Hello, Hi I've just re-installed Win XP pro on my second computer. I made one account a limited user and then installed some programs, I only went online for windows update. OK I've installed TDS3 and ran a check of my system under the limited user and TDS3 goes nuts! So now I log off and log on as Admin and run TDS3 again and everything is ok. So I log back on as the limited user and TDS3 finds the same things as the first time. So here's what TDS3 found: Scan Control Dumped @ 17:07:54 08-09-02 File Trace: Default trojan filename: Sokets de Troie File: C:\XPPRO\Temp\Tcv.exe File Trace: Default trojan filename: Sokets de Troie File: C:\XPPRO\Temp\winstart.bat File Trace: Default trojan filename: Sokets de Troie File: C:\XPPRO\Temp\Tmp_.exe File Trace: Default trojan filename: Suspicious File: C:\XPPRO\temp\winstat.exe File Trace: Default trojan filename: Worm.VBS.Calendarios File: C:\XPPRO\temp\winsys.vbs File Trace: Default trojan filename: RAT.Phoenix II File: C:\XPPRO\TEMP\ .exe File Trace: Default trojan filename: RAT.Phoenix II File: C:\XPPRO\TEMP\ FMXZFMR.exe File Trace: Default trojan filename: RAT.Phoenix II File: C:\XPPRO\TEMP\ GAXGMEL.exe File Trace: Default trojan filename: RAT.Glacier (log) File: C:\XPPRO\temp\Psw.tmp File Trace: Default trojan filename: RAT.Acid Reign File: C:\XPPRO\temp\acid.exe File Trace: Default trojan filename: RAT.GirlBoy File: C:\XPPRO\TEMP\RunDll.exe File Trace: Default trojan filename: FTP.CyberSpy FTP File: C:\XPPRO\temp\GFTP.exe File Trace: Default trojan filename: Worm.Roach File: C:\XPPRO\temp\DCCOM32.EXE File Trace: Default trojan filename: RAT.Phoenix II File: C:\XPPRO\Temp\~P2.exe File Trace: Default trojan filename: Worm.Alal File: C:\XPPRO\Temp\Blabla.vbs File Trace: Default trojan filename: RAT.CHCB File: C:\XPPRO\Temp\WinPad.exe File Trace: Default trojan filename: Worm.Floodnet File: C:\XPPRO\Temp\cute.exe File Trace: Default trojan filename: RAT.Phoenix II File: C:\XPPRO\Temp\ PBHTDOF.exe File Trace: Default trojan filename: Suspicious File: C:\XPPRO\Temp\server.exe As the limited user I can't open the Temp file so I logged on as the admin and there's only 2 files 0kb there. So whats going on? I've installed NOD32 but need to update it but don't want to reconnect to the Internet with that computer. Well I'm thinking I'll be safe and re-install. I just posted because I've never seen TDS3 do this find something under one user and not as another. I might have understood if it had found them while logged as admin and not found as limited user. Thanks and sorry for the long post, any ideas about what happened would be nice. Boy do I ramble... Loki
Hello Loki! Don't bite your nails yet! Another user solved the kind of problem with installing TDS both as an administrator ans as a user. Could this help in your situation too? For security reasons you might like to limit the user a little less and do most what you want to do on that account and only use the admin account if you really have to, as little time connected to internet as possible. So this explains the value this moment of installing TDS on both accounts. Not sure how this will be in the coming version 4. You will be able to scan all partitions and the whole system with both versions though, so you don't start TDS at both levels at a time. Please keep us updated how it goes with this!
Hi Jooske, Well I posted and then checked to see who was logged in here and saw you so I knew I would get a fast answer. I set that computer up with the limited account to do as you suggested by using it and not an admin account. I don't know if I installed TDS3 with the run as command but I will try to re-install as the limited user. Thanks and i'll let you know what happens. loki
Thanks for so much trust! Fingers crossed! Expecting those two accounts on XP. You also did install it on the system itself didn't you, and not installing from the other computer via the network? That might sometiimes give unexpected results too, most certainly if you start the version on the remote computer from the local computer and you have TDS already running on the local one. It is very well possible, but needs some configuration to do so.
