Potential New Buyer - sorry if this is wrong place to post

Discussion in 'Trojan Defence Suite' started by mfreemanhcp17, Jan 3, 2004.

Thread Status:
Not open for further replies.
  1. Hi guys,

    I am a novice with computers and internet security. I am running AVG and ZoneAlarm.

    I have read reviews of your product (TDS-3) and Trojan Hunter (sorry!!). I never knew that I would need to own such a program but having read the reviews am convinced I need to go down this route as my existing security doesn’t seem sufficient.

    I have therefore downloaded trial versions of both products.

    (TDS-3) It has taken some time to get used to such a detailed program and unfamiliar user interface but the program appears to have some great utilities and is exhaustive. No Trojan Mutexes have been detected.

    (Trojan Hunter 3.7) Seems a little more user friendly (and quicker) although this is not essential criteria. However, TH3.7 has detected one Trojan file on my machine which I hope has subsequently been removed.

    My predicament is this – I now know that I am susceptible to such malicious attack and believe TDS to be the more professional application but TDS did not find the Trojan. Also, (through ZoneAlarm) I have noticed a new program requesting server access. Searching on the web has informed me that this program is in fact a Trojan also – which has never been picked up by either TDS or TH3.7, although I have managed to kill the active process I see that it lies dormant (I hope) in the Autostart Explorer feature I have in TH3.7. I have no way of getting rid of it.

    Question 1 – Would the trial version carry old an Trojan database and therefore a full licensed version would detect and clean those found by TH3.7?

    Question 2 – Could you send me a text list of all current Trojan database objects so that I can check the list against my known Trojan occurrences?

    Question 3 – As one of the Trojans (4 files contained within their own folder of the system32 folder) lies dormant, would you like me to zip and submit for your own interest/investigation/research – assuming you do not already know about it?

    Question 4 – How much will TDS-3 cost – my brother is now also paranoid and so two copies will likely be requested!!!?

    Sorry for the long topic – hope you can answer my questions.

    Thanks in anticipation,
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi mfreemanhcp17 & welcome.
    You need to download the latest radius file here as the one in the trial is outdated :) Available here: http://tds.diamondcs.com.au/index.php?page=update Please follow the instructions on the page.

    TDS3's Primary list can be found in the Help menu.

    Yes please! Send to: support@diamondcs.com.au - Gavin will be pleased to analyse them.

    $49.95 but you there are occaisional special offers check here: http://tds.diamondcs.com.au/index.php?page=purchase & new package formulas are being put together for all of DCS's payware products. If you buy TDS3 you wil get a free upgrade to TDS4.

    In addition I would suggest you trial the other DCS products and make use of DCS's extensive list of free tools such as Auto Start Viewer - Check out this page: http://www.diamondcs.com.au/index.php?page=products You will find many useful tools under DiamondCS Freeware

    HTH Pilli

    * corrected email address -j & quote tags -m *
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi mfreemanhcp17,
    Pilli explained it all already; one question: can you tell which trojan seems to lie there dormant?

    If the fully updated TDS didn't alarm on a trojan which other scanners alarmed on, feel free to submit that/those too to the address Pilli just posted.

    TDS has an Autostart Explorer and a running Processes List enabling you deleting registry keys, analysis and killing of processes too. You might like in addition to use the (free) AutoStart Viewer Pilli already mentioned from the DCS products page to see all and everything wanting to start.
    For possible access and connections from/to your system you will like Port Explorer besides TDS so you can see real time in one blink of the eye all connections and which applications are using them and which ones you might like to investigate deeper.
    Good tools and using them will prevent some paranoia and unnecessary waste of money while keeping your system clean and secure.

    TDS scanning: if you go to System Testing > Scan Control you can decide if you want all options checked or leave the edit server/client, compresserd and archived files, heuristics, worm slider less sensitive, NTFS streams, scan the whole network with all logical drives or just a few local partitions, etc etc. For a full scan i always use all possibilities so it can take a while. As TDS is trying to use as much space as possible for that to speed up the process it's recommended to close unnecessary other applications and screens during that time, and try to do it when you're away from the system for a while.

    Let's hear your next experiences and questions please!
     
  4. Thanks for the response guys. I had already downloaded the latest radius file to the correct directory. The update has taken place but still no trojan found.

    I have viewed the primary list and the two trojans in questions do not appear.

