Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

backdoor.tidserv!inf removal


  • This topic is locked This topic is locked

#31
Introfeel

Introfeel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
When I ran my antivirus scans it showed the same infection twice. Now it is showing it once and says that the other one has been quarantined. That's progress. Why won't it quarantine the other? Did my virus software update or something because it was saying rewquires manual removal and now it's saying that one of them is quarantined. Yet they seemed to be the same file showing up twice for some reason. I don't get it, but maybe you see this a lot. So far you're a grade AAA geek.
  • 0

Advertisements


#32
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

The last detection was of the infected file in the Combofix quarantine. We'll remove that shorlty but it's safe where it is for now.

Please follow these steps.

-- Step 1 --

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Click the "Download JRE" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

-- Step 4 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.
]
  • 0

#33
Introfeel

Introfeel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4367

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/29/2010 12:55:12 PM
mbam-log-2010-07-29 (12-55-12).txt

Scan type: Quick scan
Objects scanned: 134330
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#34
Introfeel

Introfeel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 29, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 29, 2010 12:28:47
Records in database: 4198134
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 392718
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 06:51:11


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows.old\Windows\System32\drivers\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Qoobox\Quarantine\C\Windows.old\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys.vir Infected: Rootkit.Win32.TDSS.ap 1
C:\Windows.old\Users\Introfeel\Shared\micorsoft word 2007 key.cracked.txet\patch.exe Infected: Trojan.Win32.Pincav.acob 1

Selected area has been scanned.
  • 0

#35
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Congratulations, your computer appears clean :)

Let's remove the tools we've been using after deleting the infected file detected by Kaspersky.

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Windows.old\Users\Introfeel\Shared\micorsoft word 2007 key.cracked.txet\patch.exe
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

-- Step 2 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 3 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.

Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#36
Introfeel

Introfeel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you for your knowledgeable service. I scanned my computer and there are no viruses present. Thank you grade 3A geek.
  • 0

#37
hammerman

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP