TD3. Should I remove this entry?

Discussion in 'Trojan Defence Suite' started by Gnome, Aug 5, 2004.

Thread Status:
Not open for further replies.
  1. Gnome

    Gnome Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    3
    Location:
    Melbourne. Aus.
    Hi,
    I am new to td3 and I just updated the database and ran td3.
    I am clean of trojans but there is something in the Alarm section at the bottom,

    Alarm :RegVal Trace:DDoS.RAT.rBot
    Name :HKEY LOCAL MACHINE
    File :Software\Microsoft\Windows\CurrentVersion\RunServices[Microsoft Update=msconfig.exe]

    All I could find in google was a post on another forum(with no replies).
    Is the Alarm just telling me to be aware that this file or
    Should I delete this registry entry?

    Thanks in advance
     
    Last edited: Aug 7, 2004
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    YES, use Autostart Explorer, find any other entries with the same name "Microsoft Update" and delete them. Then reboot immediately so its "dead"

    If TDS doesnt already positively identify the msconfig.exe in a file scan, please submit a sample before deleting it to submit@diamondcs.com.au - thanks
     
  3. Gnome

    Gnome Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    3
    Location:
    Melbourne. Aus.
    Thanks for the reply.
    I dont know much about td3 but im getting there.
    You ask "please submit a sample before deleting it to submit@diamondcs.com.au - thanks" , I'm sorry but I don't understand what "sample" you mean. Could you please explain this to me if it's not too much bother as I would like to be able to use td3 properly.
    Thanks for your time.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    msconfig.exe a copy of the file, zipped if possible attached to an email.
    The file might be in more locations; if they are all identical one is ok, if all are different (size, date for instance) if you look in their properties send them all.
     
  5. Gnome

    Gnome Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    3
    Location:
    Melbourne. Aus.
    Thanks for explaining that to me(I should have realized, :oops: lol.)
    I could only find 2 references to the file msconfig.exe . One was in the registry and the other was in startup in msconfig itself(unchecked). Anyway I removed the key using autostart explorer then rebooted like gavin said and now its gone so thanks both of you for your help.

    Gnome.
     
Thread Status:
Not open for further replies.