23621/23615: tidserv activity/tidserv activity 2 detected
Posted 05 July 2011 - 03:53 PM
Posted 06 July 2011 - 12:00 AM
My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:
- Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
- Absence of symptoms does not always mean the computer is clean
- Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
- Please DO NOT run any scans or fix on your own without my direction.
- Please read all of my response through at least once before attempting to follow the procedures described.
- If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
- Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
- You must reply within 3 days or your topic will be closed
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
- Extract the zip file to its own folder.
- Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
- Click Start scan to start scanning.
- If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
- Click Continue button
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Download aswMBR.exe ( 511KB ) to your desktop.
- Double click the aswMBR.exe to run it
- Click the "Scan" button to start scan
- On completion of the scan click save log, save it to your desktop and post in your next reply
Download OTL to your Desktop
- Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.
Please don't forget to include these items in your reply:
- OTL log
- OTL Extras log
- TDSSKiller log
- aswMBR log
Posted 10 July 2011 - 11:24 PM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users