New and Lost

Discussion in 'Trojan Defence Suite' started by Old_Sock, Nov 1, 2003.

Thread Status:
Not open for further replies.
  1. Old_Sock

    Old_Sock Registered Member

    Joined:
    Nov 1, 2003
    Posts:
    7
    Hi everyone !!

    Got the TDS-3 because heard it was fantastic ( and it looks it ) and im new to computing but i do know that in this last week my firewall has stopped 21 "attacks"

    I find the help menu a little over my head ie sockets, port scans, ping etc. It seems to be written under the impression that the user knows about it in the first place.I come along not knowing diddly and its confusing!

    Anyway read through Fanj post on basic set up, and if i can make head or tail of what i can actually do with TDS-3 i am DEFINATLY going to register my copy.

    If anyone has any links for the dumber than usual user i would appreciate their time !!!
     
  2. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Old_Sock

    Everyone is more than welcome here. By the way - welcome to Wilders Security Forums!

    Everyone from newbies to old socks are treated with care and respect here at Wilders.

    TDS3 is primarily a Trojan scanner. Trojans are a particlular type of bad software that are created to gather personal and private information and "send it home" so to speak. Sometimes they are used to get specific information about the connection and then use that person's computer unbeknownst to the owner even while they are online!

    In TDS3 even the default settings work well but since you have followed FanJ's settings now you are really doing well! Simply scan and let TDS find anything it can out of normal and then if it has found something - post it here and someone can assist further.

    A good defense is a layered defense. That necessitates a good firewall, a good anti-virus program, a good anti-trojan program, a good anti-worm program and a few other things. Please post here for help with TDS of elsewhere in Wilders Forums in the appropriate place for help with anything else. Everyone here is very friendly and waits anxiously to help anyone seeking assistance.

    Best wishes
     
  3. Old_Sock

    Old_Sock Registered Member

    Joined:
    Nov 1, 2003
    Posts:
    7
    Thanks Qsection for response.

    Can i ask for assistance please to you and others?

    Firstly does TDS-3 work in the background like my firewall when ever i am on line? ( have set it up similar to Franj's easy to follow set up guide) Or is it on demand when i ask it to scan?
    If someone tries to plant a trojan on my P.C will i get a alert as they do it through these ports i read about?
    I really need to catch up on all this as i dont know what this resolve, TCP Connect etc actually does and why i'd need to use them.
    Thanks
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    TDS is an on demand file and memory scanner, if you get infected you should be able to find and remove it with TDS no problems :) If you have a resident virus scanner and run a scan every week you should be fine - safe computing is the first step. I guess take your time to read a little over here there is lots of nice people who will help you :D
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Welcome old_stock, There is also a resident part of TDS which is called "Execution protection" To enable EP go to the TDS menu - Execution protection - Install.
    This protection will work as soon as TDS is running, most users start TDS either manually or automatically as soon as their PC has booted.

    Here is what the TDS help says about it:

    ]"Execution protection is a unique system exclusive to TDS-3 and DiamondCS WormGuard that uses a non-resident hook which allows TDS-3 to intercept and scan files as they are executed (but before they are loaded) and actually prevent infection by blocking/aborting the execution if the file was deemed harmful. As the hook is non-resident it uses no extra memory or resources, and it isn't susceptible to the TerminateProcess issue that virtually all other hook mechanisms are susceptible to.

    How does it work? When you execute a file, the operating system - before it even loads the file - asks the DiamondCS execution hook "Allow this file to continue processing?", and then waits for a Yes/No response from the hook. This allows TDS-3 to scan inside the file and abort the execution if the file is deemed dangerous or has been identified as a trojan".


    Once execution protection is installed you will see that it is started in the TDS text window.

    BTW EP is available only in the full licensed version


    HTH Pilli
     
  6. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :)

    Better tell Gav that first he will have to buy the registration first.
    And then all will work as I'm told and read here.
    I can't find the button or setting that makes tds-3 change my screen and does funny stuff with the color layouto_O I can almost remember, (darn old memsticks getting to warm again), clicking it but didn't run again for a day or so and now can't find anywere?

    Any ideas o_O

    Thanks
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi FukenFooser 007.5, Think you will find the answer on the TDS private forums, scripting section. http://www.diamondcs.com.au/forum/forumdisplay.php?s=&forumid=9 :D
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi all!
    Think the basics have been told:
    a possible basic configuration on a win98 system, which will do for other systems too, but those have a few more options;
    i for instance have all the startup options checked in the configuration and in the upper right corner the sockets automated up so those standard trojan ports are double protected with TDS listening behind them in case something would ever pass the firewall;
    and in the scan options also everything checked and slider on highest sensitivity (all to the right);
    the exec protection installed (yes, this is only possible for registered versions -- the registration keyfile is there within a few hours during business days after buying).

