Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 28th, 2008, 1:29pm
   Mischel Internet Security Forum
   Other Products
   Trojan Simulator (Moderators: Helena, Gavin_Coe, Magnus)
   Wont Uninstall		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Wont Uninstall  (Read 2459 times)
Untouchable J
Full Member
***



TH owns trojans!

   


Gender: male
 Posts: 120
Wont Uninstall
« on: Jul 17th, 2004, 5:34am »		 Quote Quote  Modify Modify
Quote:
and clicking the Uninstall button will remove the registry entry  
and unload all copies of the demo server from memory.

 
When I click uninstall nothing happens..and its still detected in my system registry by TH. How can I remove?
IP Logged
DC
Veteran
*****



I love YaBB 1G - SP1!

   


Posts: 567
Re: Wont Uninstall
« Reply #1 on: Jul 17th, 2004, 6:08am »		 Quote Quote  Modify Modify
Hi Jrshaw, check the folder that you unzipped Trojan Simulator into. TSServ.exe should have extension .tcf added as well as a red crossed circle on top of a bug as long as you let the Guard fix it. If you don't let the Guard fix it the Guard will keep popping up until you do allow it to fix it. Check task Manager, you'll see that it is not running after it's been detected and cleaned. After a full scan the zipped Trojan Simulator will be detected but can't be cleaned because it's in a zip folder. I leave one in a folder on my desktop and get alerted of its presence each time I do a full scan, it's harmless and lets me know TrojanHunter is working properly.
HTH
IP Logged
Untouchable J
Full Member
***



TH owns trojans!

   


Gender: male
 Posts: 120
Re: Wont Uninstall
« Reply #2 on: Jul 19th, 2004, 1:14am »		 Quote Quote  Modify Modify
I checked the TSServc.exe and saw that its a TCF file (with the same .exe extension) and the bug is crossed out with the red circle thingy and is not running in my TM. I also see what your saying about the zipped file being detected:
 
Found trojan file: C:\Downloads\Programs\TrojanSimulator.zip/TSServ.exe/4zeftSV.exe (TrojanSimulator.100)
Found trojan file: C:\Downloads\Programs\TrojanSimulator.zip/TSServ.exe/4zeftSV.exe (Trojan Simulator)
Found trojan file: C:\Downloads\Programs\TrojanSimulator.zip/TSServ.exe (TrojanSimulator.100)
 
but Trojanhunter still saying that the simulator is still in my registry:
 
Registry value exists: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TrojanS imulator (matches TrojanSimulator.100)
 
I guess I should just clean that with TH? I just want the simulator to uninstall from my computer properly...and since the uininstall button dont work I guess I would have to remove it manually. I know all of this is harmless...but I just want it removed
IP Logged
DC
Veteran
*****



I love YaBB 1G - SP1!

   


Posts: 567
Re: Wont Uninstall
« Reply #3 on: Jul 19th, 2004, 11:07am »		 Quote Quote  Modify Modify
on Jul 19th, 2004, 1:14am, Jrshaw62 wrote:
I guess I should just clean that with TH?

 
Yes, after you recieve the Trojan Alert from the Guard the screen also say's "After this, you should immediately start TrojanHunter and run a full scan". We know that we aren't dealing with an actual destructive trojan here so to save time a quick scan will work to clean the registry entry.
   
on Jul 19th, 2004, 1:14am, Jrshaw62 wrote:
since the uininstall button dont work I guess I would have to remove it manually. I know all of this is harmless...but I just want it removed

 
I think the problem you're encountering here is that it's already been disabled by fixing it with the Guard. Try this and see if it works for you. Turn off the Guard. Go to the folder where you have unzipped Trojan Simulator. Delete the .tcf extension from TSServ.exe and then use the TrojanSimulator.exe to install it again. Now try using the uninstall button. It should work as none of the components have been disabled/cleaned. Don't forget to re-enable the Guard afterwards.
 
A good free program to check out is Mike Lin's StartupMonitor. It will notify you when a program tries to register itself to run at system startup and give you the option of allowing it or not.  
 
http://www.mlin.net/StartupMonitor.shtml
IP Logged
Untouchable J
Full Member
***



TH owns trojans!

