DRDOS Issues

Discussion in 'Trojan Defence Suite' started by txblush, Oct 12, 2004.

Thread Status:
Not open for further replies.
  1. txblush

    txblush Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    5
    Location:
    Texas
    TDS scans continually identify these DRDOS trojans but when I select them to delete, they come right back. How do I get rid of these permanently?

    Thank you! o_O
     
  2. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Txblush, so an actual hard drive scan is picking up these trojanso_O

    Possibility of them not being deleted is the fact that they could still be running in the process list. Have you done a process file/memory scan? Mutex Scan or Memory Objects scan? These 4 will be able to detect it whilst they are currently active, and 3 of them, give you the options to 'Kill' or terminate the process/application and then delete it afterwards. I'm not sure what the policy is here with regards to posting the detection log file, so if you like, you can private message me the list, and I'll try help you out from there.......

    When TDS-3 detects them on your hard drive, right click on the detected files, and select "Save as text". PM me that list if you like, and will try help you from there.

    Kind Regards

    PS. There is a program called 'Delater' also by DiamondCS, this program may prove useful if you cannot remove the trojans from the process list
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
  4. txblush

    txblush Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    5
    Location:
    Texas
    Thank you for your response. Yes, these DDos.RAT.rBOT type trojans are showing up on my new drive...new computer, with new motherboard, etc. Deleting them never worked (right mouse click choice). Last night I put the computer in Safe Mode, reran TDS-3 (full scan). This time I deleted them directly from the registry...rescanned in Safe Mode and they were finally gone. If you are interested in the files, they were in (shortened version) CurrentVersion/RunServices[Microsfot Update = bling.exe], same thing in just the "Run" file, and in LocalUser; the other items were in the same paths only [WindowsCompliant=winole.exe].

    You act surprised that they are on my hard drive....since I am not real savvy on these things, where would these items normally be?

    I haven't had time to recheck/rescan (as I am now at work); to see if these PITA's have rejuvenated themselves.

    Paula
     
  5. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    No i wasn't surprised that they were on your hard drive, I was just wondering what method of detection TDS-3 used to find them, IE Process list, mutex, etc..

    Glad its all sorted now though, all the best
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi txblushe, Re-do the scan in safe mode, removal should then be possible.

    Pilli
     
Thread Status:
Not open for further replies.