What happened to TDS? I have a looming problem.

Discussion in 'Trojan Defence Suite' started by mzford, Nov 20, 2005.

Thread Status:
Not open for further replies.
  1. mzford

    mzford Registered Member

    Joined:
    Jun 11, 2005
    Posts:
    4
    Soon after I bought and installed all three of your products TDS, ProcessGuard and WormGuard I was attacked by a hacker who successfully took down my computer. I must admit that I believe I set your programs correctly although TDS was clearly informing me of the Trojans that were being installed and was able to witness the hacker take over my computer including the TDS application. It was the widest thing I had ever seen. I had to call my wife to look at my computer screen with me to witness this hacker simply do what he wanted with my computer. Since I had a partial backup I was so amazed at what was going on that I kept the computer on. For about two years I have had this persistent hacker after me for reason I don’t understand. I have a Sonic Wall appliance that has successfully recorded the attacks. When I called Sonic Wall for technical assistant they told me that I had a very talented hacker after me and that I should contact the authorities. I was simply not important enough for the authorities to help me out. I was asked to file a form. The hacker has had the overconfidence to engage with me in chat mode. He did tell about a year ago that somehow I hurt his feelings once and that even if I built a Fort Knox around my computer I would not be able to keep him out. I am taking him serious have set up a protocol of daily backups and other security measures.

    When I tried to reinstall TDS there was a note on the TDS site that the program was no longer supported. I was never able to even download the program which I had just bought less than 45 days earlier. Was there ever something offered to those like me who were new customers and came to buy DiamondCS products principally because of the high rated recommendation on all sorts of forums. I understand that hardening a system is a much better approach and believe I am getting value for WormGuard and Port Explorer. Was there ever a refund offered of some sort of offer made. This is not a complaint. I travel for business about 70% of the time and don’t download all my emails especially in developing countries. I might have erased a refund coupon or what ever offer was made to customers like me. I guess I want to know what happened with TDS.

    Thanks,

    mzford
     
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,589
    Location:
    USA still the best. But barely.
  3. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    772
    Location:
    Toronto
    The problem seems to be that you were infected long before installing the DCS applications. Process Guard starts life learning about what's already running on your PC and assumes that everything is to be allowed. If you're infected, PG can't tell. You might be able to review your application settings in PG and spot something which is causing your grief, and block it.
    You might also try scanning your system with various applications to see if you can remove the 'infection'.

    But if all the above fails, then:

    Save whatever data that you can, and make absolutely sure that you have easy access to all the 'keys', IDs and serial numbers that you'll need to install you applications. Did I say ALL the little bits that you'll need, otherwise, you'll have to try to get the info from the vendors, and that takes time. If you have a USB flash storage device, that's a good place to keep the info. But if you need the key for the OS, you'd better have that written down.

    Physically disconnect the phone line from your modem or the cable from the wall into your router, (not the cables between your modem/router and computer), you want the devices recognized while installing but unable to get an infection from the Internet while you're most vulnerable

    Do the 'reformat and reinstall' of the OS. (Or, take your PC to an expert Technician and have him/her do this.

    Then, BEFORE reconnecting your modem/router

    install and configure all security applications, in the order of:

    DCS - Process Guard (because it doesn't need an Internet connection). Be sure that Learning mode is ON only if you are NOT connected to the Internet, while installing the other security programs. Also all Global Protection options should be OFF, again only if you're NOT connected to the Internet and while you're installing the other security programs. This is necessary to ensure that your security programs are Protected from attack.

    Firewall - which should allow an install before wanting to connect to the Internet, but if it does, PG should protect you, do NOT respond to any pop-ups which indicate that you have a registry problem and so on... in fact, if you have an option to register later, take it to avoid connecting to the Internet at this stage (same for AV, too).

    Antivirus - which should allow an install before wanting to connect to the Internet, but if it does, PG should protect you, do NOT respond to any pop-ups which indicate that you have a registry problem and so on...

    Any others, such as SpyBot, Spyware Blaster, .......... which you might have, but it sounds like you don't have very much.

    Now connect the phone line or router cable and try to restore your saved data, then scan everything before you open any files or install any other programs.

    Good luck,

    Jim
     
    Last edited: Nov 20, 2005
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I agree that a format is in order, with XP SP2 and ProcessGuard. I would also do some serious hardening (I would start with WWDC, Harden-It, and Secure-It, in that order.. PreEmpt may be a good buy here.. use the trial and see how it goes, you could replace Secure-It with this) and get a good firewall that you can control the rules with, such as Look'n'Stop with Phant0m's ruleset. Get all this stuff in place before you connect to the network (unplug the cable until you're done). If you're still having problems, you could then contact the vendors of any commercial hardening tools and firewall, send them the logs of what's going on, and they might be able to help you fine tune things to stop him. Are you behind a router as well? This might help things a bit more. While you're offline (not before, not after), I would see about getting a different IP address.. either from your current ISP, or get a new one.

    Do your SonicWall logs indicate anything about how he's compromising the system?

    Let us know how it goes.. although DON'T post how you did it if you get it all fixed. Definitely contact some experts in the matter that can help you lock things down.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.