Found this whilst scanning using TDS, im trying to remove a worm on my system agobot or something like that.... Anyclues? Scan Control Dumped @ 17:27:21 27-04-04 (Deleted) RegVal Trace: RAT.Jeemp: HKEY_LOCAL_MACHINE File: Software\Microsoft\Windows\CurrentVersion\Run [System Service=C:\WINDOWS\System32\msrexe.exe]
Hi, A little bit difficult to say when you don't give a bit more info on this "worm on my system agobot or something like that....". I would send that file msrexe.exe (zipped) to support@diamondcs.com.au (if you still have that file). Then : in TDS-3: right-click and choose Delete file, TDS will kill the program if it is running. Then run HijackThis and post the log here.
BTW: I see in your posting: RAT.Jeemp After today having updated my Radius-file, I see three RAT.Jeemp's in the Primary-list of TDS-3: RAT.Jeemp.a RAT.Jeemp.b RAT.Jeemp.c I don't know whether they were just added by Gavin. Nor do I not know whether TDS-3 should have shown one of those variants in your scan-dump. I hope that one of the DCS-guys could tell us a bit more about this
WinTasks Process Library: msrexe - msrexe.exe - Process Information Process File: msrexe or msrexe.exe Process Name: Remote Access / Hacking tool / ICQ trojan Description: Added to the system as a result of an ICQ Trojan that alters Win.ini and System.ini files and generates several. .exe-files with randomly chosen names. Company: N/A System Process: No Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes Common Errors: N/A nice guy but not really. Cleansed out already?
Hello Prime, You can find removal instuctions here. TDS-3 will kill the process however you will need to edit the registry I do believe. Follow the directions in the link. best regards, hardyhar
Jan, i never had warnings to edit the registry, but remember TDS doesn't do anything automatically for you, it keeps you in the driver's seat and you decide what to delete or edit from the alarms you got. This is why it is very important to know which infection we're dealing with and to check all steps if they are all done and checking the registry when no registry keys are indicated could be part of the process.
Oops, sorry, Jooske !!! You're so definitely right: "TDS doesn't do anything automatically for you, it keeps you in the driver's seat and you decide what to delete or edit from the alarms you got" ! Where are those karma cookies? I would have give you one right now ! Edit Wait, here is one
Yeah well TDS doesnt show anything anymore so I assume its gone, I also Downloaded free Symantec trial found some viruses that it got rid of also, so im hoping alls clean at the present time.
With that clean situation it's a good moment to enable system restore again and create a new system restore point manually so that's where you can go back to in future when needed.
