of my trojan Ports - I've got their IP address, now who are they?
    - Scan Alerts

    Does the RegVal point to a registry key so it could \run\ and be reloaded at reboot? If it was not removed already completely, you might like to look for that key to remove it. As you saw a autostart change already.........
    You should try to watch what happens on your screen.
    "A program popup to run what never happened before" is so vague:
    people are not going to download the (commercial) program you mentioned to infect and delete to see what you might possibly mean. Since you have the screenshot possibility, you might like to use that or trying to name the program running.
    This you can check with TDS > System analyses > Process lists or contr+alt+del
    It sounds as if not everything is away, was it an error message telling it could not find ... blabla, or the remote controller not able to find your tool, nobody can tell you this way.
    You might like to tell if after new reboots you had the same
    happening or never again, etc etc etc. But please mention program or functions names.
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol yup that would be nice.

    lol i try reading that once joosky i got lost to many big words lol=)

    rember when we say newby we say it in caps NEWBY

    lol and thats what i am.

    good example compare my gramer and spelling to yours joosky.

    same thing with compareing a newby to pauls expertise in computers lol

    i truly think your the sm,artest girl in the world i think youd be a great writer your very good with your words in liture
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    When spellchecker's not failing it seems to be readable at times.
     
Thread Status:
Not open for further replies.