Whoo Hoo found a trojan!

Discussion in 'Trojan Defence Suite' started by Mischief, Apr 24, 2004.

Thread Status:
Not open for further replies.
  1. Mischief

    Mischief Registered Member

    Joined:
    Apr 23, 2004
    Posts:
    9
    Scan Control Dumped @ 19:01:38 24-04-04
    Live trojan found (in process memory): DDoS.RAT.SDBot or variant
    File: C:\WINDOWS\System32\msnqmgr.exe

    Live trojan found (in process memory): DDoS.RAT.SDBot or variant
    File: C:\WINDOWS\System32\msnqmgr.exe


    Does anyone have info about this trojan or how I can look it up? I already deleted it and its registry items but I'm just curious.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mischief, Shame you deleted it as DiamondCS would liked to have analysed it :)
    If you get anymore please zip it up and send to submit@diamondcs.com.au

    From within TDS3 you can look up the Help - Primary List for basic information

    Here is more information about it:
    http://www.sophos.com/virusinfo/analyses/trojircbots.html

    Do a Google search for even more info'

    Glad you got rid of it anyway :) - Pilli
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
  4. Mischief

    Mischief Registered Member

    Joined:
    Apr 23, 2004
    Posts:
    9
    Whats a Hijackthis scan? Is it part of TDS or another program? I'm too tired to look it up. Going to sleep now.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    HijackThis is one of the tools used on this (and many other forums) to see if your system is really clean from malware it it's autostarts.
    There are quite some experts on this board to help you looking and fixing if necessary.
    https://www.wilderssecurity.com/showthread.php?t=15913
    You can also use the DiamondCS AutoStartViewer from their products page (free tools) or both :)
     
    Last edited: Apr 25, 2004
Thread Status:
Not open for further replies.