possible trojan?

I like to keep the system clean and fast.
As virusscanner I momentary use Antivir, as antispyware I use Adaware6, spywareblaster and Spybot ( ) as popupkiller I use Adshield and there are progs like ZA, Mailwasher, regcleaner and mrublaster to keep it neat.
As I like to put it: the final port is closed by Unplug and Pray.
And now with TDS3 added I feel really safe.

 

sounds rather good! Adaware and SpybotS&D certainly add to each other, and all the JavaCool tools described in his own forums overhere at Wilders are great!

For your additional excitement in security i would suggest to get WormGuard to protect you for nasty worms, scripts, hta, stuff from websites and as an extra layer for emails you still might like to open even though your ZA mailsafe did a good job already too.
There is a free evaluation for that one too, so you might like to give it a try.
Port Explorer i mentioned already, betatesting at the moment what looks like a very nice new update with some very new features i've not seen on internet yet (registered users are updated for free, so no problem to grab it at any time when most convenient.)

There is in the DCS site free tools area also RegProt to protect your registry from illegal changes by trojans for instance. I mentioned AutostartViewer already, beside which is in the build an autostartGuard which will replace the RegProt, so check back on those pages and the DCS forum where news about those tools will be announced first
(see URL in my signature if you didn't visit there yet)

It's good to see you take security serious with top notch tools and a layered approach in that.
TDS and all the support i got from the guys gave me back security, confidence and most of all big fun; if you read in the DCS forums in the thread "Female TDS operators" you might read part of our horror stories and how the world changed with these tools.

Happy sunday!

 

When i doubleclick on the TDS3-icon on my desktop i see the following message under the alarm-part of the interfaceScan Control Dumped @ 23:27:39 11-05-03)
RegVal Trace: RAT.Rsbot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [WinApp32=msapp.ex]

When i start scanning >C:\ < this message disappeares and does not show up again. No trojan mutexes are found.When i close TDS3 and reopen it the message appeares again.
What does this message mean? i'm a bit worried because of the RAT.Rsbot part in this message.

 

Why not open regedit, and remove [WinApp32=msapp.ex]?

You can, open regedit, navigate to that key, then in the right hand panel delete it .

 

I did that. Everything is OK now. Thnx!
But i still do not understand why this message shows up and what it means. ( the RAT.Rsbot part, remember?)

 

I don't use TDS but, to me "RegVal Trace: RAT.Rsbot:" means, this is the name of the Trojan, and it's registry value = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run [WinApp32=msapp.ex]

This would be a positive identification, on the registry value, the Trojan is probably already gone, but you could do a search for msapp.exe.

 

If you find that file, zip and email it to gavin@diamondcs.com.au

 

Lucky me. My system is totally clean. Next time ( ) I'll try to remember and inform you about possible trojans in my system.