DDoS.RAT.SpyBot 1.2 as need help pls

Discussion in 'Trojan Defence Suite' started by Paranoid, Aug 14, 2003.

Thread Status:
Not open for further replies.
  1. Paranoid

    Paranoid Guest

    I cant get rid of it thru STD-3 .. when i delete thru the program they just come back on reboot i get flag registry has been changed .. I upgraded the std-3 files .. but just cant get rid of it

    I cant run regedit the window closes and cant even cntrl alt delete that window closes when i get cursor over it
  2. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    Hi Paranoid
    Which windows version are you running?
    Is it possible to do a system restore a few days back ? (XP or ME) With that you might not see the infection back in a TDS scan, and the regedit works again.
    If so and you seem clean disable system restore > reboot > enable system restore and make a new restore point of the new clean situation.

    Also delete the key through TDS > System Analyse > Autostart Explorer before you do the disabling and reboot.
    Does this help?
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Feb 10, 2002
    Perth, Western Australia
    Hi Paranoid,

    Delete registry values and check that they are gone in Autostart Explorer. If you haven't already run a Process Memory Scan this should detect the SpyBot FILE in memory, right click and delete.

    If it doesn't, please examine the registry entry if you see one being detected - and look at what file is to blame. Zip a copy and send it to submit@diamondcs.com.au , then kill it -

    Go to the TDS Process List (CTRL O in TDS)
    Right click the file
    Kill Process and Delete File
Thread Status:
Not open for further replies.