Home > Help My > Help My Pc Is Infected With Win32trojanTDSS

Help My Pc Is Infected With Win32trojanTDSS

Share this post Link to post Share on other sites Fallinangel    New Member Topic Starter Members 11 posts ID: 16   Posted June 13, 2009 okay thanks for your help Back to top #3 Rorschach112 Rorschach112 Advanced Member Volunteer Security Advisor 2180 posts Posted 24 July 2009 - 09:16 PM hiPlease download ComboFix from Here or Here to your Desktop.**Note: In Attached Files ComboFix.txt 59.31KB 166 downloads ComboFix.txt 59.31KB 116 downloads Back to top #5 rtcwplayer rtcwplayer Member Members 11 posts Posted 26 July 2009 - 11:46 AM Hi again, my internet Re: Help!!!

Doesn't it even display when you hover your mouse over it? Join us NOW to receive full access to: Our GeekPolice Chat Room 24/7 hard- and software tech related support Virus and malware removal support Internet connection support Security support Mobile devices It crashes constantly, I can no longer use Internet Explorer, I continuously get fake messages that my PC has been infected with all kinds of virusses, Windows Explorer makes my PC If you are using Firefox, make sure that your download settings are as follows: * Tools->Options->Main tab * Set to "Always ask me where to Save the files".2.

scanning hidden files ... I just noticed that i have two internet explorer on my desktop i did uninstall combo-fix. Several functions may not work.

It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to This applies only to the original topic starter.Everyone else please begin a New Topic. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note) The log is automatically saved by MBAM and can be viewed by That may cause it to stall.............................................................................................Site Admin / GeekPolice Academy Teacher / Security Administrator[You must be registered and logged in to see this link.] - Please PM me if I fail

My computer is slow! Re: Help!!! Waiting for your feedback on how to proceed further. http://www.geekpolice.net/t11580-help-win32trojantdss Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,5d,fe,3a,36,0e, 07,e8,20,c8,28,51,af,b0,29,a3,98,17,1f,67,25,93,f8,60,73,e2,63,26,f1,3f,c8,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,94,c3,06,27,94, 25,ea,b0,71,3b,04,66,8b,46,0d,96,4b,1b,91,86,f0,bb,18,f4,6a,9c,d6,61,af,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,82,b0,f8,c7,a2, 5d,10,fb,25,da,ec,7e,55,20,c9,26,03,ae,ad,f9,01,21,21,91,ff,7c,85,e0,43,d4,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c4,d4,32,2d,c7, 18,88,c9,3e,1e,9e,e0,57,5a,93,61,5e,27,e7,54,fb,8f,ec,45,86,8c,21,01,be,91,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,70,4a,c8,10,ec, 24,b0,06,cd,44,cd,b9,a6,33,6c,cd,85,66,c1,65,85,40,b7,94,f5,1d,4d,73,a8,13,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f5,7b,0f,79,3d, c4,9c,23,b0,18,ed,a7,3f,8d,37,a4,48,db,a5,1c,16,12,1f,f7,df,20,58,62,78,6b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,3e,5c,1f,6d,12, 0c,af,66,31,77,e1,ba,b1,f8,68,02,3a,47,1b,c7,75,bd,ff,69,fb,a7,78,e6,12,2f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,be,8a,80,7c,9b, 01,aa,46,83,6c,56,8b,a0,85,96,ab,a8,1f,02,22,88,92,8b,e3,01,3a,48,fc,e8,04,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,84,79,1c,1c,d9, 3f,cc,44,51,fa,6e,91,28,9e,14,cc,b2,f7,4b,16,b0,a3,7a,76,f6,0f,4e,58,98,5b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,d6,95,04,a5,6f, d8,1f,65,b1,cd,45,5a,a8,c4,f8,b9,c1,15,df,81,4a,91,2d,b5,3d,ce,ea,26,2d,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,cf,4e,be,11,52, 3d,c0,fd,e3,0e,66,d5,eb,bc,2f,6b,7c,1b,c7,c1,c7,b4,41,e0,2a,b7,cc,b5,b9,7f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,41,0e,cf,7a,3c, a0,3c,ac,fa,ea,66,7f,d4,3b,6b,70,f7,a9,eb,9c,ff,b4,40,7e,6c,43,2d,1e,aa,22,\.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - You been helpful any more advice? Win32trojanTDSS#76304speedypNovice Posts : 19OS : xpRubies : 27711Likes : 0 speedyp on 18th July 2009, 1:31 amComboFix 09-07-14.08 - test 07/15/2009 14:58.1.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.589 [GMT -4:00]Running from: Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started

Share this post Link to post Share on other sites Fallinangel    New Member Topic Starter Members 11 posts ID: 8   Posted June 13, 2009 Hello and thanks for your https://forums.malwarebytes.com/topic/17349-packedgeneric200win32trojantdss-help/ Re: Help!!! please understand that i don't have the money to have it fixed if i mess something up or if something bad goes wrong.. You guys are frick-in' awesome!!!!!!!!!

Keep in mind that Norton Internet security causes a huge delay as wellThe 2 IE icons on your desktop is because Combofix added one there as well (attempt to restore the Share this post Link to post Share on other sites Fallinangel    New Member Topic Starter Members 11 posts ID: 12   Posted June 13, 2009 okay let me look around I performed the suggested actions in order to resolve the detections and got a message from ThreatWork saying that it could not find any files to submit. Close any open browsers.6.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerAlso uninstall the Ask Toolbar, because this one is unwanted as HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?9?7?1??????? ???B???????????????B? ?????? Open HijackThis. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Why wait? They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled.

I have no clue how it got onto my PC and I am unable to get rid of it by using Ad-Aware.

Once the program has loaded, select "Perform Quick Scan", then click Scan. Please find the scan log in attachment. Share this post Link to post Share on other sites This topic is now closed to further replies. All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs packed.generic.200/win32trojantdss help Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc.

I am not to sure about these kind of things but i did fallow the link MBAM wont install or will not run. - CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC I seen the tdss This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. I was not able to install the HijackThis tool. When I scan my pc it comes up, but tells me that it will be removed after a reboot, but it is still there.

This is the nastiest virus infection I have ever come across in my life and I'm getting quite desperate and frustrated. scanning hidden autostart entries ... Step 3 : do a scan using Ad-Aware --------------------------------- I did a SmartScan which detected some cookies and the win32Trojan.Tdss virus. Not even when I try in Safe Mode.

Allow ComboFix to download the Recovery Console. Started by rtcwplayer , Jul 24 2009 12:35 AM This topic is locked 18 replies to this topic #1 rtcwplayer rtcwplayer Member Members 11 posts Posted 24 July 2009 - 12:35 Make sure that everything is checked, and click Remove Selected. If anything else comes up i will let you know thanks again for your help i just hope that this is over its very stressfull to know you have a virus

Think I'll have to contact my internet provider again, but if you could give me some advise on how to re-establish my internet connection I would greatly appreciate it. Apparantly my network card is unable to get a new IP from the cable modem. Absolutely FREE of any charge! and the ask tool bar was put there by norton on one of nortons updates.

I have to use my work pc to post on this forum. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.Happy Surfing again! I am posting the log file from hijackthis.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:13 PM, on 7/11/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program