Help with possible trojan!

Discussion in 'Trojan Defence Suite' started by mtraun, May 22, 2005.

Thread Status:
Not open for further replies.
  1. mtraun

    mtraun Registered Member

    Joined:
    May 22, 2005
    Posts:
    3
    This morning I was greeted to Symantec telling me I had a Trojan (it didn t tell me what type) in my restore directory of System Information folder. After attempting to delete it by going into Safe Mode with no success, I eventually got rid of it directly using Symantec to delete the file.

    I'd downloaded and installed TDS-3 the previous day, so I though I'd try and put it to the test. So I ran a full system scan. All went well until it hit the Memory Object scan and then TDS froze. I aborted the program and tried again. Same result. I updated the radius.td3 File. Same result. Rebooted. Tried again. Same result.

    After several more attempts, I tried doing a Memory Object Scan on its own and it did finish, but TDS3 ran like a dog & though it did come up clear.

    I then started a scan for everything except the Memory Objects. Everything had come up clear so far. I left it running with the file scan.Is it possible I have not gotten rid of the Trojan and it s blocking the Memory Object scan to hide itself? As Symantec and TDS had come up clear with all scans so far,am I being too paraniod? I have Adaware blocking registry updates. Is it possible it may have blocked it in the first place? Or is it possible the original alert was a false-positive?

    Can someone help this paniced noob?
     
    Last edited: May 22, 2005
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there mtraun and welcome to TDS!

    At installing TDS, did you have every other scanner and their resident protection closed, rebooted after install and updated with the latest radius update after that?
    At scanning with TDS, did you close all other scanners and their resident protection to give TDS free access to all files?
    further it's recommended to close all unnecessary applications and step away from the system to give TDS all space to speed up the scanning process.

    If Norton speaks about an unknown trojan i would be very curious and would like to know what it is of course. Now nobody can tell you anything about it.
    As it was in the system restore which is a copy of your system in fact it can have been on your system before so the original is either somewhere or deleted already in a former cleansing action or it never was nothing wrong at all.
    The easiest way to get rid of such infections is to disable your system restore, reboot, enable system restore again and create manually a new restore point. All the older points have gone, including your possible infection.
    If you find such alarms you think TDS should react on try to send a sample to the TDS lab, zipped if possible, and you'll be told if it is a nasty or not.

    The Process memory scan is a rather heavy process which can take some time, and the system might seem frozen but it is not; try to let it do it's job and see if it continues after several minutes.
     
  3. mtraun

    mtraun Registered Member

    Joined:
    May 22, 2005
    Posts:
    3
    Thanks for your reply, Jooske.

    On advice from the diamondcd suppoirt guys, I installed the VB6 SP2 and that seems to have fixed the memory scan locking issue.

    And, if the scans from Symantec and TDS3 hold true, my system appears clear. But the idea of having my internet passwords stolen by a trojan / keylogger scares me more than anything. Is there any other scanners that people could recommend to this panicked paranoid person? ;)

    Michael
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Michael,
    I had no idea there was a real frozen / VB6 problem so i guess all is right now again?
    Is there any reason to think your passwords would be stolen? So change them just in case. Not every trojan does steal them.
    You should look most in prevention with ProcessGuard to start with, look at Port Explorer to see live connections, including possible hidden or suspicious ones, etc. Install JavaCool's browser protection tools.
    You could do some online scans, like at bitdefender or housecall, but be prepared for possible false positives.
    Do another TDS scan in safe mode, use spyware scanners like SpybotS&D and ad-aware, etc. Look in the forum here and see what people use.
     
  5. mtraun

    mtraun Registered Member

    Joined:
    May 22, 2005
    Posts:
    3
    Thanks for the advice Jooske. Will do.
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Please tell us if all worked fine for you?
     
Thread Status:
Not open for further replies.