    FYI - The two in question are:

    savno.100 - found and cleaned by Trojan Hunter 3.7 (I hope), and
    iosdt.exe - located in the system32 folder - although it is not visible (even though hidden folders and files are enabled) excpet through the autostart explorer.

    I have tried deleting the iosdt files but to no avail, they are still there! Should I use the 'force kill' option? I am concerned that this will not completely clean all associations.

    I have also tried to download the autostart viewer but am unable due to an 'HTTP Error 403 - Forbidden' error - although this is shareware - is this a restriction from my side (ie, firewall) or website?

    I am posting this reply from another machine, but I will submit the iosdt files to the addy supllied asap. How can I do this safely - winrar/winzip ok??

    Many thanks again guys. o_O :doubt: :'(
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol just buy it im newbie and i dont regrit it but befor you buy take a look here and read it all

    http://www.wilderssecurity.com/showthread.php?t=12743

    if you can do those few steps then i say buy

    if you have difcultys doing or understanding that then regreatfully you might not want this application

    however after going to the link albove im sure you will buy it lol

    couldnt be easyer

    ps i submit it in zip file
     
  6. P.S. just viewed Pilli's website.

    WOW!! You guys are really into this - I had no idea stepping into the new millenium with a pc would be so difficult!!

    I guess I am really not that secure after all - should probably just take the pc to a carboot or something - this is blowing my mind!!! I thought an anti-virus program and firewall was playing things safe.

    Confused but willing to learn :oops:
     
  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    actualy you on the right track for a newbie a fire wall and a antiviruse is a must have and good training tool to get you started

    your perty much ontrack

    to tell you the truth all you need is a decent trojan detector hint hint your in the right place

    and two free tools one thats kinda scary to use and another thats to easy to use lol

    in the free tool section at wilders pick up the program hta stop

    the other one is dimond registry protection but dont use that one till all your nastys are clean from your pc

    when your pc is clean and safe then use it and click yes to absoulutly everything and i mean everything

    so when you get warnings just click yes to all of it

    after that the only time you should ever get a warning is if you update someting or microsoft does auto update on your pc

    the littile planet icon that shows up saying updating

    then click yes to only those situations lol

    if not sure you can always ask for help here lol

    after that your perty much safe
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    mfreemanhcp17, The internet can be a dangerous place, that is why these forums exist & companies such as DCS are around.
    When you do a scan ensure that all the options are checked except for scan clients and edit servers.
    Have you googled for the iosdt.exe? Here is a link http://www.tweakxp.com/forum/forum_posts_view.asp?TID=6916&PN=1

    When you buy thefull version you get Executive Protection which can start when TDS does and is the resident AT scanner component. :)
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    also since your new and if you really want to get into this stuff which after alwhile it gets fun you might want to go here

    http://www.wilderssecurity.com/showthread.php?t=3247

    it was my sad attempt to make a newbie guide its out dated and im sure many of the dowenload links dont work but you can find most of the freebie tools here at wilders free tool section lol
     
  10. I have submitted the zipped folder f.a.o. Gavin to addy supplied.

    I have managed to download the Autostart Viewer pogram. None of the iosdt files appear, although they are shown in the service and driver explorer function of TDS. It is described as being a Distributed Net Client and has an automatic 'start-up' definition. I guess if it is not shown in Autostart Viewer then I should not have any concerns.

    mfreemanhcp17
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again, did you in the autostart viewer check all the options to be displayed? If so, you could be ok.
    To be very certain you might like to use the hijackthis as well, ysed a lot in the wilders forums and there are a few real specialists able to find out the fishy stuff imediately (if there is any of course).

    Looking forward to Gavin's answer on your files.


    Via Pilli's link i found this page about the same filename -- long read to wrestle through http://www.annoyances.org/exec/forum/winxp/t1069466574
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi mfreemanhcp17,

    I found this, for what it's worth:
    http://www.answersthatwork.com/Tasklist_pages/tasklist_i.htm

    Iosdt.exe

    (o_O)

    You have a Trojan virus on your PC – IOSDT.EXE is its main file. You most probably tried to download illegal copies of Microsoft software, and got infected by this trojan virus as a result (it gives access to your PC from the Internet).

    Recommendation :
    Reboot your PC into Safe Mode and then do a search for all files and folders which start with IOSDT and delete them. Next, empty your Recycle Bin and reboot back into Normal Mode.
     
Thread Status:
Not open for further replies.