Couple of beefs about TDS-3

Discussion in 'Trojan Defence Suite' started by Dale.E, Jan 13, 2004.

Thread Status:
Not open for further replies.
  1. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    I have been evaluating TDS prior to purchace for my company.
    I am a self employed PC tech, A+, MCP, MCSE.
    I am about to purchace a licence to use TDS for the removal of trojans from my customers systems.

    That said, I am at this moment working with the eval on a customers system. The system has a serial mouse and no other port for any other mouse, usb ps/2 etc. TDS finds and says it removes several traces from the reg, see below:

    Scan Control Dumped @ 07:18:48 13-11-03
    RegVal Trace: Worm.Alcaul: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [WinSrv=C:\winnt\system32\hiddenrun.exe WinSrv.exe]

    RegVal Trace: DDoS.RAT.mIRC-Based: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [Application=C:\winnt\system32\rmtcfg\files\hiddenrun.exe mdll.exe]

    RegVal Trace: Worm.Randex: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [Microsoft Netview=gesfm32.exe

    RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [System Executable DLL Library=EXECDLL32.EXE

    RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [System Executable DLL Library=EXECDLL32.EXE


    But cannot for whatever reason, I am exploring that on another post.
    So I used safe mode to ensure no processes were recreateing them.

    NOW FOR THE BEEF!!! There is no mouse in safe mode on this system.
    I cannot delete any alarms with tds without a mouse, no keystroke will do it. :'( :doubt: :'( :blink: :eek: :mad:

    And for beef #2, when I have a system with lots of alarms they have to be deleted one ata time, :mad: :mad: :mad: if keystroke alarm deletes worked I could do them in bulk.

    See if that could be fixed up guys ... PLEASE!!!!

    BTW: if there is a keystroke to do deletes and I after several hours of trying did not find it, please let me know.
     
  2. FanJ

    FanJ Guest

    Here are the keyboard shortcuts I could find in the HelpFile:

    Keyboard Shortcuts

    Keyboard shortcuts exist to make navigating TDS even faster. These are:

    F1 - TDS Help file
    F2 - SS3 Help file
    F3 - Trojan Information
    F4 - Reload Current Script
    F5 - Discussion Forums
    F6 - SS3 Editor
    Shift+F6 - Edit Current Script in SS3 Editor

    Ctrl+A - Autostart Explorer
    Ctrl+I - Change Target Host to Last Resolved IP
    Ctrl+L - Load Script
    Ctrl+N - Netstat
    Ctrl+O - Process List

    Ctrl+P - Ping
    Ctrl+R - Resolve
    Ctrl+S - Scan Control
    Ctrl+T - Trace
    Ctrl+U - Update Radius Database
    Ctrl+W - Whois Target Host

    Ctrl+A - Activate Process Window (From Process List)
    Ctrl+K - Kill Process (From Process List)
    Ctrl+M - View Process Modules (From Process List)
    Ctrl+P - Scan Process Modules (From Process List)
    Ctrl+S - Scan Process Files (From Process List)
    Ctrl+W - View Process Windows (From Process List)

    Ctrl+C, Ctrl+X, and Ctrl+V are reserved for Copy, Cut and Paste respectively.
     
  3. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    Thanx but I dont see anything re: alarm deleteing....
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You're right, i tabbed through it and can highlight and press enter but not the menu with the wanted options shows up.
    Guess it will not help to install the mouse another time? I boot more often in safe mode and there is a mouse, there should be!
    Only way could be since you're in safe mode anyway and thus the files should be free, to open an extra MSDOS window and hunt for the files you see in the alerts display, if getting to the command prompt that way is possible on that system.
     
  5. FanJ

    FanJ Guest

    I have a bit strange question for Dale:

    Dale, would you mind to give the mods permission to change the colour in your first posting from red to black?
    I have such bad eyes that it is almost impossible for me to read it.
    Thanks !
    Of course this is not meant to hurt you, please be assured of that !
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Scan Control Dumped @ 07:18:48 13-11-03
    RegVal Trace: Worm.Alcaul: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [WinSrv=C:\winnt\system32\hiddenrun.exe WinSrv.exe]

    RegVal Trace: DDoS.RAT.mIRC-Based: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [Application=C:\winnt\system32\rmtcfg\files\hiddenrun.exe mdll.exe]

    RegVal Trace: Worm.Randex: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [Microsoft Netview=gesfm32.exe

    RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [System Executable DLL Library=EXECDLL32.EXE

    RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [System Executable DLL Library=EXECDLL32.EXE


    There you go Jan!
    In such cases i highlight the text so getting default darkblue with white text, worse cases even copy it to notepad for myself or press the quote button to have it black, several options. Hope it helps!
    BTW Jan: the mouse is not beef, what do you think? we're used to bigger pieces for that :D
     
  7. FanJ

    FanJ Guest

    Thanks a lot Jooske !
    Grin, I could use a big, fine piece of beef ;)
     
  8. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I thought "beef" was what we eat in a hamburger to mac donald, i guess that finaly it isn't that :)
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Deleted Image Off topic. As per Pauls Image instructions - Pilli
    Brace yourself for this Filet of beef tenderloin with Portobello-garlic cream potatoes, baby vegetables and pinot noir sauce, 8 ounces. The waiter is still getting the proper wine for you.
     
  10. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    I changed the text to blue for ya FanJ

    Re: beef jokes, har har :)
     
  11. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    thanks you Jooske !

    finally it is what i thought :cool:
    we just see there another meaning :D

    => to the thread started, i am not kidding you, english is not my native language and i like to learn ;)
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Bon apetite! (sp?) Aanfalluh!! (that's not the good dutch expression, mind you!)

    We knew TDS is only limited by our own limits in imagination, we even have a very inspiring cooking book in the build in the DCS forum, it is possible with some scripting (in the registered version without limits) to use TDS as a central steering system in your whole house from waking you up with your favorite tale and music, to starting your coffee machine and other breakfast necessities, while collecting and sending your emails all voice commanded, calling your local super market for the groceries and starting your oven with that beef, oh and by the way it is the top in trojan/worm and other nasties detection/protection soooooo we can have fun during all that.
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    what ? TDS detect trojans ? i thought it was just doing coffee :)

    oh and... Bon appétit Jooske ;)
     
  14. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Beef is nice, but staying on topic here :)

    No need to go to Safe Mode to delete these, in which case you will have a mouse. I would suggest using ASViewer to find any references to these trojan files and deleting them. If any files are not identified by TDS please send them to submit@diamondcs.com.au before nuking them !
     
  15. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    As I said I was takeing care of the actual infections in another post, they have been since eradicated with asviewer and hijack etc.

    This thread was to post the 2 anoyances I had with TDS

    1) no way other than mouse to delete alarms.

    2) no way to delete more than 1 alarm at a time.
     
  16. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Thanks, your mentioning these issues will help us in future builds :)
     
Thread Status:
Not open for further replies.