[unknownscn]

I ran the fix and here is the fix log and the scan log after the fix, I will try to run combofix now.

[Advertisements]

attachments

Attached Files

•  OTScanIt.Txt   111.81KB   75 downloads
•  afterfix.txt   1.59KB   174 downloads

[unknownscn]

attachments

Attached Files

•  OTScanIt.Txt   111.81KB   75 downloads
•  afterfix.txt   1.59KB   174 downloads

[unknownscn]

LOOKS LIKE COMBOFIX STILL DOES NOT RUN AND WE CANNOT GET INTO SAFE MODE, WE GET MISCELANEOUS BLUE SCREEN ERRORS.

[Essexboy]

Lets try something different

Download Dr.Web CureIt to the desktop:

• Doubleclick the drweb-cureit icon to start the program.
• press start
• Allow the program to run the initial express scan
• This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
  Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
  
• Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
• Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
• During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
  • Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
• Once the scan is complete, on the menu bar, click file and choose report list.
• Save the report to your desktop. The report will be called DrWeb.csv
• Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
• Close Dr.Web Cureit.
• Please post the Dr.Web.txt report in your next reply

[unknownscn]

The quick scan caught a virus called backdoor. tdsserv.14 the complete scan is catching about 5 other related viruses or components related to backdoor tdsserv, I will post the log when it is done. Can you also give me a hand with undoing the registry changes.

[Essexboy]

Thats a for sure

[unknownscn]

Here is the results form the Dr. Web. Problem is still happening, but I bet once we clear the registry this should be it.

Attached Files

•  drweb.txt   1.67KB   188 downloads

[unknownscn]

We just did a reboot and looks like the virus scanner (trendmicro) and the IE are free to lookup any pages it wants. It seems fixed.

[Essexboy]

OK that looks good I would now like you to run MBAM to clear any orphans

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[unknownscn]

The contents of the MBAM logfile are below:

Malwarebytes' Anti-Malware 1.36
Database version: 2059
Windows 5.1.2600 Service Pack 3

4/29/2009 10:26:26 AM
mbam-log-2009-04-29 (10-26-19).txt

Scan type: Quick Scan
Objects scanned: 129305
Time elapsed: 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
E:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
E:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> No action taken.

[Essexboy]

MBAM states no action taken could you re-run MBAM and do the following please

• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[unknownscn]

Looks like this took care of it, thanks for all of your help!!

[Essexboy]

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
• On the dialogue box that appears select Create a Restore Point
• Click NEXT
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
• In the Drop down box that appears select your main drive e.g. C
• Click OK
• The System will do some calculation and the display a dialogue box with TABS
• Select the More Options Tab.
• At the bottom will be a system restore box with a CLEANUP button click this
• Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Secunia Software inspector To check your programme update status
• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.