    Make sure to update daily and once a week a full system scan should be ok.


    For the colors:
    TDS has the different colored bars, and there is a script in the user submitted from Jazzie or it was only posted in thje forums with which you can change colors in the texts in the console.
    Maybe you mean the nice colors options and more we had in Port Explorer which are still there as color options
    (registered PE users can download a series of color schemes for PE and play around with those)


    I would like an option (script?) to fill in your birthday and have TDS start a birthday song on that day :)
    I did make some scripts including birthday songs but had not included such an agenda. Maybe somebody has?
    You can use such a timer for automatic scanning and updating too, of course, to use that script more frequent then just once a year!
     
  9. Old_Sock

    Old_Sock Registered Member

    Joined:
    Nov 1, 2003
    Posts:
    7
    :) Thanks for everyone for taking time out to reply !!
    Have read page after page and im learning (albeit very slowly !)

    Have a question though would appreciate help on.
    at start up i have found some thing like this:

    startup :dumprep 0~k

    command: %systemroot%\systemroot\dumprep 0~k

    Location:HKLM\software\microsoft\windows\currentversion\run

    Have Xp home if that makes a difference

    anyone know what this is?
    Thanks alot
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If in explorer you right click on it, does it give any properties? A recent date for instance?
    If you scan it with all NTFS streams on in the scan, does it tell there are ADS streams involved?
    If you open notepad and drag the file to notepad, doe sit show anything readable?
    Just to make sure the file is really empty and more then empty.
    Not sure where it comes from, this is why to make sure about it what you can find out.
     
  11. Old_Sock

    Old_Sock Registered Member

    Joined:
    Nov 1, 2003
    Posts:
    7
    command: %systemroot%\system32\dumprep 0~k

    hi sorry havent tried that last post just noticed i had written command wrong,please note \system32\ and not \systemsystem\ like i originally posted will look now at your comments
     
  12. Old_Sock

    Old_Sock Registered Member

    Joined:
    Nov 1, 2003
    Posts:
    7
    hi
    A friend i havent spoken to told me tonight it's a worm that none of my firewalls/ anti virus scanners picked up on. am looking into PLEASE BEWARE THIS WORM KILLS ALL FIREWALLS/ ANTI VIRUS
     
  13. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    See if you can get rid of it like this (if you can, then it was a more or less unnecessary part of your OS trying to taking care of itself, and perfectly harmless):

    (I am translating this from a german webpage and cannot reproduce it since i don't have XP, expect to cope with some "tolerances" in the translation)

    Control Panel | System | Extended | Start and Restore | Settings | Save Debug information
    make that "none"

    I hope i'm on the right track and that my hints are of use to you,
    Andreas
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Found this description on the startup list
    here

    Name/Startup Item Command Comments
    N kernelfaultcheck dumprep 0 -k
    dumprep 0 -u
    Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out

    "N" - Not required - typically infrequently used tasks that can be started manually if necessary
     
  15. Old_Sock

    Old_Sock Registered Member

    Joined:
    Nov 1, 2003
    Posts:
    7
    Wow what a night that was! found 7 other enteries of the dumprep thing. Turns out it wasn't a worm after all but did find in Explorer dumprep.exe which i couldn't explain after reading your posts, so i deleted it and so far everything looks ok.Have set write debugging to none as you explanined.
    thanks for help yet again !
     
  16. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    That should have been restored by system file protection, it is a needed file - dont worry about it :)

    If you have any new worms or suspicious files you can send them to submit@diamondcs.com.au - obviously we urge users to send in new worms if they get them, to make sure TDS also detects these
     
  17. tepi

    tepi Registered Member

    Joined:
    Nov 12, 2003
    Posts:
    81
    As a newbie I hope you'll forgive me for being a mite puzzled by this. I do have Exec protection installed, but as I understand it a Trojan is something that is designed to operate secretly and that executes itself or is remotely controlled. So I'm wondering what you mean when you say "when you execute a file." Does this mean "when the Trojan file executes" irrespective of who or what triggers the execution"?

    Sorry if this sounds a bit nitpicky, and my thanks to all for the great advice being offered in these columns.
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Tepi, Providing Executive Protection is installed & running it checks any programme file that is run including Trojan .exe's whether started by the user or not.

    HTH Pilli
     
Thread Status:
Not open for further replies.