Tech Support Forum - View Single Post - From Cumberland Mike & Dialing DSL

Cumberland Mike · 05-07-2005, 08:28 AM

Hi,

I downloaded, installed, updated & ran TDS as requested. I could not scan my D drive though ... everytime I tried it would run for a few minutes and then completely shut down my computer. I set TDS to scan everything except D: top of screen results are
======================================
======================================

10:15:42 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
10:15:42 [Init] Started 07-05-05 10:15:42 Eastern Standard Time (UTC: 5), Internet Time @635.90
10:15:42 [Init] Loading TDS-3 Systems ...
10:15:42 [Init] • Priority : OK.
10:15:42 [Init] Token successfully adjusted.
10:15:42 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
10:15:42 [Init] • Plugins : OK. Loaded 13
10:15:42 [Init] • Exec Protection : Not Installed
10:15:42 [Init] WARNING: Your Radius.TD3 database needs to be updated!
10:15:42 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
10:15:42 [Init] Licensed users can use the Update facility from the TDS menu
10:15:42 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
10:15:47 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
10:15:47 [Init] • Systems Initialised [54077 references - 27887 primaries/13961 traces/12229 variants/other]
10:15:47 [Init] Radius Systems loaded. <Databases updated 05-05-2005>
10:15:47 [Init] TDS-3 Ready. <Windows@192.168.2.3, 127.0.0.1 - United States>
10:15:47 [Tip Of The Day] If you're suspicious about a certain file, use the String Extractor (from the Utilities menu). This will run through the file and strip out ANSI strings of 5 characters or more in length, enabling you in some cases to get a better 'view' of the file.
10:15:47 [TDS] Good morning Windows.
10:15:50 [Mutex Memory Scan] Started...
10:15:51 [Mutex Memory Scan] Finished (no trojan mutexes found).
10:15:51 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
10:31:44 [File Scan] Scanning in C:\ ...
11:05:46 [File Scan] Scanned 43453 files: 6 alarms in 2042.406 seconds (Avg 22.28 files/sec)
11:07:57 [Memory Scan] Memory scan started, please wait a moment ...
11:07:59 [Memory Scan] Memory scan complete.
11:07:59 [Mutex Memory Scan] Started...
11:08:01 [Mutex Memory Scan] Finished (no trojan mutexes found).
11:08:01 [Trace Scan] Started...
11:08:22 [Trace Scan] Finished.
11:08:22 [ServiceScan] Scanning for services and drivers ...
11:08:24 [CRC32] Started - verifying 29 files ...
11:08:24 [CRC32] File doesn't exist: C:\autoexec.bat
11:08:26 [CRC32] Test finished.
11:08:31 [ServiceScan] Scanned 305 services and drivers.
11:08:31 [Scan] Finished.

===========================================
===========================================

Scandump of bottom of screen:

Scan Control Dumped @ 11:26:43 07-05-05
Suspicious Filename: Dual extensions
File: c:\documents and settings\windows\desktop\mike\bittorrent-4.0.1.exe

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

Positive identification: Riskware.ProcessRestart
File: c:\program files\kodak\kodak software updater\7288971\6.3.2.62-7288971l\program\restart.exe

Positive identification: Riskware.ProcessRestart
File: c:\program files\logitech\desktop messenger\8876480\6.1.4.36-8876480l\program\restart.exe

Positive identification: RAT.Small.eo
File: c:\windows\system32\hwclock.0xe

Positive identification (DLL): Adware.WildTangent.b (dll)
File: c:\windows\wt\wtvh.dll

===========================================
============================================

I didn't do or change anything pending your advise.

Thanks again!

Mike

05-07-2005, 08:28 AM	#7 (permalink)
Cumberland Mike Registered User Join Date: May 2005 Location: Rhode Island, USA Posts: 26 OS: WinXP	TDS3 update Hi, I downloaded, installed, updated & ran TDS as requested. I could not scan my D drive though ... everytime I tried it would run for a few minutes and then completely shut down my computer. I set TDS to scan everything except D: top of screen results are ====================================== ====================================== 10:15:42 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 10:15:42 [Init] Started 07-05-05 10:15:42 Eastern Standard Time (UTC: 5), Internet Time @635.90 10:15:42 [Init] Loading TDS-3 Systems ... 10:15:42 [Init] • Priority : OK. 10:15:42 [Init] Token successfully adjusted. 10:15:42 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 10:15:42 [Init] • Plugins : OK. Loaded 13 10:15:42 [Init] • Exec Protection : Not Installed 10:15:42 [Init] WARNING: Your Radius.TD3 database needs to be updated! 10:15:42 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 10:15:42 [Init] Licensed users can use the Update facility from the TDS menu 10:15:42 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 10:15:47 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 10:15:47 [Init] • Systems Initialised [54077 references - 27887 primaries/13961 traces/12229 variants/other] 10:15:47 [Init] Radius Systems loaded. <Databases updated 05-05-2005> 10:15:47 [Init] TDS-3 Ready. <Windows@192.168.2.3, 127.0.0.1 - United States> 10:15:47 [Tip Of The Day] If you're suspicious about a certain file, use the String Extractor (from the Utilities menu). This will run through the file and strip out ANSI strings of 5 characters or more in length, enabling you in some cases to get a better 'view' of the file. 10:15:47 [TDS] Good morning Windows. 10:15:50 [Mutex Memory Scan] Started... 10:15:51 [Mutex Memory Scan] Finished (no trojan mutexes found). 10:15:51 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 10:31:44 [File Scan] Scanning in C:\ ... 11:05:46 [File Scan] Scanned 43453 files: 6 alarms in 2042.406 seconds (Avg 22.28 files/sec) 11:07:57 [Memory Scan] Memory scan started, please wait a moment ... 11:07:59 [Memory Scan] Memory scan complete. 11:07:59 [Mutex Memory Scan] Started... 11:08:01 [Mutex Memory Scan] Finished (no trojan mutexes found). 11:08:01 [Trace Scan] Started... 11:08:22 [Trace Scan] Finished. 11:08:22 [ServiceScan] Scanning for services and drivers ... 11:08:24 [CRC32] Started - verifying 29 files ... 11:08:24 [CRC32] File doesn't exist: C:\autoexec.bat 11:08:26 [CRC32] Test finished. 11:08:31 [ServiceScan] Scanned 305 services and drivers. 11:08:31 [Scan] Finished. =========================================== =========================================== Scandump of bottom of screen: Scan Control Dumped @ 11:26:43 07-05-05 Suspicious Filename: Dual extensions File: c:\documents and settings\windows\desktop\mike\bittorrent-4.0.1.exe Positive identification (DLL): Adware.MiniBug (dll) File: c:\program files\aws\weatherbug\minibugtransporter.dll Positive identification: Riskware.ProcessRestart File: c:\program files\kodak\kodak software updater\7288971\6.3.2.62-7288971l\program\restart.exe Positive identification: Riskware.ProcessRestart File: c:\program files\logitech\desktop messenger\8876480\6.1.4.36-8876480l\program\restart.exe Positive identification: RAT.Small.eo File: c:\windows\system32\hwclock.0xe Positive identification (DLL): Adware.WildTangent.b (dll) File: c:\windows\wt\wtvh.dll =========================================== ============================================ I didn't do or change anything pending your advise. Thanks again! Mike