TDS-3 failing to delete r.bot, agobot from registry

Discussion in 'Trojan Defence Suite' started by carbonrose, Apr 4, 2005.

Thread Status:
Not open for further replies.
  1. carbonrose

    carbonrose Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    2
    I have been cleaning my PC over the last few weeks. I have used many tools and followed methods described in other forums to clean this PC.
    I have now come down to only two remaining problems.
    Only TDS-3 detects these issues.

    Here is an exact copy of the log file from TDS-3

    Scan Control Dumped @ 00:57:03 04-04-05

    RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [Sygate Personal Firewall=Sygate.exe]

    RegVal Trace: DDoS.RAT.Agobot: HKEY_CURRENT_USER
    File: Software\Microsoft\Ole [blah service=evosys.exe]

    (DELETED) Positive identification (DLL): Adware.Ramdud (dll)
    File: c:\windows\system32\winsrvs_1.dll

    I have chosen to delete the two remaining files with TDS-3 and it confirms that they have been deleted.
    but,
    I restart the pc, run another check to be sure and they have been eliminated but they are still there.

    I have used AVG, Ad-Aware, Spybot, CWshredder, trojan hunter, many online virus scanners, clean-up, windows washer, About Buster... Have used the action of safe mode with system restore disabled, Spybot immunize off and disabled, all hidden files and folders revealed.
    But as I have previously mentioned, only TDS-3 detects these.


    Is it safe to maually delete these from the reg.
    or
    Is there another issue with these two corrupt files. Am I doing something wrong perhaps.

    Regards

    CR.
     
    carbonrose, Apr 4, 2005
    #1
  2. carbonrose

    carbonrose Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    2
    Problem solved. No furthur assistance required.
    If needing to see what was done please ask. Otherwise I will leave it as it is as no posts were put forward.
    It was a long haul to get there.
     
    carbonrose, Apr 12, 2005
    #2
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hello carbonrose,
    Sorry for overlooking your posting and thus not reacting.
    Glad you did solve the problem.
    Would like a description what you did to solve it.
     
    Jooske, Apr 12, 2005
    #3
  4. tiggy

    tiggy Guest


    Hi Carbonrose,
    I have exactly your same problem with this message:
    RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\RunServices [Sygate Personal Firewall=Sygate.exe]

    Could you please explain how did you solve it?
    Thanks a lot
    Tiggy
     
    tiggy, Jun 3, 2005
    #4
  5. FanJ

    FanJ Guest

    FanJ, Jun 3, 2005
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...