Hello, Well I un-installed TDS3 and tried to re-install as a limited user but no go on that. So I did a run as admin install and than reran the scan and still came up with the trojans. So I logged off the limited account and logged on as admin and scanned again came up clean. So I upped the limited user to power user and than logged onto that account and re-scanned came up clean. Seems to be a problem only with limited user rights. Power user works ok. Leave it to MS to make life difficult. So with the limited account upped to a power user system scanned clean. Oh I installed from the download and added my key file and updated the radius file to current. Almost time to un-install TDS3 from my other system and practice using TDS3 over the network. Everything looks good now. Thanks Jooske
Sounds good! Glad that worked for you. Why would you uninstall from the other computer to run it over the network? You can and scan the logical drives/partitions of the whole network remotely, but for the memory you need the local install. You might like to practise communicating with your other system and see how that looks like. (the network functions)
Hi, well here my current scan with TDS3: 17:54:05 [Radius] Radius Systems loaded. <Databases updated 08-09-2002> 17:54:05 [Radius Update] Update complete. 17:56:01 [CRC32] Started - verifying 31 files ... 17:56:47 [Memory Scan] Memory scan started, please wait a moment ... 17:56:47 [CRC32] Test finished. 17:56:48 [Memory Scan] Memory scan complete. 17:56:48 [Mutex Memory Scan] Started... 17:56:49 [Mutex Memory Scan] Finished (no trojan mutexes found). 17:56:49 [Trace Scan] Started... 17:57:01 [Trace Scan] Finished. 17:57:01 [Service\Driver Scan] Scanning for services and drivers ... 17:57:01 [Service\Driver Scan] Scanned 279 services and drivers. 17:57:01 [File Scan] Scanning in A:\ ... 17:57:26 [File Scan] Scanned 1 files: 0 alarms in 25 seconds (Avg 1.04 files/sec) 17:57:26 [File Scan] Scanning in C:\ ... 18:04:28 [File Scan] Scanned 7366 files: 0 alarms in 421.4844 seconds (Avg 18.48 files/sec) 18:04:28 [File Scan] Scanning in D:\ ... 18:05:11 [File Scan] Scanned 986 files: 0 alarms in 43.40234 seconds (Avg 23.72 files/sec) 18:05:11 [File Scan] Scanning in E:\ ... 18:05:11 [File Scan] Scanned 0 files: 0 alarms in 0.015625 seconds (Avg 1. files/sec) 18:05:11 [File Scan] Scanning in F:\ ... 18:06:36 [File Scan] Scanned 225 files: 0 alarms in 85.23828 seconds (Avg 3.64 files/sec) 18:06:36 [Scan] Finished. 18:16:53 [Infection Test] File infection test started. Please wait a moment while baits are deployed and tested. 18:16:53 [Infection Test] EXE infection testing started ... 18:16:54 [Infection Test] WARNING!Possible viral infection - test .exe file changed after execution.File datestamp has changed. 18:16:54 [Infection Test] D:\TDS3\result.exe is possibly infected. 18:16:54 [Infection Test] COM infection testing started ... 18:16:55 [Infection Test] WARNING!Possible viral infection - test .com file changed after execution. File datestamp has changed. 18:16:55 [Infection Test] D:\TDS3\result.com is possibly infected. As you can see the virus test is giving me warnings but only when run as the upgraded power user account. When I run the same test as admin system is clean. I ran a NOD32 scan on this computer with the lastest data base and that scan is clean. Loki
Hi Loki, We are testing and replicate your initial results, we are aware of the trace problem. This will be resolved for TDS-4. We are not able to reproduce the problem with the file infection test, please zip and email the COM and EXE files which are showing up as infected, we will check them just in case. The test is most likely producing a false reading as well but just to be sure I will take a look at the files when we receive them
Hi Gavin and Jooske, Well I had decided to re-install Win XP before I saw your post so it's to late to zip those files. I would have gladly done so. Re-installing Win XP in no way reflects on TDS3 I believe that the NTFS file system got corrupted while installing. So I'm almost up and running on that system and hope things work better this time. By the way the files test.com and test.exe are they in the TDS folder InfTest, this way if I need to ever zip them i'll know where they are. Thanks for your time and Help. Loki