Question about TDS xdynamic subfolders

Discussion in 'Trojan Defence Suite' started by intheusa, Apr 25, 2005.

Thread Status:
Not open for further replies.
  1. intheusa

    intheusa Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    2
    My question is I have a folder named

    C:\programs\tds\xdynamic\tds.unpk

    What I want to know is tds.unpk a legal sub folder, and if so what files should be there or not there ?
    ----------------------------------------------------------------------
    I was hit with this Smitfraud.c trojan, and really managed to clean it up without virual or trojan scans. This is a Win 98 system, and I restored the registery with a clean backup CAB.

    But I did use TDS early on for a quick check on trojans in memory and running programs. It was clean, as I was able to stop all from the TASK window.

    According to Windows file & folder search for files created on that day, there were numerious files appearing with a newly created date in this tsd.unpk folder. They are mostly duplicate system files but one is the trojan file WP.exx which I renamed early on, and a few others. Now I deleted this file once WP.exx and cleaned the waste can, and also searched drive for any more occurances, so it may be in a compressed file. There is also some other files here to Stinger.exe, hijackthis.exe and more.

    From the trojan intrusion I kept a copy of all the trojan dll, and exe files (of course I renamed the extensions) on CD for reference, and can send these to. I did not keep the OCX, BMP, or DAT files.

    Computer seems to be working OK
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Enthuesa. the upk folder is where TDS3 unpacks files for scanning. Files that are left in there are usually deleted after scan completion but sometimes may be left there, simply delete them.

    Submitting your saved malaware files to DCS for analysis is a good idea.

    HTH Pilli :)
     
  3. intheusa

    intheusa Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    2
    Thanks for quick reply !

    Give me an email address, I will zip and send, after I make some late night
    errands. (no traffic jams at night)
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    submit@diamondcs.com.au

    If TDS detected the trojan it is detected already; can imagine you want to be sure with the files.

    You're right, in the TDS.Unpk folder are copies of original files elsewhere on your system which you might have deleted already too; those inside the Unpk folder you can delete.
     
Thread Status:
Not open for further replies.