Subscribe RSS
Home > Please Help > Please Help -- TDSS Trojans & Hijackthis Log

Please Help -- TDSS Trojans & Hijackthis Log

Sorry for the thread thing. works fine, until I search and then the page is blank. If for some reason your internet is not working, please press No. Nishant5456 Private E-2 Hey I'm new to Major Geeks but I joined because I see a lot of people's problems being solved. recommended you read

When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes Please include a link to this thread with your request. Companion2008-10-24 06:25 . 2008-10-24 06:25

d-------- C:\ProgramData\Yahoo!

What to do?Hijack this log as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:14:23 PM, on 9/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Log followsCombofix.Txt: ComboFix 08-10-25.01 - Les 2008-10-26 15:32:26.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1670 [GMT -4:00]Running from: C:\Users\Les\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active----------------------------------------------------------------alwarebytes' Anti-Malware Register now!

When I ran repair it fixed the boot and ComboFix completed. Edited by 4me2know, 26 October 2008 - 10:08 PM. If you had run ComboFix, it most likely would have removed the below files you complained about but you can delete them yourself if they let you delete them C:\Documents and I will post ComboFix.txt ASAP.

What do I do to get them back? I can access the 1TB drive, which will not boot.I need to find out how to restore the 1TB drive to the restore point that ComboFix set. Nishant5456, Jan 27, 2010 #2 Nishant5456 Private E-2 Any idea how to solve this? or read our Welcome Guide to learn how to use this site.

If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Attached Files: RRlog.txt File size: 568 bytes Views: 3 File size: 121 KB Views: 4 Nishant5456, Jan 29, 2010 #8 chaslang MajorGeeks Admin - Master Malware Expert Staff Member Nishant5456 By the power of truth, I, while living, have conquered the universe. ~Scratch~My help is always free, but if you want to donate to help me continue my fight against malware Also every time I shut down my computer there is always 1 Update.I don't know what it is but it just comes there EVERY shutdown.Is it the malware?If so let me

P.S. We would not be asking you to run it if there were still problems. Quick note i tried to run maleware again to post the logs file but now it freezes on me when im asked to delete the 3 infected items.Logfile of Trend Micro Billy3 Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?) Back to top #6 4me2know

I also ran:CC Cleaner, NOD32 AV, Ad-Aware SE Plus, AVG Anti Spyware, Stinger and Spybot.After running Spybot, I got an error message that Config.NT was missing from system 32/commandcom. Therefore they should be removed. Live? I hope there are no additional problems caused by ComboFix.I found a windows vista recovery disk iso torent on the Internet, seeded it, downloaded it and burnt it to disk.

Edited by 4me2know, 26 October 2008 - 07:14 PM. Please post that log in your next reply here In your next reply, please include the following:ComboFix.txtBilly3 Edited by Billy O'Neal, 25 October 2008 - 06:41 PM. We would not be asking you to run it if there were still problems. go to this web-site Note the quotes are required "%userprofile%\Desktop\combofix" /uninstall Notes: The space between the combofix" and the /uninstall, it must be there.

I just wanna make sure I am clean. If you are not having any other malware problems, it is time to do our final steps: We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Windows\System32\audiodg.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\ESET\nod32krn.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\System32\WUDFHost.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exeC:\Windows\System32\rundll32.exeC:\Program Files\Windows Media

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Nishant5456 said: ↑ Also every time I shut down my computer there is always 1 Update.I don't know what it is but it just comes there EVERY shutdown.Is it the malware?Click You should have read the sticky/pinned threads since you are causing yourself additional delay by adding unnecessary posts instead of waiting your turn in the queue. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures. This requires experienced hands to restore the system to bootability.There are several malware infections that "target" Combofix.

Also the Win32.TDSS things all have H8SRT files. Simply wait for it to finish.When it finishes, ComboFix will produce a log. Share this post Link to post Share on other sites This topic is now closed to further replies. this Then reboot and Enable System Restore to create a new clean Restore Point.

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-
FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class I think we'll be fine without them. Everyone else please begin a New Topic. Log follows.I did do a Malbytes Anti-Malware scan on the Acer drive and unfortunately it too was infected.

Please continue to check this forum post in order to ensure we get your system completely clean. by Grif Thomas Forum moderator / August 3, 2009 2:43 PM PDT In reply to: Google Redirect , Trojan.TDSS but MBAM & SAS won't fix ..try clicking on the link below I can't even run it! There was 5 more infected that was found after I followed that walkthrough.thanks again!Malwarebytes' Anti-Malware 1.38Database version: 2397Windows 6.0.6001 Service Pack 17/8/2009 6:11:24 PMmbam-log-2009-07-08 (18-11-24).txtScan type: Quick ScanObjects scanned: 80731Time elapsed:


© Copyright 2017 All rights reserved.