New and Lost

Hi everyone !!

Got the TDS-3 because heard it was fantastic ( and it looks it ) and im new to computing but i do know that in this last week my firewall has stopped 21 "attacks"

I find the help menu a little over my head ie sockets, port scans, ping etc. It seems to be written under the impression that the user knows about it in the first place.I come along not knowing diddly and its confusing!

Anyway read through Fanj post on basic set up, and if i can make head or tail of what i can actually do with TDS-3 i am DEFINATLY going to register my copy.

If anyone has any links for the dumber than usual user i would appreciate their time !!!

 

Hello Old_Sock

Everyone is more than welcome here. By the way - welcome to Wilders Security Forums!

Everyone from newbies to old socks are treated with care and respect here at Wilders.

TDS3 is primarily a Trojan scanner. Trojans are a particlular type of bad software that are created to gather personal and private information and "send it home" so to speak. Sometimes they are used to get specific information about the connection and then use that person's computer unbeknownst to the owner even while they are online!

In TDS3 even the default settings work well but since you have followed FanJ's settings now you are really doing well! Simply scan and let TDS find anything it can out of normal and then if it has found something - post it here and someone can assist further.

A good defense is a layered defense. That necessitates a good firewall, a good anti-virus program, a good anti-trojan program, a good anti-worm program and a few other things. Please post here for help with TDS of elsewhere in Wilders Forums in the appropriate place for help with anything else. Everyone here is very friendly and waits anxiously to help anyone seeking assistance.

Best wishes

 

Thanks Qsection for response.

Can i ask for assistance please to you and others?

Firstly does TDS-3 work in the background like my firewall when ever i am on line? ( have set it up similar to Franj's easy to follow set up guide) Or is it on demand when i ask it to scan?
If someone tries to plant a trojan on my P.C will i get a alert as they do it through these ports i read about?
I really need to catch up on all this as i dont know what this resolve, TCP Connect etc actually does and why i'd need to use them.
Thanks

 

TDS is an on demand file and memory scanner, if you get infected you should be able to find and remove it with TDS no problems If you have a resident virus scanner and run a scan every week you should be fine - safe computing is the first step. I guess take your time to read a little over here there is lots of nice people who will help you

 

Welcome old_stock, There is also a resident part of TDS which is called "Execution protection" To enable EP go to the TDS menu - Execution protection - Install.
This protection will work as soon as TDS is running, most users start TDS either manually or automatically as soon as their PC has booted.

Here is what the TDS help says about it:

]"Execution protection is a unique system exclusive to TDS-3 and DiamondCS WormGuard that uses a non-resident hook which allows TDS-3 to intercept and scan files as they are executed (but before they are loaded) and actually prevent infection by blocking/aborting the execution if the file was deemed harmful. As the hook is non-resident it uses no extra memory or resources, and it isn't susceptible to the TerminateProcess issue that virtually all other hook mechanisms are susceptible to.

How does it work? When you execute a file, the operating system - before it even loads the file - asks the DiamondCS execution hook "Allow this file to continue processing?", and then waits for a Yes/No response from the hook. This allows TDS-3 to scan inside the file and abort the execution if the file is deemed dangerous or has been identified as a trojan".

Once execution protection is installed you will see that it is started in the TDS text window.

BTW EP is available only in the full licensed version


HTH Pilli

 

Better tell Gav that first he will have to buy the registration first.
And then all will work as I'm told and read here.
I can't find the button or setting that makes tds-3 change my screen and does funny stuff with the color layout I can almost remember, (darn old memsticks getting to warm again), clicking it but didn't run again for a day or so and now can't find anywere?

Any ideas

Thanks

 

Hi FukenFooser 007.5, Think you will find the answer on the TDS private forums, scripting section. http://www.diamondcs.com.au/forum/forumdisplay.php?s=&forumid=9

 

Hi all!
Think the basics have been told:
a possible basic configuration on a win98 system, which will do for other systems too, but those have a few more options;
i for instance have all the startup options checked in the configuration and in the upper right corner the sockets automated up so those standard trojan ports are double protected with TDS listening behind them in case something would ever pass the firewall;
and in the scan options also everything checked and slider on highest sensitivity (all to the right);
the exec protection installed (yes, this is only possible for registered versions -- the registration keyfile is there within a few hours during business days after buying).

Make sure to update daily and once a week a full system scan should be ok.


For the colors:
TDS has the different colored bars, and there is a script in the user submitted from Jazzie or it was only posted in thje forums with which you can change colors in the texts in the console.
Maybe you mean the nice colors options and more we had in Port Explorer which are still there as color options
(registered PE users can download a series of color schemes for PE and play around with those)


I would like an option (script?) to fill in your birthday and have TDS start a birthday song on that day
I did make some scripts including birthday songs but had not included such an agenda. Maybe somebody has?
You can use such a timer for automatic scanning and updating too, of course, to use that script more frequent then just once a year!

 

Thanks for everyone for taking time out to reply !!
Have read page after page and im learning (albeit very slowly !)

Have a question though would appreciate help on.
at start up i have found some thing like this:

startup :dumprep 0~k

command: %systemroot%\systemroot\dumprep 0~k

Location:HKLM\software\microsoft\windows\currentversion\run

Have Xp home if that makes a difference

anyone know what this is?
Thanks alot

 

If in explorer you right click on it, does it give any properties? A recent date for instance?
If you scan it with all NTFS streams on in the scan, does it tell there are ADS streams involved?
If you open notepad and drag the file to notepad, doe sit show anything readable?
Just to make sure the file is really empty and more then empty.
Not sure where it comes from, this is why to make sure about it what you can find out.

 

command: %systemroot%\system32\dumprep 0~k

hi sorry havent tried that last post just noticed i had written command wrong,please note \system32\ and not \systemsystem\ like i originally posted will look now at your comments

 

hi
A friend i havent spoken to told me tonight it's a worm that none of my firewalls/ anti virus scanners picked up on. am looking into PLEASE BEWARE THIS WORM KILLS ALL FIREWALLS/ ANTI VIRUS

 

See if you can get rid of it like this (if you can, then it was a more or less unnecessary part of your OS trying to taking care of itself, and perfectly harmless):

(I am translating this from a german webpage and cannot reproduce it since i don't have XP, expect to cope with some "tolerances" in the translation)

Control Panel | System | Extended | Start and Restore | Settings | Save Debug information
make that "none"

I hope i'm on the right track and that my hints are of use to you,
Andreas

 

Found this description on the startup list
here

Name/Startup Item Command Comments
N kernelfaultcheck dumprep 0 -k
dumprep 0 -u
Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out

"N" - Not required - typically infrequently used tasks that can be started manually if necessary

 

Wow what a night that was! found 7 other enteries of the dumprep thing. Turns out it wasn't a worm after all but did find in Explorer dumprep.exe which i couldn't explain after reading your posts, so i deleted it and so far everything looks ok.Have set write debugging to none as you explanined.
thanks for help yet again !

 

Hi,

That should have been restored by system file protection, it is a needed file - dont worry about it

If you have any new worms or suspicious files you can send them to submit@diamondcs.com.au - obviously we urge users to send in new worms if they get them, to make sure TDS also detects these

 

As a newbie I hope you'll forgive me for being a mite puzzled by this. I do have Exec protection installed, but as I understand it a Trojan is something that is designed to operate secretly and that executes itself or is remotely controlled. So I'm wondering what you mean when you say "when you execute a file." Does this mean "when the Trojan file executes" irrespective of who or what triggers the execution"?

Sorry if this sounds a bit nitpicky, and my thanks to all for the great advice being offered in these columns.

 

Tepi, Providing Executive Protection is installed & running it checks any programme file that is run including Trojan .exe's whether started by the user or not.

HTH Pilli