thanks to tds-3 I caught a trojan

Discussion in 'Trojan Defence Suite' started by baddreams, Dec 31, 2003.

Thread Status:
Not open for further replies.
  1. baddreams

    baddreams Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    4
    I had just downloaded the tds-3 trial and on the first run it shutdown before I could even read what it was doing. This puzzled me so I ran it several more times with basically the same results but on a couple of occasions I saw 3 entries at the bottom in the ALARM area i made note of a file named 001.sys and a registery entry with a filename winupdate.exe. I did a search for the 001.sys file and was amazed at what it contained.. every keystroke I had made over the last 3 hours including 2 credit card purchases. I deleted the file. It came back. o_O :'( So then I searched Google.com for the 001.sys file and found out it was a file made by a backdoor trojan and found more info on deleting the entry in the registry and then deleting the keylog file.

    Thanks again for the wonderful product PC-Cillin 2004 didn't even make a sound. I had no idea I had any problems on my computer.

    Happy New Year!!!!!!!!!!!
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Baddreams, welcome to the TDS experience on this wonderful almost new year!
    Glad it worked for you!
    You might like if ever happens such a thing again (hope NEVERR!) to zip such a file and try to snipe out who is receiving your data. Hope somehow you are able to change whatever can be changed, passwords and all the kind to be extra safe just in case some data was sent out already.
     
  3. baddreams

    baddreams Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    4
    I went through my router log file and found the I.P. and port used. I also disabled my router from sending or recieving anything to or from that I.P. but I have not been able to find any more info on the I.P :'( :mad: I would like very much to get more info on the I.P. and return the favor lol..
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Get the Port Explorer with it, so you can see all possible data packets between that IP and your system. It would be nice to create a nice log for him with that name, doesn't it? His own data in it for example (very nasty grin)
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    You might even want to conceder installing Process Guard to protect TDS from being killed.
    Dolf
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    that was i thought :)

    the demo version allows you to protect only one process, but it's exactly what you need, protect TDS-3.
     
Thread Status:
Not open for further replies.