Is there a way to delete all infected files?

Discussion in 'Trojan Defence Suite' started by Alan Howarth, Jul 19, 2004.

Thread Status:
Not open for further replies.
  1. Alan Howarth

    Alan Howarth Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    3
    Hi,

    Does anyone know a way to delete all infected files rather than having to go through them one-by-one? One of my systems has 600 infected files! There must be an easier way!!!

    Alan
     
  2. FanJ

    FanJ Guest

    Hi Alan,

    Be absolutely sure that they are indeed infected before deleting!

    Why am I saying that?
    Because last week there was a corrupted database (radius-file) uploaded on several servers. That corrupted radius file caused lots of false positives.
    DiamondCS already apologized for the inconvenience !
    So: first make absolutely sure that your Radius file in your TDS-3 shows exactly the same numbers as Gavin posted in his latest Update notification in the Updates-Alert forum-section here at Wilders.
     
  3. Alan Howarth

    Alan Howarth Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    3
    Thanks for the info - got caught with the dodgy update as well and was delaying the dread thought of rebuilding my main system when I found out - talk about relief!!

    No - these are all real nasties, but I don't want to spend a lifetime manually deleting them all.

    Alan
     
  4. FanJ

    FanJ Guest

    OK, but 600 files infected? ? ?
    How did that happen....

    Posting the scandump listing all those 600 files might be too much here.
    But once again I myself would be very concerned if that would happen, but of course I don't know what has happened on your system.
    Having suddenly 600 files infected would most definitely ring ALL bells :rolleyes:
    There MUST have happened some serious thing on your system !!!
    Before all people are jumping to try to help, in such case I think (sorry!!!) that it might well be a good thought to give as much as info as possible with regard to what as happened...
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Alan...

    FanJ is absolutely correct... PLEASE do not do anything until it has been verified...

    unlesss.... this thought just occurred to me, did you have NTFS Data Streams [ADS] checked.....o_Oo_O? this could give a massive lot of alerts if that was the case.

    Hope that was it ;)

    I don't have mine do that very often, as I have hundreds of pics on system that were worked on in Adobe Photoshop and PS puts in data streams into those by its very nature of operation, so the files can be read for various reasons. Usually I strip them of ADS [Alternate Data Streams] via a jpegcleaner.exe program.

    Do a scandump by all means and post BUT AS A TXT FILE ATTACHMENT

    Cheers, TAS
     

    Attached Files:

  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Alan Howarth

    To stop getting Data Streams open a folder and left click>Tools>Folder Options>View>and then check= Do not cache thumbnails.

    Take Care,
    TheQuest :cool:
     

    Attached Files:

  7. Alan Howarth

    Alan Howarth Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    3
    No, I didn't have detect dat streams ticked, these are real trojans.

    I just had an email back from Diamond tech support saying there is no way of deleting all detected files - I strongly suggest this should be included in TDS-4!!

    I have decided to format the drive and re-install.

    Thanks for all the helpful comments.

    Alan
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Sorry to hear so.
    Depends on where they were, maybe if they were in some folders deleting those folders whould spare lot of work already, if they were all by a few file names search and delete in windows could help, but if all were different.......
    Such a heavy infected system (depending on the trojans there were) does not feel really safe ever again either........
    Hope not too much data is lost!

    I suppose you did look with HiJackThis, Autostartviewer, APM, SpyBotS&D, Ad-Aware if there was an easier way already?
     
Thread Status:
Not open for further replies.