TDS exe protection

Discussion in 'Trojan Defence Suite' started by -JSa-, Jan 27, 2004.

Thread Status:
Not open for further replies.
Page 3 of 3
  1. FanJ

    FanJ Guest

    I try to let TDS-3 delete it:
     

    Attached Files:

    FanJ, Feb 28, 2004
    #51
  2. FanJ

    FanJ Guest

    I click OK and TDS-3 deletes it:
     

    Attached Files:

    FanJ, Feb 28, 2004
    #52
  3. FanJ

    FanJ Guest

    I look in my registry and have to delete this entry manually in:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    See screenshot further for that reg-key.

    EDIT-1
    For full description of that reg-key I quote from here

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. The name of the entry is "TrojanSimulator" (without the quotes), and its value is the path to TSServ.exe, enclosed in quotes ("), and followed by the /install parameter. The type of the entry is REG_SZ (standard registry string value).

    - end quote -

    EDIT-2
    I also manually deleted the file Trojansimulator.exe
     

    Attached Files:

    FanJ, Feb 28, 2004
    #53
  4. FanJ

    FanJ Guest

    OK, that's it for the moment.
    I hope it makes some sense and that I did the right things :rolleyes:
     
    FanJ, Feb 28, 2004
    #54
  5. FanJ

    FanJ Guest

    To make sure we all are talking about the same TrojanSimulator, is here the MD5 checksum for the zip-file:

    The file <D:\Trojan Simulator\TrojanSimulator.zip>
    has the following Checksum(s)

    MD5 - 6A1AC6675073BAB8EC61839E1D1434D6
     
    FanJ, Feb 28, 2004
    #55
  6. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Yes, FanJ and Pilli are correct ;).

    You must have scan for Clients/EditServers enabled to detect the trojansimulator.exe, as this is the Client/EditServer:

    Client: What a script kiddie/trojaner would generally use to connect to the actual server (in this case tsserve.exe) on a victims computer.

    EditServer: Usually a part of the Client (sometimes seperate) used by the script kiddie/trojaner to create a server with different default ports, startup methods etc...then the default server would have contained.

    Server: The nasty part which will install the trojan on your computer, thus allowing the script kiddie/trojaner to remotely connect to the trojan server (in this case tsserve.exe) on your computer and control it.


    Having said that, TDS detects/stops all these parts of the TrojanSimulater test trojan - see my screenshot.

    Regards,
    Jade :).
     

    Attached Files:

    Bowserman, Feb 28, 2004
    #56
  7. FanJ

    FanJ Guest

    Thanks Jade ! :)

    It looks to me that we both tested it in a different way:

    I tried to test it with ExecProt.
    You tested it with a file-scan.

    :D
     
    FanJ, Feb 28, 2004
    #57
  8. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia

    No probs FanJ :), although in my screenshot you will see that I tested Execution Protection as well as the file scan :D.

    Best regards,
    Jade.
     
    Bowserman, Feb 28, 2004
    #58
  9. FanJ

    FanJ Guest

    Oops, you're right !!!

    Cheers, Jan.
     
    FanJ, Feb 28, 2004
    #59
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dvery cool and newbie friendly
     
    Mr.Blaze, Feb 28, 2004
    #60
  11. FanJ

    FanJ Guest

    Thanks buddy ! :)

    cookie for you *puppy*
     
    FanJ, Feb 28, 2004
    #61
Page 3 of 3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...