Trojans Reported Logging In Under Power User But NOT As Administrator? Please Advise!

Discussion in 'Trojan Defence Suite' started by belial, Aug 10, 2004.

Thread Status:
Not open for further replies.
  1. belial

    belial Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    2
    I've been using TDS for a few days now and I've been very happy with it, but today a strange thing happened. I'm using Win2000 as a home user, and typically log in as "Administrator" so I can access all the related functions. Today I tried logging in as "Power user" to free up some system resources, and when TDS booted up it reported a trace of two RAT.MIRC trojans:

    c:\WINNT\system32\dllcache\lxmstart.exe

    and

    c:\WINNT\system32\dllcache\msngr.exe

    I chose to delete them and TDS marked them as deleted. But when I ran TDS again - there they were. Again I told TDS to delete them and again it reported them when I rebooted.

    When I log in as "Administrator," running the same scan, TDS does not report either trojan. Logged in as "Administrator" I looked at the dllcache and could find no sign of them. (When I log in as "Power user" Win2000 will not let me open the dllcache folder to check if they are there ... )

    So what could be going on here? Why would TDS report trojans when I log in under Power User but not Administrator? I'm hoping it is a mistake, but if not, how do I get rid of them?

    I tried checking for them under running processes but they aren't listed there. Searching for them turns up nothing.

    The only other odd thing I've noticed which may be related is that when I log in under Power user, right before TDS starts up a window labeled "Microsoft Office 2000 Premium" pops up. It's trying to install something. I repeatedly hit cancel but it tries two or three times. Once I let it go to see what it would do and it reported that it couldn't find the file it was looking for "Data1.MSI" which is indeed an MS Office file ... I don't know if this is related or not but it seems strange. It doesn't just happen before TDS starts up - it will happen when I try to start some other, unrelated program too. And it never happens when I log in under Administrator ...

    ANY helpful advice from anyone would be MOST appreciated!

    belial

    EDIT: Well, I may have found the solution ... according to this thread:

    http://65.54.246.250/cgi-bin/linkrd...rity.com/register.php?a=act&u=21464&i=8117605

    This is probably a false positive. TDS is not to be run except under Administrator? Fine with me if it's true, but if it IS true, shouldn't new users be told this?
     
    Last edited: Aug 10, 2004
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi belial, Yes, TDS3 should be run as administrator, if you are using another account such as power user then you must start TDS3 using the "Run as" option. There are many threads here about this but please read the sticky's at the top of the forum fore more detailed setup information.
    TDS4 will address this issue

    Thanks. Pilli
     
  3. belial

    belial Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    2
    Re: Trojans Reported Logging In Under Power User But NOT As Administrator? Please Adv

    Thanks for responding, Pilli!
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
Thread Status:
Not open for further replies.