cyber challenged newbie needs help

Discussion in 'Trojan Defence Suite' started by coolartist, Oct 6, 2002.

Thread Status:
Not open for further replies.
  1. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    :'(Ok...right off the bat...I'm not stupid just ignorant of a few basic operator skills and totally paranoid of screwing up something I know nothing about...somebody please have patience with me.No question is stupid if you really don't know the answer....

    Ok:I am a Windows Me user.I downloaded tds-3 and found it wouldn't open.Then discovered I need to download some files.
    RE:problem:I am supposed to go to the registry and make a backup of my files.Then I am supposed to put the files in there.
    (1) How do I find the windows systems registry?
    (2) How do I backup the existing files?
    (3) How do I check the existing files and what do I look for?
    (4) How do unload the new files in the registry?

    Would someone please be kind and walk me through this? I am very anxious to run this program....thanks
     

    Attached Files:

  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    hi coolartist, welcome to the wilders forum!

    i do not use Windows Me, but i do use TDS-3. but maybe i can ask a few questions that might help other's understand better what your problem is?

    TDS-3 comes with the required system files in the download, and all you would normally have to download additionally would be the updated Radius database files, which you would place in your TDS-3 folder.

    i am wondering if you are referring to this?

    - snip from TDS-3 Required Files page -

    R E Q U I R E D F I L E S
    TDS-3 requires these system files for it to function. If you get 'Kernel32' errors, or any errors involving any OCX file listed here, then you will need to download and replace with the versions required by TDS-3 from here. Either download these, or download the single 2.0 meg zip containing all the files (Windows 9x users only)

    did you get this "Kernel32" error message then?

    snap

    *sorry...not yet awake...LOL, corrected missed words :)

    also, WinME does have a system retore (roll-back to earlier date)...but i have not had experience with WinME's restore feature. Are you familiar with that at all?
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    also, in this forum here, at the very top, you'll see a thread there by FanJ's that may help better to explain the required files.

    were you able to find that thread ok?

    (don't worry..sit tight, someone with more experience using WinME and TDS-3 will be soon)
    :D

    snap
     
  4. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Thankyou for answering me.This has been blowing my mind.Ok..yes I was referring to the files you indicated.When I double clicked on the icon to start the program it did't do anything.I tried over and over and over.When I hit ctrl+alt+del and looked at the running programs "TDS"is listed as running.
    The only thing I could think of was that I need those files updated.

    I have the riched32.zip and the systemfile folders both downloaded and on my desktop...but haven't done anything with them....basically because I don't have a clue what in the world I'm doing...lmao
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    LOL! not to worry, you are in good hands ;)

    Jooske is here now, she is our TDS Moderator and will be better able to help you with any questions regarding TDS-3.

    don't do anything with the files you have d/l'ed yet, you may not need them. i know when i d/l'ed TDS-3 trial version to my son's WinME, i didn't need any additional files, all i needed was the updated radius files....but every system is different (and confusing sometimes too).

    snap
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi hi, what a confusion eh?
    So you downloaded and installed TDS or didn't you come that far yet?
    (close everything, most of all your anti-virus program!, click the downloaded file and have it installing default, if that is a directory under "program files" for instance)
    That should succeed. Allow it to make an icon on the desktop for opening it.
    When you click that, what exactly happens?
    Nothing at all or some error message?
    In case nothing, if you then click one time contr+alt+del do you see in that taskmanager TDS as a running proces but probably hidden from view for you or isn't it there at all?

    In any of those cases, if the console doesn't show for you, it might be a question of required system files, which might have been overwritten by other installs, can happen all time.
    So do have a look at the files on the page you found already and open your windows explorer, hunt for all those files (one by one) from there and once you found one, right click on it to look for it's properties and version number.
    You might like to copy the names which differ on your notepad till you went through all of them.
    I'd suggest you save that notepad on your desktop to find it back easily.
    You only needed to look for the Win9x / WinME required files, not the NT /2000 or others.
    Now you look for differences between those version numbers, and you even can miss some files.
    Don't get confused if you see something like 6.00.8884 or 6.0.88.84 as that is the same version but different windows systems have the habit to display it differently. Same with a thing like 4.10.8899 or 4.1.88.99 etc.

