Tech Support Forum - View Single Post

RAZAN3 · 04-17-2005, 11:24 PM

HELLO AGAIN, GOOD TOOL, IT ACTUALLY RAN UNINTERRUPTED. i WAS CONNECTED TO MY SERVER AND IT BEGAN SEARCHING THE LAN.... LOOKS LIKE I MAY NEED TO CLEAN SOME ISSUES THERE AS WELL.

22:07:25 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
22:07:25 [Init] Started 17-04-05 22:07:25 Central Standard Time (UTC: 6), Internet Time @1171.82
22:07:25 [Init] Loading TDS-3 Systems ...
22:07:25 [Init] Token successfully adjusted.
22:07:25 [Init] ?TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
22:07:26 [Init] ?Plugins : OK. Loaded 13
22:07:26 [Init] ?Exec Protection : Not Installed
22:07:26 [Init] WARNING: Your Radius.TD3 database needs to be updated!
22:07:26 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
22:07:26 [Init] Licensed users can use the Update facility from the TDS menu
22:07:27 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
22:07:49 [Init] ?Radius Advanced Specialist Extensions on standby for 13 trojan families
22:07:50 [Init] ?Systems Initialised [52414 references - 26651 primaries/13539 traces/12224 variants/other]
22:07:50 [Init] Radius Systems loaded. <Databases updated 17-04-2005>
22:07:50 [Init] TDS-3 Ready. <Rodney_miller@10.0.1.102, 127.0.0.1 - United States>
22:07:50 [Tip Of The Day] If you use mIRC, never install it into C:\mirc - always use a different name, and if possible, a different drive, as the path " & Chr$(34) & "C:\mirc" & Chr$(34) & " is hard-coded into several worms as a place to attack.
22:07:50 [TDS] Good evening Rodney_miller.
22:08:00 [Mutex Memory Scan] Started...
22:08:02 [Mutex Memory Scan] Finished (no trojan mutexes found).
22:08:02 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
22:09:43 [CRC32] Started - verifying 29 files ...
22:09:44 [CRC32] File doesn't exist: C:\autoexec.bat
22:10:00 [CRC32] Test finished.
22:12:24 [Memory Scan] Memory scan started, please wait a moment ...
22:12:25 [Memory Scan] Memory scan complete.
22:12:25 [Mutex Memory Scan] Started...
22:12:27 [Mutex Memory Scan] Finished (no trojan mutexes found).
22:12:27 [Trace Scan] Started...
22:12:53 [Trace Scan] Finished.
22:12:53 [ServiceScan] Scanning for services and drivers ...
22:13:03 [ServiceScan] Scanned 242 services and drivers.
22:13:04 [File Scan] Scanning in A:\ ...
22:13:18 [File Scan] Scanned 2 files: 2 alarms in 14.01563 seconds (Avg 1.14 files/sec)
22:13:18 [File Scan] Scanning in C:\ ...
22:56:20 [File Scan] Scanned 16825 files: 12 alarms in 2582.031 seconds (Avg 7.52 files/sec)
22:56:20 [File Scan] Scanning in D:\ ...
22:56:27 [File Scan] Scanned 3 files: 12 alarms in 6.53125 seconds (Avg 1.46 files/sec)
22:56:27 [File Scan] Scanning in E:\ ...
00:02:51 [File Scan] Scanned 652 files: 12 alarms in -82416.09 seconds (Avg .99 files/sec)
00:02:51 [File Scan] Scanning in M:\ ...
00:05:18 [File Scan] Scanned 1 files: 12 alarms in 146.571 seconds (Avg 1.01 files/sec)
00:05:18 [File Scan] Scanning in P:\ ...
00:05:18 [File Scan] Scanned 0 files: 12 alarms in 0 seconds (Avg -1.#IND files/sec)
00:05:18 [Scan] Finished.
00:07:23 [Screen Text] Saved to C:\Program Files\TDS3\scr0.txt

SCAN RESULTS

Scan Control Dumped @ 00:15:36 18-04-05
File Trace: Default trojan filename: Worm.Funner please submit
File: C:\WINNT\System32\userinit32.exe

File Trace: Default trojan filename: Suspicious please submit
File: C:\WINNT\1.exe

Positive identification: Adware.ToolBar.EliteBar.z2
File: c:\documents and settings\rodney_miller\local settings\temp\tmp384883.tmp

Trojan Client\EditServer found: RemoteAdmin.RAdmin 2.2 (Client)
File: c:\program files\radmin\radmin.exe

Positive identification: RemoteAdmin.RAdmin 2.2
File: c:\program files\radmin\r_server.exe

Positive identification: DDoS.RAT.rBot.bhe
File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc1.exe

Positive identification: Trojan.Win32.StartPage.nk8
File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc8.exe

Positive identification: RemoteAdmin.RAdmin 2.2
File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc9.exe

Positive identification (DLL): Adware.ToolBar.EliteBar.z1 (dll)
File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc6\elitesidebar 08.dll

Positive identification (DLL): Adware.WebEx (dll)
File: c:\winnt\downloaded program files\ieatgpc.dll

Positive identification: RAT.Agent.bg Dropper.a
File: c:\winnt\system32\lol.exe

Positive identification: DDoS.RAT.rBot.btm
File: c:\winnt\system32\userinit32.exe

