Trojan.CS

Discussion in 'Trojan Defence Suite' started by reallyrufus, Jan 30, 2004.

Thread Status:
Not open for further replies.
  1. reallyrufus

    reallyrufus Registered Member

    Joined:
    Jan 30, 2004
    Posts:
    2
    TDS3 found this on my Win95 systemSoftware\Microsoft\Windows\CurrentVersion\Run [MSNSysRestore=C:\WINDOWS\SYSTEM\pc32.exe bg]
    The alert said this was Trojan.CS but any information that I have been able to find is confusing to say the least. I'm new to TDS3 but am already impressed with everything about it but the seeming lack of an trojan library that is truly informative.

    Any help with the above info would be greatly appreciated. TIA.
     

    Attached Files:

  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi reallyrufus,
    Yes, Trojan CS is in the TDS primaries file - TDS Help - primaries list.
    Googling for it does not help much but I believe it may be spyware based.
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    Not quite sure about the nasty,but seeing the key mentioned in this thread where Pieter advices to delete that one, so please look at it. Was this the only alarm with a newly updated TDS database and full system scan with all scan options checked?
     
  4. reallyrufus

    reallyrufus Registered Member

    Joined:
    Jan 30, 2004
    Posts:
    2
    Well after seeing some related articles on other forums and given the replies here I deceided to delete the registry key in question.

    Upon reboot my system basically went crazy beeping at me for several minutes of an abnormally long boot but finally did boot up. Another immediate reboot went normally and I don'seem to have any problems to speak of.

    Yes Jooske this was the only alarm I received but will make sure to do another scan with all options. I'm new to TDS3 so I'm still playing with the interface. TDS3 most certainly is far and away superior to any other scanner on the web but all the other features replaced several other programs on my system. In short I love this thing.

    Thanks to Jooske and Pilli for your time.

    I'm pretty sure my problem was some kind of hi-jack/downloader. The properties box on the file pc32.exebg had Microsoft spelled incorectly twice and so showed it to be at the least nefarious in design. Still not sure where I picked it up but since key deletion and secure erase on the file it has not resurfaced.

    Again thanks for your time and knowledge.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    After the reboot the key is not back i hope?
    Hope you deleted the file itself too with that?
    By the sound of your additional info you just wrote about MS spelled wrong and such you had a nasty file.
    When in doubt, always submit a copy to DiamondCS, submit@diamondcs.com.au and a copy to gavindcs@iinet.net.au , if possible zipped.
    The MSNSysRestore i don't quite understand, is that whole key part of the nasty, an MSN messenger worm maybe? Maybe you got it that way. So in case you use MSN messenger a next time, look afterwards carefully in the scans if the file is not send in again. Did somebody send you a file via that way, which can then most certainly use another deep scan as well.

    TDS is central on my system too, together with the other DCS tools. Other AV/AT software you can keep as a second opinion, as TDS is for the trojans and worms, and lots more, you will see in the many threads here what people use beside it. :)
    Have fun with your TDS !
     
Thread Status:
Not open for further replies.