tds-3 how do I print out a list of alarms?

Discussion in 'Trojan Defence Suite' started by Dale.E, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    How can I print the list of alarms so I can give my customer the print out. I like to give them printouts of the virus's and trojans I remove with various utilitys, tds appears to have no ability to do this...
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hello Dale & welcome.

    You will find the TDS3 text logs in the TDS3\Logs folder.

    HTH Pilli
     
  3. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    yes I found those, no they dont have a list of the alarms found.
     
  4. FanJ

    FanJ Guest

    What about this:

    If you see an alarm in the bottom of the console then right-click it.
    You will see an option to save it as text.
    See the Help-file chapter "Disinfection - Removing trojans".

    And, as Pilli wrote, the console-activity can be logged in a daily logfile.
    Set it up here:
    TDS3 Configuration > Options > Misc Options > Log console activity
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    OK, I see what you want now :oops: Right click on the alarm and save as text

    This is what I get:

    Scan Control Dumped @ 23:01:11 29-03-04
    Positive identification (DLL): RemoteAdmin.RAdmin 2.0 (dll)
    File: c:\windows\system32\admdll.dll
     
  6. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    yes but now i have to do that for each alarm and then edit all that into one file so i can just get a simple print out that says

    randex1.worm found in gjfdtrds.com
    firedaemon found in yjrdtue
    etc etc

    the system i am doing now has over 40 alarms I would like to give that list to the customer. so I am doing a print screen, but that looks so..... primitive, completely non profesional....
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I do not think there is another easier way of logging multiple alarms unless there is a script for it.

    Maybe DCS will be able to supply you wth a better solution, they should be about in a few hours. :)
     
  8. FanJ

    FanJ Guest

    Again I agree with Pilli ;)

    But there might be another solution:
    Use the (not-free) screen-capture program SnagIt, and set it up to make a text-capture.
    Here is a part of a little example that I just made with it from the TDS-3 console (just only an example !):

    00:24:37 [TDS] Good morning Jan. I hope you're taking regular breaks for your eyes?
    00:24:57 [Memory Scan] Memory scan started, please wait a moment ...
    00:25:03 [Memory Scan] Memory scan complete.
    00:25:04 [Mutex Memory Scan] Started...
    00:25:05 [Mutex Memory Scan] Finished (no trojan mutexes found).
    00:25:05 [Trace Scan] Started...
    00:25:33 [Trace Scan] Finished.
     
  9. Dale.E

    Dale.E Registered Member

    Joined:
    Jan 13, 2004
    Posts:
    14
    Location:
    Vancouver Isl Nanaimo B.C. Canada
    Boy I hope they improve on some of these little things with TDS-4

    :( :( :( :( :(
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Oops, guys why you make it yourself so difficult?
    Once TDS is ready with it's scan you have your 40 alarms in the bottom console, no matter which rightclick on it and choose "save as text" and it will write the whole current list to a file Scandump.txt which it even asks if you want to read it now, a notepad file it is, which you can copy or save away with another name so it is not overwritten next time you save a new series of finds.
    Easy if you want to compare them or send your alerts list to Gavin asking him if he wants some of your shoppe for his collection or that something might be a false positive, whatever.
    Next time the next dump will overwrite the existing text so you never get miles long logs, reason to save it Whit another name if you really need to keep your list.

    You do the same with your capture.bin in Port Explorer: save it away with another name if you need to keep it or it will be overwritten after you cleansed it.
    Could imagine if you see an active keylogger of nasty calling home you might like to spy on such a packet and keep the data for further study (for IPs or names) or proof that it was active.

    That together with the copy scandump is good proof.
     
  11. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Yep... works just fine.. No probs Jooske. :D

    Did two separate scans, on 2 folders I knew I would get a response from, both results showed up, and right click, save text, said yes to read. Bingo.... got BOTH entries in one report. ;)

    Scan Control Dumped @ 13:55:09 30-03-04
    Suspicious Filename: Dual extensions
    File: c:\documents and settings\fstop\desktop\miscellaneous\programs plug-ins\trillian setup info\trillian-v0.74d.exe

    Positive identification: Demo.Leaktest 1.1 (Not a trojan)
    File: c:\documents and settings\fstop\desktop\grc_stuff\leaktest.exe

    Cheers, Adrian.
     
  12. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yep, and i log the whole console activity on a daily basis as well, so for wanted reportages like Jan already pointed out, just copy such parts from the logs and paste them in reports as well.
    Configure in the Configuration the day/month/year/hour/minute/seconds time setting and you have the overviews how much time it all took to collect it and when it happened etc. Handy beside firewall logs, Port Explorer logs, etc. in case of events.
     
Thread Status:
Not open for further replies.