    Right, so you see you don't have to touch the registry at all!
    If there are files you have to replace, i suggest you copy the original first, for instance you make a folder in which you place a copy of the original file or you copy it renaming it with adding .old behind it, for instance.
    As the files are probably in use, you might not be able to do so immediately. the new files, you probably download in some download folder, right?
    Say you have file.ocx rename it to file2.ocx and place it in the same folder where you found the original file you want to replace, most probably you will find them in windows\system .
    So now you have the original file and it's coming replacement file2 in the same place one beside the other.
    Reboot and get into MSDOS.
    Via MSDOS go to that directory c:\windows\system, you might like to be sure and move that original to a special folder you created or you rename it to for instance file1....
    (type behind that c:\windows\system ren file.ocx file1.ocx <enter> and ren file2.ocx file.ocx <enter> )
    and the replacement file2 you give the original name.
    All files ready?
    OK, reboot in windows, try to start TDS and see if it works now.
    So in this way you still have your original file just in case.
    If windows would not work at all anymore because of such an action (which could only be possible with typing errors i guess) you still canh go back in the same way via MSDOS.

    Please let us know how it goes with this part, after we can continue with next steps.
     
  7. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Thankyou Jooske for answering me so quickly...are you ready for this? Your gonna put your face in your hands and exclaim"gee wiz"...sorry....
    (1) how do I open up windows explorer?
    (2) which files are you specifally referring too....the ones that I downloaded?...they are...riched32.zip and another folder that says:system file...
    (3) If so how do I open them to examine them....thankyou for your patience...
    (4) Do I extract them into a folder and then examine them and then later just drop that whole folder to the proper location when that is determined?

    Again...thankyou for your patience...
     
  8. controler

    controler Guest

    Look at this thread. I posted a link to a program that lets you replace those system files in MS-DOS or in Windows. The link is the last one in my post I believe. Let me know if it worked for you?

    http://www.wilderssecurity.com/showthread.php?t=4010
     
  9. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    sorry...that link appears to be on a topic of norton antivirus
     
  10. controler

    controler Guest

    Sorry to confuse you.

    Yes the main thread is on Norton Anti-virus but as you scroll through the posts to the bottom of the page you will see controlers posting.

    To simplify things I will post the link directly to the site where the software can be downloaded.

    http://www.kraftig.com/InstallFile/
     
  11. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Thanks Jooske....coolartist
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    How far are you at this moment?
    If you rightclick the START button on your taskbar, you have an option to open the windows\explorer.
    Probably it will point to the "start menu" but don't worry, just scroll a little down once there till you see "system"
    And i think there's where you'll see those files when hunting for them.
    As you did see TDS running but without showing the console, i think you're on the right way with replacing system files, only now is to find out which ones you need.
    Now i really hope you have the configuration so you see all possible files and their extensions.
    If not, we'll first put those on.
    You're now in that windows\explorer, and on top in the menu's you see the TOOLS, last of that will be folder options (i have to translate from my not-english version, so i hope i have the right terms for you, or others will be glad to correct me here)
    So click those folder options, and the second tab (display or view?)
    Make sure you check the first "display all options ..."
    you uncheck the hiding of extensions and the secured operating system files, so you should be able to see everything with that, and the last radiooption choose display all hidden files and folders; apply, OK and refresh the screen with View > refresh.
    As you were in the windows\system already, you will see all those files (i hope); when you see one from the list of required files, right click on it, to see the properties and version, which you might like to write down carefully for yourself.
    If you don't find them all, left-click again on the START button, see the "find" (search?) icon, choose files or folders, and type the wanted filename in there to see if it might be in another place on your system, or you might miss them completely.
    So you search through every filename from the required file list you had already.

    The files you downloaded, you can unzip by clicking on the zipfile and it will unzip itself (you do have winzip on your system, don't you?). You seem to have something like that as you did unzip/install TDS itself already.
    Do unzip them in the folder Winzip will create for that, so you have them all together.
    With that you can compare the version numbers and replace what is necessary.
    Might be in the first place the OCX files.
    Now you've located the files, place and versions and differences with the required files, so now you know which files to replace.
    From here you go to my former posting in this thread and i think Controlers posting in general terms how to replace system files in MSDOS will give a good step by step tutorial.
    You did close TDS via that contr+alt+del i hope, so after the reboot windows will take the new files versions.

    From here, after you replaced the files and rebooted and tried to start TD again, let us know how you're doing.
     
  13. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Thanks Jooske...I understand that...I can follow that...one more question....how do I enter safe mode..easiest?
     
  14. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hey controller, tried the program you suggested as the msvcrt.dll version on my computer was older and I know very little about ms-dos. Worked fine on my Win98SE system. Probably unneeded for a lot of users, but for me, I prefer using a program such as this, for situations where I am not all that comfortable with the "usual" methods. Thanks for the hookup!
     
  15. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Heya Jooske....ok...I found all those files in search.They are all presently in the machine.
    The only difference is in the size of kb's in two of them.