   


Gender: male
 Posts: 120
Re: Wont Uninstall
« Reply #4 on: Jul 20th, 2004, 2:08am »		 Quote Quote  Modify Modify
Quote:
We know that we aren't dealing with an actual destructive trojan here so to save time a quick scan will work to clean the registry entry.  

 
Ran a quick scan and cleaned the registry entry Grin
 
Quote:
Delete the .tcf extension from TSServ.exe and then use the TrojanSimulator.exe to install it again.

 
Sorry but can you explain how to do this? When I check the properties for the file the only extension I see is .exe but it does in fact says TCF as the type of file.  
 
Quote:
A good free program to check out is Mike Lin's StartupMonitor.

 
Thanks I will add that to my computer...Can you also recommend a good free utilty that shows all the active ports and my computer and what program is using it?
 
Thanks
 
-J
 
 
 
 
IP Logged
DC
Veteran
*****



I love YaBB 1G - SP1!

   


Posts: 567
Re: Wont Uninstall
« Reply #5 on: Jul 20th, 2004, 12:05pm »		 Quote Quote  Modify Modify
on Jul 20th, 2004, 2:08am, Jrshaw62 wrote:
 
Ran a quick scan and cleaned the registry entry Grin  

 
Great, if you're also using StartupMonitor a screen will pop up to let you know that a program is trying to add a startup registry entry. It's a good "first alert" type of program to let you know somethings going on.
 
on Jul 20th, 2004, 2:08am, Jrshaw62 wrote:
 
Sorry but can you explain how to do this? When I check the properties for the file the only extension I see is .exe but it does in fact says TCF as the type of file.  

 
Rather than unzip another copy of TrojanSimulator you can just delete the .tcf extension that is added onto TSServ.exe after it is cleaned by TrojanHunter and use it again. To do this left click once on the bug with the red circle (TSServ.exe.tcf) to highlight it. Left click again and there should be a box around it and it should still be highlighted. Left click one more time and you will see the curser blinking. Drag your curser over the .tcf extension to highlight it then hit the delete key/button. You can also set the blinking curser at the end of TSServ.exe.tcf and use the backspace key to get rid of the .tcf extension. Another way is to right click on the file select rename then left click and then highlight and delete or set the curser at the end and backspace. To try using the uninstall button follow the directions in my previous post. Don't forget to re-enable the Guard afterwards.
 
on Jul 20th, 2004, 2:08am, Jrshaw62 wrote:

Can you also recommend a good free utilty that shows all the active ports and my computer and what program is using it?  

 
Here are a couple of free ones.  
 
Active Ports      
http://www.protect-me.com/freeware.html
 
DiamondCS OpenPorts      
http://www.diamondcs.com.au/openports/
IP Logged
DC
Veteran
*****



I love YaBB 1G - SP1!

   


Posts: 567
Re: Wont Uninstall
« Reply #6 on: Jul 20th, 2004, 12:37pm »		 Quote Quote  Modify Modify
on Jul 20th, 2004, 2:08am, Jrshaw62 wrote:

Sorry but can you explain how to do this? When I check the properties for the file the only extension I see is .exe but it does in fact says TCF as the type of file.  

 
Do you have "Hide extensions for known file types" unchecked in Folder options? It should be set this way for security reasons. I also have "Show hidden files and folders" checked as well as "Hide protected operating system files (Recommended)" unchecked.
IP Logged
Untouchable J
Full Member
***



TH owns trojans!

   


Gender: male
 Posts: 120
Re: Wont Uninstall
« Reply #7 on: Jul 22nd, 2004, 4:21am »		 Quote Quote  Modify Modify
Yup it was because I had "Hide extensions for known file types" checked. I unchecked it and followed all your directions and TS uninstalled without any problem. Spybot's teatimer also alerted me that the startup entry was removed. All that remains is TS in my system volume which I will remove after I reset my System Restore.  
 
Thanks for the help and the suggestions!
 
-J
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register