HELP ME IM CONFUSED

Discussion in 'Trojan Defence Suite' started by crim64, Jun 11, 2004.

Thread Status:
Not open for further replies.
  1. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Help please!
    Ok I was going through the web and my norton-autoprotect pops up going ONE VIRUS FOUND or somthing about a Trojan now I've heard about spyware dialers and trojans before and thats one of the reasons i got Ad-Aware witch gets rid of it.But im realy creaped out about this Trojan, because when I restart my computer it comes up with MSScriptControl::Unknown Error o_O what does that mean?So i got scared ran Norton-Antivirus full system nothing found, Ad-Aware,and my freind told me to run somthing on the C drive that checks for Errors.I Turn my comp back on...STILL THERE :'( Here are the File names,

    Counter.class and VerifierBug.class, the "Threat Name is Trojan.ByteVerify (for both)and the type of file is class.I was using Mozzila Firefox by the way.

    Please help me if you need anymore info just ask. :'( MY COMP MAY BE ON THE LINE or at least my life is!!
     
  2. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Another thing I would like to know is what is this TDS you keep talking about,Is it absoultly reliable?Can i get it with no worries?What exactly does it do?
     
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  4. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Hey Snowbound Its not that witch is worrying me its the error ever since i put it in quartine, and how do i disable system restore?Im a real noob at computers.Ohh man i forgot to put somthing in,I don't want to create a system restore cuss i messed up IE a while back last thing I want to do is make that permenent...Should I just put this off till a freind comes back and fixes it?Hes a real computer wiz.
     
    Last edited: Jun 11, 2004
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    It does not restore anything when u disable it then renable it. If a virus or trojan is in System Restore the way to get rid of it is disable and that clears all old restore points.


    What ever is best for u. ;)


    snowbound
     
  7. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    crim64,
    My suggestion is YES, put this off. If you disable the system restore now, you will effectively erase all of your chances of restoring your system to a time when IE worked. snowbound is correct about the trojan possibly infecting your system restore; however, the computer wiz may want to use the system restore function to fix your IE problem and worry about the trojan after that problem is fixed. snowbound please correct me if I am wrong.
     
  8. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    I don't think it ever infected anything it was cought before it got past the temp files,its in the quartine bay...what im worried about is the Unknown::error thing.


    Thank you for your time and patientce!Forgive my cruddy posts I suck at writing.I never use IE,come to think of it maby you can help me in IE all it says is Error on line:(some line) the line is that some one meseed up there html,php,mysql or anyother script...
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    you asked about TDS, and since this thread is in the TDS forum, can tell you about that. Snowbound posted a link to the site for the download at
    www.diamondcs.com.au
    It is a special Anti-Trojan and honestly said top notch.
    See it as an extra layer in your defence.
    I love the program and it protects my system in many ways since several years. It's not an ordinary trojan scanner, as you'll see once looking at it and trying it yourself.

    Your script error message i don't know is anything was damaged or lost or caused by the trojan. Maybe the Windows Scripting Host was affected somehow.

    For a messed IE: there are a few ways: either with the system restore your friend might like to try, or:
    in the windows control panel > software > add/remove , search for the Internet Explorer , make sure all antivirus and other scanners inclusive their resident protection parts are closed (so you might like to disconnect from internet too, press that add remove ONE time so a popup will come askins what you want to do with it, choose "Repair" and after a minute or so you'll be asked to reboot.
    Hope that helps for you. The good part is IE will be brought back to it's original working state, the bad part is you might have to re-install security patches and you might have to look if everything else is still there.
    So immediately after visit the windows update site to see if that indicates any necessary updates again. If so, do take the critical and important ones.
     
  10. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Ok thank you so much!Does this TDS thing actuly get rid of trojans?Or does it just protect them?And is there anyway to mess this up?

    Ohh before I forget theres another computer on a router for internet,Could that be infected by this "Trojan".Im trying to improve my grammer as frustrated that I am with this ******* trojan....
     
  11. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    crim64,
    Jooske is very smart and always willing to help, especially with people like you and I that are just learning. TDS-3 will protect you from and detect/remove current trojans. I will caution you that TDS-3 can be a little intimidating to new users, so it might not be a bad idea to spend some time searching through this forum and learning more about the software before purchasing. I have purchased TDS-3 and have been very pleased with it, as well as Port Explorer, Worm Guard, and now Process Guard. As far as messing things up, TDS-3 can be a little complex, but to the best of my knowledge, the worst thing that can happen is that you don't get the full protection that TDS-3 is capable of giving because you don't have a setting correct. I don't think that you have to worry about TDS-3 messing things up or you messing TDS-3 up. To answer your question about the other computer being infected, yes it is possible. Either the computer could have been infected on it's own, or if the two computer are networked together, the trojan could spread across your network. Jooske may be more helpful with this last question, as she is more knowledgable. I hope this has been helpful.
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Please re-read what i explained:
    When yoyu find a system infected, NORMALLY it should be isolated immediately to avoiud spreading over the network. In your case you might like to scan both systems thoroughly: installing TDS, in the TDS > Edit Files > Scans > Full system Scan.txt make sure you include all options and all logical drives exactly as written in the System Testing > Scan Control in the left panel. In that way all drives from other systems are included in the scan.