    (1)*riched32.dll*= 208kb (file presently on system)
    (2) *riched32.dll*=170kb (file from download

    (1)*richtx3*=191kb (presently on system)
    (2)*richtx3*=199kb (file from download)

    Is that the problem ya think? What now? Do you want me to copy the ones on the machine and insert the new ones with the difference in kb's? <climbing slowly out of the swamp here>

    MSDOS your referring to is *safe mode* correct? What is the easiest way to get to safe mode? I know this is like being an air traffic controller trying to explain to somebody how to land a 747 who has only been a passenger...lmao :)
     
  16. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hello coolartist, In order to determine which version of the files are newest, right click on the file in question. In the menu that appears, click on the properties button. After the window opens select the version tab to see the version number. Do this for each file you need to compare. I can't say if this will fix your Tds problem or not, if you replace any older files with newer versions, but can't see how it will hurt either. Jooske is referring to MS-DOS, which is not safe mode. I don't use WinME myself, but seem to remember reading somewhere that there is not an option to reboot in dos and that you have to use a boot disk to get there. I am not sure of this so wait for a reply from someone who does know. In the meantime, in an earlier reply from controler, he recommended that you try a program which makes this much easier to do. If you like, download it and try it out. I tried it out earlier and it works fine on my Win98SE system. Good luck and don't give up. Lots of knowledgeable people here. They will find a way.
     
  17. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Hey thanks...I downloaded the program but it's another classic*I don't know how to use it thing*.But once I do something once I will have learned it.

    How do you apply the program once you decide where to send the files? Thanks viet vet. Glad you came home!!!!!
     
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    With safe mode you do start windows but with only very few programs, and not few enough to do your replacement, so you really need to get into MSDOS.

    First make sure about the files version numbers, as size doesn't tell nothing about that.
    So make sure which files of the several are really needed for replacement, like described.

    The tool Controler wrote about sounds really nice.
    As i saw the screenshot it's just browse for the new file to replace the old with in the one line and in the other the old file which has to be replaced (so you don't get typos too) and i don't have it but if i read well you will be lead through the necessary steps.
    But i would not like to lose the original file till i'm really sure (99% of the cases it's no problem to replace with a newer file, but it can happen a program functions less or not at all with a newer dll so this is why i recommend --like is said on the DCS site as well-- to make a copy or backup the original before replacing it.

    Right, from having your safety copy like said in the first posting you continue in either the way with Controlers nice program or to the MSDOS prompt.

    Don't tell me you don't have a boot disk. (startupdiskette). You should have made one at installing our system or they should have given one if you bought it complete.
    If not, you make one which will do too.
    Needed an empty diskette or one you can overwrite.
    Press START > (now i must translate, think it will be Configuration or Settings) > Control Panel > Software > choose tab Boot diskette > press button create diskette, insert the diskette and do what the screens say.
    OK, make it write protected by pressing the little slider down.
    You can use that diskette too if you want an easy way to reboot into safe mode among others (On a Win98 system we just press F8 during upstart for that).

    Insert diskette and reboot system.
    A boot disk seems to be needed and getting to the MSDOS prompt with shift+F5 from there.
    You'll see a:\
    type c:\ <enter>
    from there type: cd windows\system <enter>
    so you are where you wanted to be.

    And you can do the replacement trick as described earlier, reboot into windows and see how far you come now.
    Keep us informed please.
     
  19. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Hey everybody..thanks for all the great help.I got it running and zapped a *remote anything *trojan in about 5 seconds!Talk about satisfaction!
    I had caught it moving to INCREDIMAIL and operating through my norton antivirus somehow.It had actually disabled it somehow.I even caught it going into a corel program I was running,It was driving me nuts!

    PEST PATROL missed it all together although it did spot 2 suspicious files with double extensions that were unopened thank goodness.
    TROJAN HUNTER spotted the open ports the trojan was using and identified it but couldn't find it.
    TDS-3 found the sucker in the first 5 seconds and I killed it!Yahoooooo!!!!! I'm jumping up and down!!!! :)
     
  20. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    Hey thanks again for all your help and patience.Some of us are a pure nightmare to a computer tech.All the help you gave me will prove invaluable to someone else just like me with absolutely no knowledge of how a computer works.
    I work on my pc everyday but I have no knowledge of how the thing works hardly.I like a lot of others out there think that we are safe bcause we dont really do anything with our computers...like banking or business affairs etc.WRONG!!!!!! I started checking and the biggest ongoing white collar crime going is identity theft.If they can't get anything else surely at some point and time you will buy something with a credit card or type in your social security number somewhere....or it could just be a malicous punk 13 year old out to ruin your day for only 39 bucks!I started checking and was dismayed to see that I can go to sites and download anything I want FOR FREE and buy all this SPYWARE for less than 50 bucks and a six year old can impliment it against you with no problem.UNREAL!!!! All the real trouble started when I put up a firewall and started seeing all the suspicious activity which made me paranoid.I started runnning backtraces on Ip's and really made someone mad who then started slamming me with denial of service attacks! And for no reason!NOBODY is safe! if your online without security measures sooner or later you*WILL*be a victim...not might..WILL!!! My paranoia payed off....someone placed a *REMOTE ANYTHING* trojan on my computer and TDS-3 nailed it and killed it in less than 5 seconds! Thanks again guys...appreciate it!
     
