We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
I have a serious infection
Options
Comments
-
Have you got those discs yet?
0 -
Omg.. im in normal mode :beer: and its working perfectly so far and did the job in seconds...:T
Im not so sure that my system is quite clean yet though as iv'e just has this come up... i'll run another Mbam scan a little later to see if it will sniff out the cling-on's. lol
0 -
Post the TDSSKiller log - It'll be a text file at the root of the C: drive.0
-
It wouldn't allow me to post the full log so i deleted the driver,sys part of the log as they all came back as ok. would only allow me 25000 words max in one post16:45:18.0327 3840 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
16:45:18.0515 3840 ============================================================
16:45:18.0515 3840 Current date / time: 2011/09/27 16:45:18.0515
16:45:18.0515 3840 SystemInfo:
16:45:18.0515 3840
16:45:18.0515 3840 OS Version: 6.1.7601 ServicePack: 1.0
16:45:18.0515 3840 Product type: Workstation
16:45:18.0515 3840 ComputerName: ***
16:45:18.0515 3840 UserName: ***
16:45:18.0515 3840 Windows directory: C:\Windows
16:45:18.0515 3840 System windows directory: C:\Windows
16:45:18.0515 3840 Processor architecture: Intel x86
16:45:18.0515 3840 Number of processors: 2
16:45:18.0515 3840 Page size: 0x1000
16:45:18.0515 3840 Boot type: Safe boot with network
16:45:18.0515 3840 ============================================================
16:45:20.0106 3840 Initialize success
16:45:22.0836 1416 ============================================================
16:45:22.0836 1416 Scan started
16:45:22.0836 1416 Mode: Manual;
16:45:22.0836 1416 ============================================================
16:45:52.0554 1416 \Device\Harddisk0\DR0\Partition0 - ok
16:45:52.0585 1416 Boot (0x1200) (d6cf56a34a97363be3c2a4a15c991356) \Device\Harddisk0\DR0\Partition1
16:45:52.0585 1416 \Device\Harddisk0\DR0\Partition1 - ok
16:45:52.0585 1416 ============================================================
16:45:52.0585 1416 Scan finished
16:45:52.0585 1416 ============================================================
16:45:52.0616 3616 Detected object count: 1
16:45:52.0616 3616 Actual detected object count: 1
16:46:32.0240 3616 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
16:46:32.0240 3616 \Device\Harddisk0\DR0 - ok
16:46:32.0240 3616 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
16:46:39.0479 3048 Deinitialize success
[/QUOTE0 -
Just want to say A BIG thanks to everyone for their help and input. I realy was thinking that i had to format the HD and then re install all my software.
Think i'll head over to the other forum to sing your praises.. lol
They system is running nice and smooth now, as it was before the infestation. Its taken 3 days but we got there in the end.. Thanks again guys..0 -
No more redirections/ads like the one in post #53?0
-
No more redirections/ads like the one in post #53?
Yes i had a cpl more so run a mbam qick scan.Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7809
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
27/09/2011 17:12:11
mbam-log-2011-09-27 (17-12-11).txt
Scan type: Quick scan
Objects scanned: 160689
Time elapsed: 4 minute(s), 19 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\program files\wintask.exe (Trojan.Agent) -> 2404 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WORT (Trojan.Vilsel) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wintask (Trojan.Agent) -> Value: wintask -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\wintask.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I deleted them from mbam quarantine, rebooted and running like a wet dream new system :rotfl:0 -
good news, but just before you finish......
go to Computer, right-click on your hdd and do a disk cleanup (or run CCleaner if you have it, both cleaner and registry cleaner parts), and as a final belt'n'braces I'd run combofix to ensure the last of the carp is blitzed ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
...and then go to windows update, it looks like you're at least a service pack behind
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
I'm not convinced you are clean. The TDSS rootkit was removed but I've not seen anything yet to say that zero access has. The detections by mbam look like fresh malware.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards