TDS-3 failing to delete r.bot, agobot from registry

Discussion in 'Trojan Defence Suite' started by carbonrose, Apr 4, 2005.

Thread Status:
Not open for further replies.
  1. carbonrose
    Offline

    carbonrose Registered Member

    I have been cleaning my PC over the last few weeks. I have used many tools and followed methods described in other forums to clean this PC.
    I have now come down to only two remaining problems.
    Only TDS-3 detects these issues.

    Here is an exact copy of the log file from TDS-3

    Scan Control Dumped @ 00:57:03 04-04-05

    RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [Sygate Personal Firewall=Sygate.exe]

    RegVal Trace: DDoS.RAT.Agobot: HKEY_CURRENT_USER
    File: Software\Microsoft\Ole [blah service=evosys.exe]

    (DELETED) Positive identification (DLL): Adware.Ramdud (dll)
    File: c:\windows\system32\winsrvs_1.dll

    I have chosen to delete the two remaining files with TDS-3 and it confirms that they have been deleted.
    but,
    I restart the pc, run another check to be sure and they have been eliminated but they are still there.

    I have used AVG, Ad-Aware, Spybot, CWshredder, trojan hunter, many online virus scanners, clean-up, windows washer, About Buster... Have used the action of safe mode with system restore disabled, Spybot immunize off and disabled, all hidden files and folders revealed.
    But as I have previously mentioned, only TDS-3 detects these.


    Is it safe to maually delete these from the reg.
    or
    Is there another issue with these two corrupt files. Am I doing something wrong perhaps.

    Regards

    CR.
  2. carbonrose
    Offline

    carbonrose Registered Member

    Problem solved. No furthur assistance required.
    If needing to see what was done please ask. Otherwise I will leave it as it is as no posts were put forward.
    It was a long haul to get there.
  3. Jooske
    Offline

    Jooske Registered Member

    Hello carbonrose,
    Sorry for overlooking your posting and thus not reacting.
    Glad you did solve the problem.
    Would like a description what you did to solve it.
  4. tiggy
    Offline

    tiggy Guest


    Hi Carbonrose,
    I have exactly your same problem with this message:
    RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [Sygate Personal Firewall=Sygate.exe]

    Could you please explain how did you solve it?
    Thanks a lot
    Tiggy
  5. FanJ
    Offline

    FanJ Guest

Thread Status:
Not open for further replies.