    Step by step:
    first visit thewww.diamondcs.com.au site, get to TDS , download, install with all other scanners out, reboot, back to that site, get the latest definitions update , the radius.td3 and just put it in your TDS directory.
    Now you can start TDS.
    Once it is through it's startup scans, now you can do what i wrote above, that file edit for your first real scan.
    Now still the antivirus scanners closed, in TDS with all scanoptions in the scan control enabled and save that configuration, now press the Full system Scan.
    Have as many other applications and browser windows closed and step away for a coffee, walk the dog, whatever, as it can take a while.

    when this has finished, in the bottom console of TDS you might se some alerts.
    rightclick on one of them and choose "save as text" which will save it to scandump.txt in the TDS directory.
    Be so kind as to copy and paste that text into your next posting here.

    Good luck, have fun, whatever, and we will tell you what to do with the possible alarms. Don't worry yet, till we do.
    It might be because of your strange error there could be install problems, not that i expect, but be prepared on such a possibility.
     
    Last edited: Jun 12, 2004
  13. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Ohh man TDS is a trail version thing I was hoping it was like Ad-Aware aother thing (keep forgeting stuff)
    If I do the stuff you said Jooske is it possible to mess up, Ad-aware,Spyware Blaster,Norton Anti-Virus,my firewalls,and Mozzila,Mozzila Firefox (Mozzila Firefox ROCKS)
    And some other stuff?
     
  14. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI Crim64.

    Short answer, no. Don't get me wrong, you may not fully understand it, but in essence it's primary job is Detection of trojans and it's almost foolproof in operation.

    Their are LOTS of things in it, BUT you do not have to know them. Just install, load Execution Protection [if you decide to purchase and Register it later on] and do daily updates and forget it.

    The trial version DOES NOT give Real Time Protection [Execution Protection Module cannot be installed in trial version] but you can trial it by scanning, see if it detects anything or not, and it will remove.

    Here's a quick screenie in case you wonder. [Ignore the background image, I make images to put in it]. The line I highlighted in yellow is for Registered Users only to enable Execution Protection

    Jooske has offered very sound advice. :)

    Cheers, TAS
     

    Attached Files:

  15. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The TDS evaluation version is free and almost as functional as the registered version and it has a limit on 30 days; if you want to know the differences in FanJ's "IMPORTANT sticky threads" sticky is a link to an explanation about those differences.

    Of course if you force to mess up your system anybody can, but TDS can't. You're dealing with professional software, not some ..whatever..... there to help you, not to bring you in even bigger trouble.
    Read about my experiences in the light blue "Come say hi!" in my signature
    and you can see that people learn to use it.

    Oh and in case of problems, don't eat your keyboard, that's a real mess!
    (now i see Tasssss's screenshot with own graphbar and the friendly greeting in the bottom. Mind you: TDS can speak to you with a nice voice! (speaking about sound advice from TDS :D )
     
    Last edited: Jun 12, 2004
  16. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Thank you Jooske for your quick replys im still amazed at how you do it!I went to the place you said.It says you don't work here?I thought you helped create that program with your sumpreme genuise!Anyway Internet Explorer isn't there seems like theres a update instead,should I uninstall the update then use the regular not updated internet explore and fix that?
     
  17. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Here is everything That i know of.Its mostly Adware so I am thinking on just running Ad-Aware instead.


    Scan Control Dumped @ 14:02:36 12-06-04
    Positive identification: Adware.180solutions
    File: c:\documents and settings\name\local settings\temp\del4.tmp

    Suspicious Filename: HTA file in suspicious location
    File: c:\program files\microsoft money\system\discover.hta

    Suspicious Filename: HTA file in suspicious location
    File: c:\program files\microsoft money\system\lnpg.hta

    Suspicious Filename: Dual extensions
    File: c:\unrealtournament\glsetup\glsetup.106.exe

    Positive identification <Adv>: Possible WebDownloader
    File: c:\windows\system32\pid.exe

    Positive identification: Adware.WildTangent
    File: c:\windows\wt\backup\1.6.1.002\wcmdmgr.exe

    Positive identification: Adware.WildTangent.a
    File: c:\windows\wt\backup\1.6.1.002\wcmdmgrl.exe

    Positive identification: Adware.WildTangent.a
    File: c:\windows\wt\backup\1.6.2.003\wcmdmgrl.exe
     
    Last edited: Jun 12, 2004
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Can you zip this one
    Positive identification <Adv>: Possible WebDownloader
    File: c:\windows\system32\pid.exe
    and submit it to submit@diamondcs.com.au to be checked?
    Do you know those programs the HTA file andthe double extension are in?
    Right click on them to see their properties and if they were recently modified.
    If you're not sure about them zip them and submit them to the same address.
    WildTangent is a known thing, seems only in your backup so maybe not even running on your system anymore.
    If you have that alerts windows up after the scan, with the right mouse click you can delete the files too (and submit the other files if you like it better that way, but they won't be zipped then and can get damaged in the mail scanners.)

