I need HELP!!!

Discussion in 'Trojan Defence Suite' started by MaryH, May 2, 2003.

Thread Status:
Not open for further replies.
  1. MaryH

    MaryH Registered Member

    Joined:
    May 2, 2003
    Posts:
    2
    I was told by Diamondcs to post my TDS3 file here and hopefully someone will be able to help us! We have something HORRIBLE in our computer and need any/all the assistance we can get to rid ourselves of this! Here is the last copy of the screen of our TDS:

    Internet Time @1075.5787 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    Internet Time @1075.5787 [Init] Started 02-05-03 20:48:50 Eastern Standard Time (UTC: 5), Internet Time @1075.58
    Internet Time @1075.5787 [Init] Loading TDS-3 Systems ...
    Internet Time @1075.5787 [Init] • Priority : OK.
    Internet Time @1075.5787 [Init] Token successfully adjusted.
    Internet Time @1075.5787 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    Internet Time @1075.5787 [Init] • Plugins : OK. Loaded 13
    Internet Time @1075.5787 [Init] • Exec Protection : OK. Installed
    Internet Time @1075.5787 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    Internet Time @1075.6134 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    Internet Time @1075.6134 [Init] • Systems Initialised [12034 references - 3648 primaries/2802 traces/5584 variants/other]
    Internet Time @1075.6134 [Init] Radius Systems loaded. <Databases updated 28-03-2002>
    Internet Time @1075.6134 [Init] TDS-3 Ready. <deleted by FanJ, 127.0.0.1 - United States>
    Internet Time @1075.6134 [Tip Of The Day] Shopping for DiamondCS services and software is easy! Simply visit http://www.diamondcs.com.au/shop.php
    Internet Time @1075.6134 [TDS] Good evening deleted by FanJ. Go home! The weekend is here at last!
    Internet Time @1076.9792 [Memory Scan] Memory scan started, please wait a moment ...
    Internet Time @1076.9792 [Memory Scan] Memory scan complete.
    Internet Time @1076.9792 [Mutex Memory Scan] Started...
    Internet Time @1077.0023 [Mutex Memory Scan] Finished (no trojan mutexes found).
    Internet Time @1077.0023 [Trace Scan] Started...
    Internet Time @1077.037 [Trace Scan] Finished.
    Internet Time @1077.037 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
    Internet Time @1077.037 [CRC32] Started - verifying 29 files ...
    Internet Time @1077.0486 [CRC32] Test finished.


    I KNOW this is something BAD. When we are in the port explorer there are SO many different IP addresses, ports, etc. Please - I'll take all of the advise/help from anyone who knows about this!

    Thank you and sorry for sounding SO desperate, but this is SUCH an invasion!!!

    Mary Helen & Tommy
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,843
    Location:
    New England
    Hi MaryH,

    What in the above posting makes you think something bad is there? All those messages appear to be nothing more than the normal TDS-3 initialization (startup), plus a few normal scans, none of which say anything bad was found.

    One thing I do notice is that you are using a very old radius database. You need to pull down the current one and place it in the TDS folder.

    Direct link to radius file: http://tds.diamondcs.com.au/radius.td3

    Try running a full scan once you've updated and post the specific detections.

    Let us know,
    LowWaterMark
     
  3. Vampirefo

    Vampirefo Guest

    What OS are you using? open a CMD window and type netstat -an post the results of it here, also ALT+Ctrl+Delete and post the names of your running processes, a picture will do.
     
  4. FanJ

    FanJ Guest

    Hi MaryH,

    For your own security I have removed your email-address-info from what you posted from the TDS-3 console (there are email-harvesters out there ;)).

    Good advices from LWM and Vampirefo !
    1. I agree : you must download the latest definitions for TDS-3 (Radius), put it in your TDS-3 directory, and then do a full system scan with TDS-3; that scan might take a while.
    2. I understood from your posting that you have Port Explorer from DiamondCS; is that right? In that case you might post the info from PortExplorer instead of a netstat -an
    If you post that info, make sure you remove your email-addy and IP-number.
     
  5. FanJ

    FanJ Guest

    I wanted to add:

    Like LWM said: nothing from what you posted points so far to a Trojan.
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,843
    Location:
    New England
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello MartyH,
    Welcome here, you're right in the good place for all the adequate help as you can see!
    The only horrible thing i saw in your posting was the very old radius database, after the update and restart of TDS it should read:
    2-5 23:50:09 [Init] • Systems Initialised [24343 references - 7924 primaries/6403 traces/10016 variants/other]
    (after a manual update as described by LWM --just download and place it in the TDS-3 directory, noting to install or unzip, just put it there and (re)start TDS)

    After your Full System Scan --check all available options and on highest sensitivity-- rightclick on one of the alarms in the alerts window you will see at the bottom of your TDS console and choose the option "save to text" which will save all those finds in a file Scandump.txt in your TDS directory. This is a normal txtfile you can copy here.

    Going over to your PE output now.



    How long do you have this evaluation version on your system?
    Think the 12,xxx references are the amount from over a year ago.
    And if you press in TDS > Exec protection > install or remove, what message do you get then?

    And does the alert for the "netsurf.exe" show up now again and if so exactly with which message?
     
Thread Status:
Not open for further replies.