TDS-specific adwares found

I ran TDS-3. The resulting log is shown below. Apparently there are some spywares located in valid Windows programs such as crsss.exe and lssas.exe. Furthermore I found no references of DDoS.RAT.rBot.dy, DDoS.RAT.SDBot and Adware.PurityScan.u (other Puritys, but not .u) elsewhere than with your program.

Wouldn't one way of fixing crsss.exe and lssas.exe would be to copy those files from an original XP cd-rom? The infected pc is running under XP Pro.

Scan Control Dumped @ 17:36:05 15-12-04
Positive identification: DDoS.RAT.rBot.dy
File: c:\windows\system32\crsss.exe

Live trojan found (in process memory): DCOM RPC Exploit
File: C:\WINDOWS\System32\lssas.exe

Live trojan found: DCOM RPC Exploit
File: C:\WINDOWS\System32\crsss.exe

RegVal Trace: Trojan please submit: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [taskmgr.exe=C:\WINDOWS\paintms.exe

RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Windows media service=crsss.exe]

RegVal Trace: DDoS.RAT.SDBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunServices [Windows media service=crsss.exe]

RegVal Trace: DDoS.RAT.rBot: HKEY_CURRENT_USER
File: Software\Microsoft\Windows\CurrentVersion\Run [Windows Compliant=gytuil.exe]

RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Windows Compliant=gytuil.exe]

RegVal Trace: DDoS.RAT.rBot: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\RunServices [Windows Compliant=gytuil.exe]

Positive identification: DDoS.RAT.rBot.dy
File: c:\windows\system32\crsss.exe

Positive identification (embedded in file): Adware.PurityScan.u Dropper.a
File: c:\documents and settings\liz\local settings\temp\installer.exe

Positive identification: Adware.PurityScan.u Dropper
File: c:\documents and settings\liz\local settings\temp\installer.exe

 

Correction- It's c:/windows/system32/csrss.exe

 

Thank you very much for your comments. I will proceed with the removal operations and come back to you afterwards. This will take place in a few days as these items are on a friend's pc, not mine.

Merry Christmas to all.

 

I have a problem with windows\system32\lsass.exe...and it shutting my computer down anytime i get online. One thing i figured out by accident was if you put your clock time back a few hours that will keep it from shutting down for how ever many hours you put it backwards im doing this while i serch web for a fix. I know nothing about comp security and need to get rid of this as fast as possible. Just got a job i need to start in a few days and its online work.I tried to delete lsass.exe and i cant. I did a complete system recovery and still the same thing happins.Plzzzz help me.

Thanks, Shawn

I hate my security ignorence

 

Hi, ?shawn

You should not be trying to delete lsass.exe from windows\system32, as that is a genuine file of the OS.

Do you have TDS-3, if not you can download it here:- TDS-3

And get the latest update TDS-3 Radius file [database] here:- Radius File

After you have finish installing TDS-3, Put the Radius file in TDS-3's directory.

Take Care,
TheQuest

 

Thanks for your help. I finally managed to lay my hands on that particular pc and all is well now.