Updating radius file manual trial version

Discussion in 'Trojan Defence Suite' started by quirk, Sep 6, 2004.

Thread Status:
Not open for further replies.
  1. quirk

    quirk Guest

    I am having problems updating the radius file. I click on the manual link and save as. It downloads and I save it but when I run TDS it gives me a warnng that radius file needs to be updated. I am having big problems with trojan horse IRC/BackDoor.Sdbot.45AZ. I upgraded my computer (box only), was having a MS serious error messages, downloaded SP2 and total crash. Now I have the above trojan. Can't understand why the warning re updated file. I am not very knowledgeable about computer stuff! Thanks for any help.
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    HI Quirk... I have moved this to a more appropriate/correct forum for attention. :)

    Cheers, TAS
     
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi again Quirk..

    Just to check, you did the download, then put it into the main TDS folder 'overwriting' the radius.td3 file like instructed on the download page?

    You did have TDS closed when doing this. If not of course you need to close restart..... But.. you now have trouble with TDS starting......

    ok, did you have TDS installed prior or after the trouble with trojan. It may be blocking TDS radius file if installed after.

    Someone may be able to enlighten you further on this. :) I have to go out for a while, shall do a bit of research when I come back, see what I can dig up. ;)

    TAS
     
    Last edited: Sep 6, 2004
  4. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Quirk, I cannot find anything at all on the name of the trojan you reported.

    Googling found nothing, even with string split into 3 different variations. :(

    I also searched VirusBulletin's VGrep search database which has the vast majority of AV vendor's listings. Nothing.

    If you locate the file on your system, see if you can zip and send to:

    submit @ diamondcs.com.au [minus the spaces before/after @] for review.

    TAS
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you know where the nasty is maybe you can close AVG including the resident part, zip it and submit to submit@diamondcs.com.au Thanks.
    During a scan with TDS (or any other scanner) you should close other scanners and especially AVG with the resident protection completely to give TDS (or other scanner) a chance to access every file and helping you to deal with the alerts.
    TDS keeps telling to update till you registered the software, it's that you don't forget it as you have to do it manually in the trial version, once registered you can update automatically or via the menu in the GUI.
     
  6. quirk

    quirk Guest

    Thank you Tassie Devils and Jooske for your comments. I feel like I have entered a parallel universe or something as I have been on such a steep learning curve since these problems occurred. Have been thinking about nothing else for the last week. From what you say about the warning, I don't have a problem with the radius file. TDS runs fine, it's just I thought because of the warning that it wasn't updated. I will disable AVG in future to run it. Also, I was often running it when I was connected to the internet and maybe that is not a good idea?
    Re the virus - yes, I have been searching via google and websites and cannot find any mention of IRC/BackDoor.SdBot.45AZ although found reference to same but .46
    (http://www.mytechsupport.ca/support/topic.asp?TOPIC_ID=4751).
    AVG message is that this virus trojan horse is in file C:/System Volume Information\_restore with a heap of numbers. Should I post the numbers? I get another message with almost the same numbers. "To remove this virus, run AVG for Windows". I read that this is the Restore folder and to disable and scan in safe mode. I am thinking - try restore to when OS was re-installed a week ago after crash following SP2. If that doesn't work, do the disable Restore and scan in safe mode (never done this before). Afraid I don't know how to zip a file and send (aargh). I am getting quite a few different stop error messages (BSOD?). I have now got Spybot and AdAware running. Many thanks.
     
  7. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Quirk....

    If the path to the trojan is only in the System Restore Volume, then you are fine, and just need to get rid of that.
    To do that, you need to turn off Sys Restore, reboot to clear out the restore points and then re-enable and make a new restore point and you will be good to go.

    Full instructions here: SYSTEM RESTORE

    However, I strongly urge you to do an Online Scan as well with at least one of the following, first, to check, because even if it finds stuff in the system restore, you are safe, and if something gets deleted that is needed, you can always go back to the previous state with System Restore, bugs and all, that way you still have a system to work with, and then try again. ;)

    TREND'S HOUSECALL On the right side under More Info, click Scan Now.

    SYMANTEC SECURITY CHECK Click on GO.

    BITDEFENDER ONLINE VIRUS SCAN Click on the 'I Agree' licence.

    PANDA ACTIVE SCAN Click on the animated gif, Panda Active Scan.

    Once you are satisfied you are clean, then clear System Restore and scan with TDS.

    Cheers, TAS
     
  8. quirk

    quirk Guest

    Thanks, Tassie Devils. I had some trouble with the virus checks but finally got Symantec to complete. It found 2 files: C:\WINDOWS\system32\TFTP1760 is infected with W32.Randex.gen
    C:\Program Files\TDS3\xDynamic\TDS.Unpk\tftp1760 is infected with W32.Randex.gen
    and I went to the virus description. So does that mean I have the trojan horse mentioned originally in Restore folder, plus this virus as well in these two files. Should I now find these 2 files with search and delete them? I see TDS file is infected ... earlier today I could not close it down.
    When I have disabled sys restore and rebooted, do I scan with both TDS and avg? Any other scans to do? Will I run Symantec again? If tds finds anything more, will I delete those files?
    Thank you muchly.
     
  9. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi quirk...

    OK.. so, apart from the System Restore folder entry, you have these 2 entries...

    Info: SYMANTEC W32.Randex.gen WORM

    Don't delete yet. Let DCS check the files.
    Follow the path of the TDS entry and the other to System32 and find the TFTP1760/W32.randex.gen files, zip and send to DCS for analysis.

    See this
    THREAD HERE POST #7 FOR INFORMATION on how to zip and submit.

    Normally I would say if positive ID, then let Symantec clean/delete, but if it's living in a TDS3 folder, I would want it checked first. :)

    I would want further verification ;)

    Cheers, TAS
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there,
    In the TDS.Unpk folder are files unpacked and scanned and normally deleted automatically in this scan or a next one. Your finds show exactly this: the original in your system and the copy in the Unpk folder. You can zip and send one of them to submit@diamondcs.com.au if TDS did not alarm on it.
    What is left in the Unpk folder if TDS and other scanners don't beep on possible copies there you can just delete them. And so with the original file if you're sure your system doesn't need it anymore.
    Whatever TDS finds after your next scan please post the Scandump.txt so we can help you with that.
     
  11. quirk

    quirk Guest

    I am finding it increasingly difficult to use the internet due to frequent stop error pages and various glitches. Thanks for your help - I have learnt a bit. Unfortunately I made the mistake of reducing the amount of space for the Restore folder and now I can't roll back past today prior to installing a heap of updates - SP1. I thought they had already been installed. Anyway, I think I have also used up most of my megabyte allowance for the month as well (didn't think of that) with various programs I have downloaded to try and fix the spyware, viruses. Thanks again for your assistance, Tassie Devils and Jooske.
     
  12. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Quirk

    Sorry to hear re troubles :(

    when you are ready post back. :)

    TAS
     
Thread Status:
Not open for further replies.