trojan problems

Discussion in 'Trojan Defence Suite' started by nick b, Jul 16, 2004.

Thread Status:
Not open for further replies.
  1. nick b

    nick b Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    8
    I have been waiting on the sidelines for TDS 4 to come out so I don't have to learn TDS 3 and then switch to a new system. My current version of PCCillin has repeatedly detected, but only quarantined these trojans: TROJ_AGENT.AC TROJ_STRTPAGE.SP TROJ_STARTPAG.AC. They hide in different folders and are apparently harmless, but I want to remove them. Trend Micro's fix did not work and I used XP system restore to make everything run smooth again. I have run the restore at least 3 times. My trial version of NOD 32 would not detect them. Have no idea why.I am using Trend Micro, Spysweeper, Ad-a-ware, Pest Patrol and Win Patrol. Can TDS 3 absolutely, positively detect AND clean these? I don't like quaratined files. Thanks for any info that anyone can provide.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Nick b. I cannot answer that, Gavin will know and may respond over the weekend but most likely you will not get a reply until Monday morning Perth time.

    Pilli
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Nick, learning to use TDS is never a bad thought to start with. TDS does not quarantine files, you keep them or delete them with it, your decission.
    It does detect lot of adware and spyware these days, so just give it a try, install it with al other scanners closed, update with the latest radius, reboot system after the install, and do a scan.
    In the end, rightclick on one of the alerts to save the list to text (scandump.txt) which you might like to post for advice what to do with each find.
     
  4. nick b

    nick b Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    8
    OK, I understand. I presume that a scan from TDS 3 would be able to detect a quarantined file. After TDS 4 is out, will a product like NOD 32 be necessary? Maybe I should ask that in another section of the forum. PCCillin is OK, but it rarely cures the patient, just quarantines him. Sorry for the questions. I have learned just enough for pc survival. That's all.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Anti-Trotan and Anti-virus programs are quite different although there is some overlap. It is recommended to use both as part of a layered defence.
    NOD32 & TDS run very well together. NOD32 is a very fast scanner but it's only real weakness is it's Trojan detection although this is being improved, TDS is more than just a detection tool but includes many methods for catching malware + other useful utilities and compliments NOD32 very well.

    HTH Pilli
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    TDS doesn't quarantine files: it detects them, exec protection blocks their execution, you can delete them.
    If you have other scanners running best close them during a scan with any other scanner, and especially AVG has the habit to hide files for any other scanner, if you would have that.
     
  7. nick b

    nick b Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    8
    Well, if I have these "bugs" already quarantined on my computer, how eventually will I be able to get rid of them so I have a clean machine? The Trend Micro solution didn't work. If a TDS 3 scan will detect them, then will it have the capablilty to remove them? How does the quarantine mechanism work? Assuming NOD or TDS can delete a bug, would I need to "unquarantine" a file to make it accessible to be able to be cleaned? I am unclear on this part.
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Nick, You could probably delete the whole folder by changing the file permissions? Providing the program that created them is not running.
     
  9. nick b

    nick b Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    8
    I wouldn't have a clue how to do that. Have no idea what "permissions" is. What I can tell you from past experience is when I have attempted to delete some of these corrupted files, my installed software or even the operating system has failed to work. What a mess to straighten that out. I would have to call a tech support firm and pay a fee to fix it as online help via email obviously is useless. From doing some online reading regarding TROJ_AGENT.AC, getting rid of it completely can be very difficult. I guess I will maybe have to purchase the product(s) and take a chance. If necessary, pay for support again to fix it. For someone like me, I need a step by step procedure and usually over the phone is the way to go. Since I only started using a computer in my late 40s, these are the problems that I encounter on an ongoing basis.
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Nick, I guess if you are a new user playing around with permissions is probably not a good idea.
    So can I suggest you email PCcillin and ask them how you can empty the quarrantine folder? As they can probably walk you through it.

    Cheers. Pilli
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If TDS alarms on something, in the bottom windows rightclick on one of the alerts, and you have 4 options: analyse the file, delete it, submit it, save all alerts to text.
    So if you want to delete it just do.
    It won't succeed when the file is still in use, as you will notice from a next alert, so in those cases look in TDS Process List or the Windows rask manager if the file/process is still running; kill it in one of them and try to delete it again.
    Id still no luck, at least copy the alerts to scandump.txt which you might like to print out for reference and delete the files/folder in safe mode.
    You will have to close all other scanners so none is protecting or hiding it or access to it, to be able to get completely rid of them.
     
Thread Status:
Not open for further replies.