DDoS.RAT.SpyBot 1.2 as need help pls

Discussion in 'Trojan Defence Suite' started by Paranoid, Aug 14, 2003.

Thread Status:
Not open for further replies.
  1. Paranoid

    Paranoid Guest

    I cant get rid of it thru STD-3 .. when i delete thru the program they just come back on reboot i get flag registry has been changed .. I upgraded the std-3 files .. but just cant get rid of it

    I cant run regedit the window closes and cant even cntrl alt delete that window closes when i get cursor over it
  2. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    Hi Paranoid
    Which windows version are you running?
    Is it possible to do a system restore a few days back ? (XP or ME) With that you might not see the infection back in a TDS scan, and the regedit works again.
    If so and you seem clean disable system restore > reboot > enable system restore and make a new restore point of the new clean situation.

    Also delete the key through TDS > System Analyse > Autostart Explorer before you do the disabling and reboot.
    Does this help?
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Feb 10, 2002
    Perth, Western Australia
    Hi Paranoid,

    Delete registry values and check that they are gone in Autostart Explorer. If you haven't already run a Process Memory Scan this should detect the SpyBot FILE in memory, right click and delete.

    If it doesn't, please examine the registry entry if you see one being detected - and look at what file is to blame. Zip a copy and send it to submit@diamondcs.com.au , then kill it -

    Go to the TDS Process List (CTRL O in TDS)
    Right click the file
    Kill Process and Delete File
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.