backdoor.tidserv!inf removal
Started by
Introfeel
, Jul 23 2010 11:04 AM
#31
Posted 28 July 2010 - 02:18 PM
#32
Posted 28 July 2010 - 02:34 PM
Hi,
The last detection was of the infected file in the Combofix quarantine. We'll remove that shorlty but it's safe where it is for now.
Please follow these steps.
-- Step 1 --
Download TFC to your desktop
-- Step 2 --
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-- Step 3 --
-- Step 4 --
Please do an online scan with Kaspersky WebScanner
Click on Accept
You may be promted to install an ActiveX component from Kaspersky, Click Yes.
The last detection was of the infected file in the Combofix quarantine. We'll remove that shorlty but it's safe where it is for now.
Please follow these steps.
-- Step 1 --
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
-- Step 2 --
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-- Step 3 --
- Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
- Click the "Download JRE" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")
-- Step 4 --
Please do an online scan with Kaspersky WebScanner
Click on Accept
You may be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on Settings
- In the scan settings, select the following:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Archives
Scan E-mail databases - Click Save
- Now under ScanSelect My Computer
- This will start the scanning of your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on View Report and then Save Report
- Save the file to your desktop as a text file.
- Copy and paste that information in your next post.
#33
Posted 29 July 2010 - 11:56 AM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4367
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
7/29/2010 12:55:12 PM
mbam-log-2010-07-29 (12-55-12).txt
Scan type: Quick scan
Objects scanned: 134330
Time elapsed: 6 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 4367
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
7/29/2010 12:55:12 PM
mbam-log-2010-07-29 (12-55-12).txt
Scan type: Quick scan
Objects scanned: 134330
Time elapsed: 6 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#34
Posted 29 July 2010 - 08:01 PM
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 29, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 29, 2010 12:28:47
Records in database: 4198134
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 392718
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 06:51:11
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows.old\Windows\System32\drivers\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\Windows.old\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Windows.old\Users\Introfeel\Shared\micorsoft word 2007 key.cracked.txet\patch.exe Infected: Trojan.Win32.Pincav.acob 1
Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 29, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 29, 2010 12:28:47
Records in database: 4198134
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 392718
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 06:51:11
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows.old\Windows\System32\drivers\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\Windows.old\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Windows.old\Users\Introfeel\Shared\micorsoft word 2007 key.cracked.txet\patch.exe Infected: Trojan.Win32.Pincav.acob 1
Selected area has been scanned.
#35
Posted 30 July 2010 - 12:43 AM
Hi,
Congratulations, your computer appears clean
Let's remove the tools we've been using after deleting the infected file detected by Kaspersky.
Please follow these steps.
-- Step 1 --
Run OTL
-- Step 2 --
Follow these steps to uninstall Combofix and tools used in the removal of malware
Here are some measures you can take to ensure that your computer remains clean.
1. Updates
Windows Updates
It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.
Java Updates
As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.
Adobe Updates
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.
Other Updates
Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc
2. Security Programs
Here is a list of security programs that I would recommend.
Firewall
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.
Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.
Antivirus
An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.
AVG
Avira Free
Avast
Anti-Malware
Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.
Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.
Prevention
SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.
Cleaner
ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.
Browser
Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
Congratulations, your computer appears clean
Let's remove the tools we've been using after deleting the infected file detected by Kaspersky.
Please follow these steps.
-- Step 1 --
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files C:\Windows.old\Users\Introfeel\Shared\micorsoft word 2007 key.cracked.txet\patch.exe :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
-- Step 2 --
Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTC to your desktop and run it
- Click Yes to beginning the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Here are some measures you can take to ensure that your computer remains clean.
1. Updates
Windows Updates
It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.
- Click Start
- Select Control Panel
- Click on Automatic (recommended)
- Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
- Click Apply then OK.
Java Updates
As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.
- Click Start
- Select Control Panel
- Select Add or Remove Programs
- Remove all Java updates except the latest one you have just installed.
Adobe Updates
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.
Other Updates
Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc
2. Security Programs
Here is a list of security programs that I would recommend.
Firewall
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.
Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.
Antivirus
An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.
AVG
Avira Free
Avast
Anti-Malware
Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.
Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.
Prevention
SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.
Cleaner
ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.
Browser
Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
#36
Posted 30 July 2010 - 06:29 PM
Thank you for your knowledgeable service. I scanned my computer and there are no viruses present. Thank you grade 3A geek.
#37
Posted 02 August 2010 - 12:26 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users