    If there were no more other alerts you are rather clean!


    We all are volunteers and have our mission for keeping internet clean!
    No, i did not create the program, i'm just one of the many long time devotees, using, betatesting and adding to the scripts experience with some fun, turning TDS in a coke machine and singing your birthdaysong etc etc.
    Just to enhance the security experience.
    You've seen in Tassie's and Bowserman's artwork TDS stimulates creativity! screenshots, wallpaper, graphic bars, etc. While other people are more in the real serious scripting work to add even more tools to TDS.


    Update for internet explorer or what did you mean exactly?
    The update for TDS is at their site at the download page.
    Even if you don't use Internet Explorer while it is on your system, i would try to keep that updated as well, for all the exploits and vulnerabilities in windows and internet explorer.
     
  19. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    Don't let her lie to you. She works, but she just doesn't get paid for it. She does this because she enjoys it and is very good at it.
     
  20. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Ok like I said before the Actull Trojan never got far.As soon as it got on my system it was detected and deleted the only thing left is the backup of it in the quaritine bay,Is it safe for me to dlt the quratine?
    It could never get as far as the system restore in my thoughts,also it seems like the Msscriptcontrol::Error must have been GIMP.Becuase after I ran spybot search and destroy,got rid of GIMP and Spybot it left.So seems like most of my problems are gone?All i need to ask now is can I safly delete the backup that is in the quartine bay.
    As for the- Suspicious Filename: Dual extensions
    File: c:\unrealtournament\glsetup\glsetup.106.exe I think thats safe its just a game,but what does Webdownloader mean and do?I never heard of them...
     
    Last edited: Jun 12, 2004
  21. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    crim64: First of all, the suspicious Filename: Dual Extensions alert. YOu probably already understand it, but will type explanation so others reading may benefit.

    TDS gives that alert with *anything* that has extension that is dual [as in 2] or more extensions... each time you see a period [ . ] that indicates an extension like command.

    eg: Some malicious things could be sent to you in, say, an email, and they may say "Have a look at this funny picture" with the attachment: funny.jpeg.bat

    That's a dual extension, the real extension is NOT jpeg [jpg] but .bat which when executed could protentially harm your system.
    Sometimes the dual extension could be hidden.. as the sender could put in excessive spaces so when you view the filenames, the excessive spaces may 'push' the last *valid* extension off your viewing screen.

    eg: funny.jpeg [x = lots of spaces] xxxxxxxx .bat

    TDS is merely alerting you to the fact it is suspicious.

    Sooo, the thing is, as long as YOU know what the file is, then it's safe. If you do not know what the file is, submit it to DCS for analysis.

    Webdownloader: can mean file acting suspiciously and has the ability to connect to net and get/send information and/or do harm. That's why Jooske wanted it submitted for analysing by DCS.

    I get lots of 'Alerts' when scanning, as I have several filenames with 'dual extensions' and have a Trojan-like test proggy that tries to access the net to test my firewall every now and then.

    HTH, TAS
     
  22. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Thanks, now I know! :D You guys are great, unfortantly im leaving for a trip and by the time I get back the trial is done,so thats realy to bad, some of those things may be false I didn't get to download that patch yet.Looks like no trojan was found.I'm going to leave everything as is until i get back.So thank you all of you for you time and effort and Im ganna go now.:p

    Ohh and Jooske thanks alot for your help.I'm amazed you arn't english you have better grammer then me.Unless its my browser did it translate?

    Thanks bunch!
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Re: HELP ME IM CONVINCED NOW

    You're welcome!
    If in the meantime all the errors are solved, no more scripterror, no more other nasties --via the TDS alerts consome you can delete just that one file from the backup if needed, no need to delete the whole backup unless you replace it with a new backup anyway.

    Keep your game as it is if you like it, you now see TDS sees also that kind of things, like Tassie was so kind to explain.

    A webdownloader can be a trojan downloader like you see so many people infected with and depending of the kind could download and install nasties on your system, open backdoors, etc. So a good reason to submit the thing and see if it is a known trojan or a new version. If you get Port Explorer you can see if it is communicating with the outside world and what it's doing.
    But since you're going on a trip and this is a 30 days trial too, you might like to wait with trying that.

    Hope all your system is running fine now! Make sure to have a system restore point of the clean situation and dealt with the alarms.
    Nice feeling to come back after your trip on a clean system.

    Enjoy your trip! See you back later!
     
  24. crim64

    crim64 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    12
    Re: HELP ME IM CONVINCED NOW

    It probly won't be so clean :p
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Not clean? Are you taking the system with you on the trip, or leave it to the people at home to play with it while you're not around?


    BTW: you can edit your postings with clicking the edit button bottom right corner.
     
    Last edited: Jun 13, 2004
Thread Status:
Not open for further replies.