Tech Support Forum - View Single Post

stupidmaid · 03-22-2005, 07:29 AM

Log file:

08:28:31 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
08:28:31 [Init] Started 22-03-05 08:28:31 Eastern Standard Time (UTC: 5), Internet Time @603.14
08:28:31 [Init] Loading TDS-3 Systems ...
08:28:31 [Init] Token successfully adjusted.
08:28:31 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
08:28:32 [Init] • Plugins : OK. Loaded 13
08:28:32 [Init] • Exec Protection : Not Installed
08:28:32 [Init] WARNING: Your Radius.TD3 database needs to be updated!
08:28:32 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
08:28:32 [Init] Licensed users can use the Update facility from the TDS menu
08:28:32 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
08:28:39 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
08:28:40 [Init] • Systems Initialised [50108 references - 25153 primaries/12759 traces/12196 variants/other]
08:28:40 [Init] Radius Systems loaded. <Databases updated 22-03-2005>
08:28:40 [Init] TDS-3 Ready. <Bailey_c@127.0.0.1, 150.1.65.152 - United States>
08:28:40 [Tip Of The Day] Do you think TDS-3 is missing something that you'd like to see built in? If so, email tech@diamondcs.com.au - TDS-3 was built on customer requests and feedback, and we'd love to hear from you.
08:28:40 [TDS] Good morning Bailey_c.
08:28:44 [Mutex Memory Scan] Started...
08:28:46 [Mutex Memory Scan] Finished (no trojan mutexes found).
08:28:46 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
08:28:53 [CRC32] Started - verifying 29 files ...
08:28:58 [CRC32] Test finished.
08:29:58 [Memory Scan] Memory scan started, please wait a moment ...
08:30:01 [Memory Scan] Memory scan complete.
08:30:01 [Mutex Memory Scan] Started...
08:30:03 [Mutex Memory Scan] Finished (no trojan mutexes found).
08:30:03 [Trace Scan] Started...
08:30:08 [Trace Scan] Finished.
08:30:08 [ServiceScan] Scanning for services and drivers ...
08:30:12 [ServiceScan] Scanned 323 services and drivers.
08:30:12 [File Scan] Scanning in C:\ ...
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\accwiz.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\hh.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\locator.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\magnify.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\migwiz.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\narrator.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntkrnlpa.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntoskrnl.exe for read access, file is locked
09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\osk.exe for read access, file is locked
09:08:18 [Locked File] Couldn't open c:\windows\$ntuninstallkb828741$\comrepl.exe for read access, file is locked
09:08:18 [Locked File] Couldn't open c:\windows\$ntuninstallkb828741$\migregdb.exe for read access, file is locked
09:08:20 [Locked File] Couldn't open c:\windows\$ntuninstallkb835732$\helpctr.exe for read access, file is locked
09:21:37 [File Scan] Scanned 62751 files: 5 alarms in 3085.428 seconds (Avg 21.34 files/sec)
09:21:37 [File Scan] Scanning in D:\ ...
09:21:37 [File Scan] Scanned 0 files: 5 alarms in 8.203125E-02 seconds (Avg 1. files/sec)
09:21:37 [File Scan] Scanning in G:\ ...
09:21:42 [File Scan] Scanned 0 files: 5 alarms in 4.816406 seconds (Avg 1. files/sec)
09:21:42 [Scan] Finished.

Alarm File:

Scan Control Dumped @ 09:28:43 22-03-05
Suspicious Filename: Dual extensions
File: c:\documents and settings\bailey_c\desktop\morgan hill physics\agreement for provision of physics services.wpd.doc

Suspicious Filename: Dual extensions
File: c:\documents and settings\morgan hill physics\desktop\backup 4-7-04\physics\agreement for provision of physics services.wpd.doc

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\hp instant support di\temp\install.wse.exe

Rebooting in Safe mode now to complete instructions..