04-17-2005, 11:24 PM	#9 (permalink)
RAZAN3 Registered User Join Date: Apr 2005 Posts: 22 OS: XP Pro	HELLO AGAIN, GOOD TOOL, IT ACTUALLY RAN UNINTERRUPTED. i WAS CONNECTED TO MY SERVER AND IT BEGAN SEARCHING THE LAN.... LOOKS LIKE I MAY NEED TO CLEAN SOME ISSUES THERE AS WELL. 22:07:25 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 22:07:25 [Init] Started 17-04-05 22:07:25 Central Standard Time (UTC: 6), Internet Time @1171.82 22:07:25 [Init] Loading TDS-3 Systems ... 22:07:25 [Init] Token successfully adjusted. 22:07:25 [Init] ?TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 22:07:26 [Init] ?Plugins : OK. Loaded 13 22:07:26 [Init] ?Exec Protection : Not Installed 22:07:26 [Init] WARNING: Your Radius.TD3 database needs to be updated! 22:07:26 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 22:07:26 [Init] Licensed users can use the Update facility from the TDS menu 22:07:27 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 22:07:49 [Init] ?Radius Advanced Specialist Extensions on standby for 13 trojan families 22:07:50 [Init] ?Systems Initialised [52414 references - 26651 primaries/13539 traces/12224 variants/other] 22:07:50 [Init] Radius Systems loaded. <Databases updated 17-04-2005> 22:07:50 [Init] TDS-3 Ready. <Rodney_miller@10.0.1.102, 127.0.0.1 - United States> 22:07:50 [Tip Of The Day] If you use mIRC, never install it into C:\mirc - always use a different name, and if possible, a different drive, as the path " & Chr$(34) & "C:\mirc" & Chr$(34) & " is hard-coded into several worms as a place to attack. 22:07:50 [TDS] Good evening Rodney_miller. 22:08:00 [Mutex Memory Scan] Started... 22:08:02 [Mutex Memory Scan] Finished (no trojan mutexes found). 22:08:02 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 22:09:43 [CRC32] Started - verifying 29 files ... 22:09:44 [CRC32] File doesn't exist: C:\autoexec.bat 22:10:00 [CRC32] Test finished. 22:12:24 [Memory Scan] Memory scan started, please wait a moment ... 22:12:25 [Memory Scan] Memory scan complete. 22:12:25 [Mutex Memory Scan] Started... 22:12:27 [Mutex Memory Scan] Finished (no trojan mutexes found). 22:12:27 [Trace Scan] Started... 22:12:53 [Trace Scan] Finished. 22:12:53 [ServiceScan] Scanning for services and drivers ... 22:13:03 [ServiceScan] Scanned 242 services and drivers. 22:13:04 [File Scan] Scanning in A:\ ... 22:13:18 [File Scan] Scanned 2 files: 2 alarms in 14.01563 seconds (Avg 1.14 files/sec) 22:13:18 [File Scan] Scanning in C:\ ... 22:56:20 [File Scan] Scanned 16825 files: 12 alarms in 2582.031 seconds (Avg 7.52 files/sec) 22:56:20 [File Scan] Scanning in D:\ ... 22:56:27 [File Scan] Scanned 3 files: 12 alarms in 6.53125 seconds (Avg 1.46 files/sec) 22:56:27 [File Scan] Scanning in E:\ ... 00:02:51 [File Scan] Scanned 652 files: 12 alarms in -82416.09 seconds (Avg .99 files/sec) 00:02:51 [File Scan] Scanning in M:\ ... 00:05:18 [File Scan] Scanned 1 files: 12 alarms in 146.571 seconds (Avg 1.01 files/sec) 00:05:18 [File Scan] Scanning in P:\ ... 00:05:18 [File Scan] Scanned 0 files: 12 alarms in 0 seconds (Avg -1.#IND files/sec) 00:05:18 [Scan] Finished. 00:07:23 [Screen Text] Saved to C:\Program Files\TDS3\scr0.txt SCAN RESULTS Scan Control Dumped @ 00:15:36 18-04-05 File Trace: Default trojan filename: Worm.Funner please submit File: C:\WINNT\System32\userinit32.exe File Trace: Default trojan filename: Suspicious please submit File: C:\WINNT\1.exe Positive identification: Adware.ToolBar.EliteBar.z2 File: c:\documents and settings\rodney_miller\local settings\temp\tmp384883.tmp Trojan Client\EditServer found: RemoteAdmin.RAdmin 2.2 (Client) File: c:\program files\radmin\radmin.exe Positive identification: RemoteAdmin.RAdmin 2.2 File: c:\program files\radmin\r_server.exe Positive identification: DDoS.RAT.rBot.bhe File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc1.exe Positive identification: Trojan.Win32.StartPage.nk8 File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc8.exe Positive identification: RemoteAdmin.RAdmin 2.2 File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc9.exe Positive identification (DLL): Adware.ToolBar.EliteBar.z1 (dll) File: c:\recycler\s-1-5-21-2000478354-2111687655-842925246-500\dc6\elitesidebar 08.dll Positive identification (DLL): Adware.WebEx (dll) File: c:\winnt\downloaded program files\ieatgpc.dll Positive identification: RAT.Agent.bg Dropper.a File: c:\winnt\system32\lol.exe Positive identification: DDoS.RAT.rBot.btm File: c:\winnt\system32\userinit32.exe