Positive identification: (embedded in file)

Discussion in 'Trojan Defence Suite' started by haerski, Dec 22, 2004.

Thread Status:
Not open for further replies.
  1. haerski

    haerski Guest

    I ran the TDS-3 "full system scan" and ended up with 2 alarms that I didn't really know what to do with. These are embedded in files, located in folders I'm a bit hesitant to tamper with. These are the alarms:

    Worm.Sasser.e c:\windows\backup\tb040721.dat
    TrojanDownloader.Win32.Keenval.e Dropper c:\windows\system32\in10b6s.dll

    What should I do with these alarms, should I just delete these or what? Thanks for any assistance.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes Delete both, One is the sasser worm or one of it's varients

    The other spyware: http://www.webhelper4u.com/watcher/waddictivetech.html

    Also get windows latest security patches.

    Make sure that your AV, AT and Anti-Spyware apps are using the latest definitions.

    Then please re-scan with them all and report back if anything else appears :)



    HTH Pilli
     
  3. haerski

    haerski Guest

    OK, will do, thanks. I am aware of the maliciousness of the identified trojans but my concern was that the trojans have infected a valid (and an important) file and the delition of such a file would compromise the functionality of my computer, but if this is not the case, good riddance.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    OK haerski, It is important that after deletion you rescan as described above.

    Cheers. Pilli
     
Thread Status:
Not open for further replies.