Identifying what to remove/delete

Discussion in 'Trojan Defence Suite' started by Caprizzy, Mar 27, 2004.

Thread Status:
Not open for further replies.
  1. Caprizzy

    Caprizzy Registered Member

    Joined:
    Mar 27, 2004
    Posts:
    1
    I ran TDS-3 professional and it identified the following:
    Positive identification: Worm.Aplore
    File: c:\windows\system\explorer.exe

    Positive identification: Worm.Aplore
    File: c:\windows\system\explorer.exe

    RegVal Trace: Acid Shivers/Acid Battery/Acid koR/RAT.RAT: HKEY_LOCAL_MACHINE
    File: SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Explorer=C:\WINDOWS\SYSTEM\EXPLORER.EXE]

    RegVal Trace: RAT.Netbus 1.70 (Dropper.Memory): HKEY_LOCAL_MACHINE
    File: SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SYSTRAY=C:\WINDOWS\SYSTEM\A.EXE My question is should i delete all of these files,and if i do,wouldnt this affect anything on my system? Thank you in advance.
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Caprizzy,

    Welcome to Wilders!!!

    I would say you probably have definite bad guys there. The valid explorer.exe should be in your windows directory, not in the windows\system directory. I would do a right click on them in the TDS console and submit them to DCS to be sure though.

    HTH....

    Regards,
    Kent
     
Thread Status:
Not open for further replies.