Identifying what to remove/delete

Discussion in 'Trojan Defence Suite' started by Caprizzy, Mar 27, 2004.

Thread Status:
Not open for further replies.
  1. Caprizzy

    Caprizzy Registered Member

    Joined:
    Mar 27, 2004
    Posts:
    1
    I ran TDS-3 professional and it identified the following:
    Positive identification: Worm.Aplore
    File: c:\windows\system\explorer.exe

    Positive identification: Worm.Aplore
    File: c:\windows\system\explorer.exe

    RegVal Trace: Acid Shivers/Acid Battery/Acid koR/RAT.RAT: HKEY_LOCAL_MACHINE
    File: SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Explorer=C:\WINDOWS\SYSTEM\EXPLORER.EXE]

    RegVal Trace: RAT.Netbus 1.70 (Dropper.Memory): HKEY_LOCAL_MACHINE
    File: SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SYSTRAY=C:\WINDOWS\SYSTEM\A.EXE My question is should i delete all of these files,and if i do,wouldnt this affect anything on my system? Thank you in advance.
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,216
    Location:
    North Carolina, USA
    Hi Caprizzy,

    Welcome to Wilders!!!

    I would say you probably have definite bad guys there. The valid explorer.exe should be in your windows directory, not in the windows\system directory. I would do a right click on them in the TDS console and submit them to DCS to be sure though.

    HTH....

    Regards,
    Kent
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.