03-22-2005, 07:29 AM	#10 (permalink)
stupidmaid Registered User Join Date: Mar 2005 Location: Southern Tier, NY Posts: 7 OS: XP PRO	Tds -3 Log file: 08:28:31 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 08:28:31 [Init] Started 22-03-05 08:28:31 Eastern Standard Time (UTC: 5), Internet Time @603.14 08:28:31 [Init] Loading TDS-3 Systems ... 08:28:31 [Init] Token successfully adjusted. 08:28:31 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 08:28:32 [Init] • Plugins : OK. Loaded 13 08:28:32 [Init] • Exec Protection : Not Installed 08:28:32 [Init] WARNING: Your Radius.TD3 database needs to be updated! 08:28:32 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 08:28:32 [Init] Licensed users can use the Update facility from the TDS menu 08:28:32 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 08:28:39 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 08:28:40 [Init] • Systems Initialised [50108 references - 25153 primaries/12759 traces/12196 variants/other] 08:28:40 [Init] Radius Systems loaded. <Databases updated 22-03-2005> 08:28:40 [Init] TDS-3 Ready. <Bailey_c@127.0.0.1, 150.1.65.152 - United States> 08:28:40 [Tip Of The Day] Do you think TDS-3 is missing something that you'd like to see built in? If so, email tech@diamondcs.com.au - TDS-3 was built on customer requests and feedback, and we'd love to hear from you. 08:28:40 [TDS] Good morning Bailey_c. 08:28:44 [Mutex Memory Scan] Started... 08:28:46 [Mutex Memory Scan] Finished (no trojan mutexes found). 08:28:46 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 08:28:53 [CRC32] Started - verifying 29 files ... 08:28:58 [CRC32] Test finished. 08:29:58 [Memory Scan] Memory scan started, please wait a moment ... 08:30:01 [Memory Scan] Memory scan complete. 08:30:01 [Mutex Memory Scan] Started... 08:30:03 [Mutex Memory Scan] Finished (no trojan mutexes found). 08:30:03 [Trace Scan] Started... 08:30:08 [Trace Scan] Finished. 08:30:08 [ServiceScan] Scanning for services and drivers ... 08:30:12 [ServiceScan] Scanned 323 services and drivers. 08:30:12 [File Scan] Scanning in C:\ ... 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\accwiz.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\hh.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\locator.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\magnify.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\migwiz.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\narrator.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntkrnlpa.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntoskrnl.exe for read access, file is locked 09:08:17 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\osk.exe for read access, file is locked 09:08:18 [Locked File] Couldn't open c:\windows\$ntuninstallkb828741$\comrepl.exe for read access, file is locked 09:08:18 [Locked File] Couldn't open c:\windows\$ntuninstallkb828741$\migregdb.exe for read access, file is locked 09:08:20 [Locked File] Couldn't open c:\windows\$ntuninstallkb835732$\helpctr.exe for read access, file is locked 09:21:37 [File Scan] Scanned 62751 files: 5 alarms in 3085.428 seconds (Avg 21.34 files/sec) 09:21:37 [File Scan] Scanning in D:\ ... 09:21:37 [File Scan] Scanned 0 files: 5 alarms in 8.203125E-02 seconds (Avg 1. files/sec) 09:21:37 [File Scan] Scanning in G:\ ... 09:21:42 [File Scan] Scanned 0 files: 5 alarms in 4.816406 seconds (Avg 1. files/sec) 09:21:42 [Scan] Finished. Alarm File: Scan Control Dumped @ 09:28:43 22-03-05 Suspicious Filename: Dual extensions File: c:\documents and settings\bailey_c\desktop\morgan hill physics\agreement for provision of physics services.wpd.doc Suspicious Filename: Dual extensions File: c:\documents and settings\morgan hill physics\desktop\backup 4-7-04\physics\agreement for provision of physics services.wpd.doc Positive identification (DLL): Adware.MiniBug (dll) File: c:\program files\aws\weatherbug\minibugtransporter.dll Suspicious Filename: Dual extensions File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe Suspicious Filename: Dual extensions File: c:\program files\hewlett-packard\hp instant support di\temp\install.wse.exe Rebooting in Safe mode now to complete instructions..