We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Trojan Possibly Crashing Avira?
Comments
-
Skip the 'snapshot' part:idea:0
-
-xxxxxxxxxxxxxxxDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
Thanks for the millionth time aliEnRIK! I *think* I've also now managed to run Glary Utilites, but I don't have a log or anything?Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
Run a complete scan with Avira:idea:0
-
Theres something seriously amiss with your computer!
Wait for reluctant, ive no clue what that program does
Mate, sorry for the delay. This programme detects and removes the TDSS family of rootkits.
More and more of these fake anti viral products are coming with this hidden payload.
General signs are that the logs look clean but something is a miss.
From Kaspersky website
The log it produces is very simply. I will run it on mine and post it for you to see.
0 -
I don't think the TDSS thing is working properly on my laptop, I am clicking on the zip link then all files always go into my pop up and I have to double click to extract them. This one isn't the same, my downloads pop up opens the downloads folder so I right clicked to run as administrator and it takes about one second to say it has scanned and not found anything. :huh:
I completely believe you that I have a rootkit hiding on my machine, but I haven't knowingly downloaded any fake anti-viral programmes. I only have programmes as recommended by my father and this site, and I try to download from cnet or filehippo. I wish I knew what I had done wrong to ensure this doesn't happen again as this is a marathon cleanse!
I am running Avira again now.Declutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0 -
I completely believe you that I have a rootkit hiding on my machine, but I haven't knowingly downloaded any fake anti-viral programmes. I only have programmes as recommended by my father and this site, and I try to download from cnet or filehippo. I wish I knew what I had done wrong to ensure this doesn't happen again as this is a marathon cleanse!
Sorry I may have misled you here, never said you had a rootkit - this was just a check to see if you had.
Not sure what problems you are having with the programme - let me have a look and come back to you.0 -
Ok - I have just download tdss again and saved it on to my desktop and extracted the exe file.
A pop up appears, black box, and then disappears.
Have a look on your c drive - right click start button and explore - click on C drive and look for C:\TDSSKiller.todays date and time_log.txt.
Mine looks like this;
20:05:28:904 1336 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
20:05:28:904 1336 ================================================================================
20:05:28:904 1336 SystemInfo:
20:05:28:904 1336 OS Version: 6.0.6002 ServicePack: 2.0
20:05:28:904 1336 Product type: Workstation
20:05:28:904 1336 ComputerName: NANNY-PC
20:05:28:904 1336 UserName: nanny
20:05:28:904 1336 Windows directory: C:\Windows
20:05:28:904 1336 Processor architecture: Intel x86
20:05:28:904 1336 Number of processors: 1
20:05:28:904 1336 Page size: 0x1000
20:05:28:904 1336 Boot type: Normal boot
20:05:28:904 1336 ================================================================================
20:05:28:904 1336 UnloadDriverW: NtUnloadDriver error 2
20:05:28:904 1336 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:05:29:185 1336 Initialize success
20:05:29:185 1336
20:05:29:185 1336 Scanning Services ...
20:05:29:185 1336 wfopen_ex: Trying to open file C:\Windows\system32\config\system
20:05:29:185 1336 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:05:29:185 1336 wfopen_ex: Trying to KLMD file open
20:05:29:185 1336 wfopen_ex: File opened ok (Flags 2)
20:05:29:216 1336 wfopen_ex: Trying to open file C:\Windows\system32\config\software
20:05:29:216 1336 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:05:29:216 1336 wfopen_ex: Trying to KLMD file open
20:05:29:216 1336 wfopen_ex: File opened ok (Flags 2)
20:05:30:043 1336 GetAdvancedServicesInfo: Raw services enum returned 427 services
20:05:30:043 1336 fclose_ex: Trying to close file C:\Windows\system32\config\system
20:05:30:058 1336 fclose_ex: Trying to close file C:\Windows\system32\config\software
20:05:30:058 1336
20:05:30:058 1336 Scanning Kernel memory ...
20:05:30:058 1336 Devices to scan: 1
20:05:30:058 1336
20:05:30:058 1336 Driver Name: atapi
20:05:30:058 1336 IRP_MJ_CREATE : 807C1140
20:05:30:058 1336 IRP_MJ_CREATE_NAMED_PIPE : 8223BA22
20:05:30:058 1336 IRP_MJ_CLOSE : 807C1140
20:05:30:058 1336 IRP_MJ_READ : 8223BA22
20:05:30:058 1336 IRP_MJ_WRITE : 8223BA22
20:05:30:058 1336 IRP_MJ_QUERY_INFORMATION : 8223BA22
20:05:30:058 1336 IRP_MJ_SET_INFORMATION : 8223BA22
20:05:30:058 1336 IRP_MJ_QUERY_EA : 8223BA22
20:05:30:058 1336 IRP_MJ_SET_EA : 8223BA22
20:05:30:058 1336 IRP_MJ_FLUSH_BUFFERS : 8223BA22
20:05:30:058 1336 IRP_MJ_QUERY_VOLUME_INFORMATION : 8223BA22
20:05:30:058 1336 IRP_MJ_SET_VOLUME_INFORMATION : 8223BA22
20:05:30:058 1336 IRP_MJ_DIRECTORY_CONTROL : 8223BA22
20:05:30:058 1336 IRP_MJ_FILE_SYSTEM_CONTROL : 8223BA22
20:05:30:058 1336 IRP_MJ_DEVICE_CONTROL : 807AFA5A
20:05:30:058 1336 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807AFA2C
20:05:30:058 1336 IRP_MJ_SHUTDOWN : 8223BA22
20:05:30:058 1336 IRP_MJ_LOCK_CONTROL : 8223BA22
20:05:30:058 1336 IRP_MJ_CLEANUP : 8223BA22
20:05:30:058 1336 IRP_MJ_CREATE_MAILSLOT : 8223BA22
20:05:30:058 1336 IRP_MJ_QUERY_SECURITY : 8223BA22
20:05:30:058 1336 IRP_MJ_SET_SECURITY : 8223BA22
20:05:30:058 1336 IRP_MJ_POWER : 807AFA88
20:05:30:058 1336 IRP_MJ_SYSTEM_CONTROL : 807BCB70
20:05:30:058 1336 IRP_MJ_DEVICE_CHANGE : 8223BA22
20:05:30:058 1336 IRP_MJ_QUERY_QUOTA : 8223BA22
20:05:30:058 1336 IRP_MJ_SET_QUOTA : 8223BA22
20:05:30:058 1336 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
20:05:30:058 1336 sion
20:05:30:074 1336 C:\Windows\system32\drivers\atapi.sys - Verdict: Clean
20:05:30:074 1336
20:05:30:074 1336 Completed
20:05:30:074 1336
20:05:30:074 1336 Results:
20:05:30:074 1336 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:05:30:074 1336 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:05:30:074 1336 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:05:30:074 1336
20:05:30:074 1336 KLMD(ARK) unloaded successfully
The important bit for me is the bit in bold above0 -
XxxxxxxxxxxxxxxxDeclutterbug-in-progress.⭐️⭐️⭐️ ⭐️⭐️0
-
19:18:56:164 5128 Results:
19:18:56:164 5128 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:18:56:164 5128 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:18:56:164 5128 File objects infected / cured / cured on reboot: 0 / 0 / 0
The above is from your log, you appear to be clean of this too
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.4K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.4K Spending & Discounts
- 247.3K Work, Benefits & Business
- 604.1K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards