-=PCTechTalk=- Re: trojans/TDS
- From: "Lil Cruz" <lilian1@xxxxxxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Wed, 7 Aug 2002 15:31:45 +0100
Has anyone tried this TDS? There is a 30 day trial, but otherwise $49
bucks... is it worth it?
Lil
----- Original Message -----
From: "pima" <pima@xxxxxxxxxxxxx>
To: <pctechtalk@xxxxxxxxxxxxx>
Sent: Tuesday, August 06, 2002 6:21 AM
Subject: -=PCTechTalk=- Re: trojans
ok......soooo much tech stuff..look at this,,,,ugh! lol
you've tried every anti-virus and anti-trojan scanner you could find, they
all tell you that your system is clean but you know that you are infected
with a trojan! What can you do?
It is normally during these circumstances that your anti-virus\anti-trojan
scanner leaves you on your own... but not TDS. It is virtually impossible to
infect yourself with a trojan without it being visible in the process list,
the autostart registry or auto starting files such as win.ini and
autoexec.bat, and memory objects loaded. TDS is the only anti-trojan system
to take advantage of this and provide you with the tools needed to see
trojans known or unknown in virtually every way possible. No software
program can ever detect every trojan known and unknown, but a trained human
eye can - TDS is the only system to take advantage of this.
When hunting trojans on your system, typically you would shut down all
running programs - this makes it a lot easier to find trojans because there
are less legitimate programs to filter through.
Start in the Process List. A trojan can only be harmful if it is running,
and if it is running it must show in the process list. A manual browse
through the list will show you which programs are running and their various
properties (full path, name, datestamps, etc). In some cases you may be able
to see a trojan straight away using just the Process List.
The next location to look would be the Autostart locations (autostart
registry, autostart files, etc). This is easily done using the Autostart
Explorer (press Ctrl+A in TDS). Again, you're looking for suspicious
entries, entries that shouldn't be there or that you don't know about.
The next location to look would be using Windows Explorer. From the Tools
menu in Explorer, press Find to start the Find utility. Go to the "Date
Modified" tab, and select "Find all files created or modified:" and "During
the previous 1 days" (or longer, if you have some idea as to when the
infection took place).
By now you should have located the trojan, for example C:\WinNT\patch.exe.
Now, still using the Find utility, select "All files" in the Date Modified
tab, then go to the "Advanced" tab and fill in the "Containing text:"
textbox with "patch.exe". Then start a search on your primary drive (usually
C) to find all files that contain the text "patch.exe" - you may find more
than one instance of the trojan.
----- Original Message -----
From: "Alex Denissov" <denissov@xxxxxxxxxxxxxxxxxxxx>
To: "pima" <pctechtalk@xxxxxxxxxxxxx>
Sent: Tuesday, August 06, 2002 1:19 AM
Subject: -=PCTechTalk=- Re: trojans
>
> No, this is internal address of your computer - for example if you are
> a webmaster you gotta set up some server on your mashine - to test
> your project. So - you dont even need to be connected to Inet - just
> typing 127.0.0.1 you get to the server set up un you putta. so - this
> is not an anemy - you are
>
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
