Probable false detection

Discussion in 'Trojan Defence Suite' started by garufa, Jun 8, 2005.

Thread Status:
Not open for further replies.
  1. garufa

    garufa Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    1
    I´m a trial user and none of other spy detectors detected any danger. Except TDS-3 that detected the following under Windows ME:

    Scan Control Dumped @ 12:11:08 08-06-05
    RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [Machine Debug Manager=C:\WINDOWS\SYSTEM\MDM.EXE]

    Does anybody knows what does it means and what to do?
    Thanks for your help
     
  2. FanJ

    FanJ Guest

  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If FanJ's thread is not sufficient (think it is), do a little more testing.
    This is a bit strange, as it's the only file, and it is an original Windows file.
    You can look at it's properties if there was a recent modification on the file.
    You can go to www.kaspersky.com/remoteviruschk for instance and use the online filescanner, you can zip a copy and submit it to the address in my sig.
    Keep us informed about your results please.
     
  4. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Garufa,

    This is what found by google search-

    Description:
    mdm.exe is associated with Microsoft Windows process debugging system. It allows the user to debug Internet Explorer errors by using a script interface tool. This is a non-essential process. Disabling or enabling this is down to user preference Note: is also a process which is registered as the Win32.Lydra.a information stealing Trojan. This Trojan allows attackers to access your computer, personal data and information. It is a registered security risk and should be removed immediately. Please see additional details regarding this process

    and

    Mdm.exe is the Machine Debug Manager, which is used by the Windows NT Option Pack and Microsoft Developer Studio to provide application debugging. When Script Debugging is enabled for Internet Explorer 4.0, the debug manager is initialized whenever Internet Explorer 4.0 is started.

    Note: The mdm.exe file is located in the c:\windows\System32 folder. In other cases, mdm.exe is a virus, spyware, trojan or worm!

    Hope this helps

    Tonyjl
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In addition to this: on win98/ ME systems it is located in the windows\system folder, normally no system32 folder on those systems, so it is located already in the right folder here.
    In TDS > Autostart explorer > find the key and delete it from the autostart unless you want to use it.
     
Thread Status:
Not open for further replies.