  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Thats a whole series of good news, congratulations!
    Think you're a person learning on the spot, right?

    Can you tell how you got TDS running, was it one simple file to replace, did you go for MSDOS or Controlers nice program?

    After i suppose you updated the references database and found your nasties eh?

    Double extensions depend what files they are and where you find them if they are baddies.
    After all the scanning you see the alerts in the little alerts window, select one of them, right-click and you can have a better look at what it is, size, date it came on your system, etc.
    If you know a file.1.2.exe for instance, that is a double extension and will be alarmed on, as it will on file.txt.exe etc. If it's in your temp.internet files, in most cases no need for panic either.
    If it's inside a zip and you know you never installed that, it won't probably be nowhere live on your system, etc....

    Now the general burning question: do you remember which was the nasty trojan on your system and what did you notice of it? Did TDS tell you "positive identification of trojan...." ?
    Looking forward to your reportage, don't want to miss a single bit of it!
     
  22. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    yeah it was a rat remote anything.
    I got tds running by overwriting 2 files and it cranked right up and went to work.I was so over joyed and felt such a sense of accomplishment that I posted exactly how I did it step by step for someone else with no prior knowledge to follow.Thanks for all your help again Jooske.I'm gonna go back and see if I can dig up any info on that pest I found if it's not too late.Does tds-3 keep a log i can go back too.I want to know when it came on my pc. but I already destroyed the file.
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Went to get me some info on that trojan, and i see it is a commercial one, which for instance by companies can be placed on their users systems or people who want to give demos to many users at a time install them on their customers or students systems, such things, but they can be abused and log anything happening on your system and interfere with your actions, etc. Suppose this happened in your case?

    I read in another thread about software which enables to place back deleted files, we have to dig for that.
    When i find a nasty and am not sure i zip it, so it's can't run anymore and from there i can scan and look inside much saver. As i want to know the date too when it came and it might open eyes. In case you find your RA back with those magic tools you could hunt for date and version; you can also wait if it comes back on your system in case you get contacted somehow by the same people who ever put it on you, for they will have noticed your disconnection from them by now for sure. Maybe there was ever an email you clicked, hidden attachment in it for instance (is incredimail not nice to hide all kinds of code, like any html email could do, btw).

    I'm not that quick with deleting infections, depending what and where..... If TDS detected already no need to submit it to them, only if mentioned suspicious and no name is given.
    But it really surprises me the other programs did not locate this one.
     
  24. coolartist

    coolartist Registered Member

    Joined:
    Oct 6, 2002
    Posts:
    25
    yes....it was messing with me.I found music in a file that I didn't put there and when I attempted to delete it it was impossible to do so and I would get an error.When I would try to start an antitrojan program the right click popup menu would come on.My mouse acted funny sometimes.I installed a new firewall and while I was connected to the internet my computer started connecting to itself and I lost all service.I had absolutely no problems at all until I recently put up a firewall and started backtracing ip's checking me for trojan apps.All of a sudden I was getting queso attacks(I think that was what my firewall indicated) and denial of service attacks.All this and I have absolutely no idea what all this means except maybe I better investigate.
    I started getting warnings like these:possible trojan app.detected in NavW32exe.Possible trojan app.detected in poproxy.exe.Possible rogue application detected...incredimail is attempting to access the unknown....now I was thinking...what in the world is the unknown? I'm starting to freak out....then my norton antivirus is letting clez32's into Incredimail suddenly and not prompting me and I opened one of them....and incredimail is attmepting to access the unknown...and norton antivirus is attempting to access the unknown and its also attempting to access the internet and I dont know whats legitamate or not....and not understanding any of this....you can see why I felt I might need to dig a little deeper and I've been obsessed with getting to the bottom of all this.Good thing too...it paid off.It was a real threat...and last night a program opened up on my screen for no reason at all...uh oh....and I have a suspicious file with a double extension?Now what?But one thing is for sure...I have never been more satisfied or relieved to have any software than tds-3.It ROCKS!!!! I actually feel like I've got something to work with....and it's actually doing it's job...now...if I can ever figure out how to properly take advantage of all the options.My problem is time...I don't really have the time to figure all this stuff out and I could really use a user's manual.I am self employed and have been using up precious working hours trying to sort all this out for the past 13 or 14 days all day long until 3 and 4 in the morning and not making money....and I am jsut burned out....but I do feel a little better.....actually a lot.
     
Thread Status:
Not open for further replies.