Is there an easy way to delete 768 trojan files?!?

Discussion in 'Trojan Defence Suite' started by dmg, Oct 28, 2004.

Thread Status:
Not open for further replies.
  1. dmg

    dmg Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    2
    First off, this is NOT my machine!! I know better than to leave myself so exposed....!

    Anyhoo.... I finally convinced my friend of the importance of safe computing :D and got him to buy TDS-3... Of course, I get stuck with the dirty task of cleaning up the mess....

    TDS-3 has positively identified 42 different Trojans, Downloaders, Droppers, Adwares, etc., totalling 768 files sprinkled all over the place.

    I know I can "right-click/Delete" each alarm at the bottom of the screen, but after the 20th one, I'm thinking there HAS to be an easier way. I tried shift-clicking and ctrl-clicking to select multiples, but that doesn't work...

    Am I missing something painfully obvious?
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    as far as I know they have to be done individually, that way the options come into play if it doesn't instant delete and needs any special treatment

    if a lot of thenm are adware files then you could run adaware first and let it fix everything then rerun tds and clean upthat way

    it would be interesting to see the scan dump.txt

    right click any file it finds and it gives you options on dealing with it, the normal selection would be delete , but first select "save as text", that will create a logfile of all the found suspect files and put it in the TDS directory called scandump.txt.

    post back with the tds log after running please, just copy & paste the entries from the scandump.txt
    or if it is a big one as it seems to be here attach it to a reply
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi dmg, welcome to Wilders, as the PC in question has so many infections it may be worth considering a format [if viable], with that amount of malware you may loose files/attachments from other programs or windows causing instabillity.

    It's not necessary to format, but it's not hard and then you will know for sure that all the garbage is gone, plus the comp will run alot better.

    If you decide to format, post back an ill give you some hints to do it easy.
     
  4. dmg

    dmg Registered Member

    Joined:
    Oct 28, 2004
    Posts:
    2
    Here's the scandump file. you'll notice that every single entry in that log is a positive identification"
     

    Attached Files:

  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    OK to cut down on the load for tds do this

    Be Warned the winshow trojan is a form of cws and just deleting those dll files will NOT eradicate the problem so I will need to see a Hijackthis log first and we need to remove all the start up entries from the registry which for some reason TDS isn't finding

    deleting the files just allows new versions of them to be created, there is usually a hiddden file that windows or any antivirus/antitrojan cannot see until we use a few tricks, but that depends on which version it is and I need to see the HJT log to determine that

    But let's clear out a lot of the rubbish first with this method

    First download CWshredder from http://www.intermute.com/spysubtract/cwshredder_download.html then Run it
    Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.


    if it's one of the older versions then cwshredder will deal with it

    reboot
    Download and unzip or install AdAware SE from http://www.lavasoft.de/support/download if you haven't already got it. If you have it, then make sure it is updated and configured as described

    and while you are at the adaware site download and install http://www.lavasoft.de/software/addons/vx2cleaner.shtml

    and run it before the main adaware scan and follow it's directions

    now

    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least SE1R15 26.10.2004 or a higher number/later date
    Then ........
    click the "Scan" button. and select full scan

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries. You can safely ignore any MRU entries though and not delete them

    reboot again

    then

    go to http://www.thespykiller.co.uk/files/HijackThis.exe and download 'Hijack This!'.
    make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
     
Thread Status:
Not open for further replies.